Files
awoooi/docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md
Your Name 1591969578
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 5m32s
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
fix(security): align alert guards with controlled apply
2026-06-26 19:30:49 +08:00

357 lines
69 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IwoooS 高價值配置控管清冊
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-12 |
| 狀態 | `inventory_and_classification_gate_ready` |
| 範圍 | AWOOOI / IwoooS 全產品重要配置 |
| 本階段模式 | source-control 修補 + 只讀盤點,不做 live reload / restart / sync |
| 覆蓋矩陣 | `docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md` |
| 覆蓋 snapshot | `docs/security/high-value-config-control-coverage.snapshot.json` |
| runtime gate | `0` |
## 0. 核心結論
目前 IwoooS 的資安範圍不能只看程式碼漏洞必須把「能改變公開入口、部署、憑證、告警、資料、備份、AI provider、agent 行為與跨產品路由」的配置全部納入控管。
本次盤點後,配置控管分為四級:
| 等級 | 定義 | 處理速度 | 例子 |
|------|------|----------|------|
| C0 | 立即影響公開入口、權限、secret、部署或遠端執行 | 立即納管,先止血再補 owner gate | Nginx public gateway、TLS、secret、workflow、runner、K8s prod、ArgoCD、backup credential |
| C1 | 會影響監控、資料、供應鏈、AI provider 或主機維護 | 近程納管,建立 drift 與維護窗口 | Prometheus、Alertmanager、Docker Compose、PostgreSQL、Redis、MinIO、Ollama、Kali、WireGuard |
| C2 | 產品 runtime、admin、API、webhook、frontend build 或跨產品 route | 隨產品變更納管 | AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan、VTuber |
| C3 | 文件、runbook、template、snapshot 與證據索引 | 持續納管,避免範例變成可複製風險 | `SERVICE-ENDPOINTS.md`、DR runbook、owner response template |
### 0.1 2026-06-11 覆蓋矩陣狀態
`high_value_config_control_coverage_v1` 已把高價值配置控管從文字清冊推進成可重跑 snapshot。這份 snapshot 直接讀取 `scripts/security/high-value-config-change-gate.py``CATEGORIES`,避免長期清冊與變更 Gate 漂移。
| 指標 | 目前值 | 邊界 |
|------|--------|------|
| 註冊配置類別 | `14` | 代表已進 Gate 分類,不代表已批准 |
| C0 類別 | `8` | Nginx、DNS / TLS、K8s、secret、workflow / runner、runtime config、backup、agent-bounty runtime |
| C1 類別 | `4` | 監控、Docker / systemd、SSH / network、AI provider |
| 平均只讀控管成熟度 | `71%` | 只代表框架 / evidence / owner packet / acceptance ledger / source guard / post-incident readback 準備度 |
| 需要 live evidence 類別 | `9` | 只能等 owner-provided redacted evidence 或維護窗口,不主動 SSH、不改 route / CORS / env / backup |
| owner response required | `14` | owner response received / accepted 仍 `0 / 0` |
| runtime gate | `0` | 不提供執行按鈕 |
低成熟與高風險追蹤優先順序為 Docker Compose / systemd、SSH / network、backup / restore、monitoring / alerting。這些是下一波 owner response / live evidence 收件準備的追蹤順序,不代表可以 restart、reload、scan 或收 secret value。
### 0.2 2026-06-11 Docker / systemd repo-only 清冊
`host_service_config_inventory_v1` 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入只讀 snapshot。清冊目前共有 `9` 個 surface、`5` 個 host scope、`3` 個 write-capable surface、`2` 個 repair-bot whitelist 與 `1` 個 systemd restart surface讓 Docker / systemd 類別成熟度從 `42%` 推進到 `50%`
此更新仍不是 live host truth110 / 188 live hash、restart window、rollback owner、post-check 指標與 owner response received / accepted 全部仍為 `0`,也不得執行 `docker compose``systemctl`、repair-bot、Ansible apply 或任何 SSH 讀寫。
2026-06-14 已新增 `docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md``docs/security/host-service-owner-request-draft.snapshot.json`,將 9 個 Docker / systemd / host service surface 轉成人工送件前 owner request draft。固定 `drafts=9``write_capable=3``live_evidence_required=8``owner_fields=12``blocked_actions=14`,但 request sent、owner response received / accepted、live evidence、restart window、rollback owner、host write、runtime gate 仍全部為 `0 / false`
### 0.3 2026-06-11 SSH / network access repo-only 清冊
`ssh_network_access_inventory_v1` 已把 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 納入只讀 snapshot。清冊目前共有 `16` 個 surface、`11` 個 SSH source surface、`6` 個 write-capable surface、`2` 個 NetworkPolicy、`2` 個 NodePort、`1` 個 sudoers surface 與 `1` 個 WireGuard surface讓 SSH / network 類別成熟度從 `48%` 推進到 `54%`
2026-06-14 已新增 `docs/security/SSH-NETWORK-OWNER-REQUEST-DRAFT.md``docs/security/ssh-network-owner-request-draft.snapshot.json`,將 16 個 SSH / network access surface 轉成人工送件前 owner request draft。固定 `drafts=16``write_capable=6``live_evidence_required=16``owner_fields=13``blocked_actions=16`,但 request sent、owner response received / accepted、live access state、firewall / port change、NetworkPolicy apply、NodePort change、WireGuard change、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 已新增 `docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/ssh-network-owner-response-acceptance.snapshot.json`,將 16 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=16``write_capable=6``live_evidence_required=16``owner_fields=13``reviewer_checks=15``outcome_lanes=7``blocked_actions=22`,讓 SSH / network 類別成熟度從 `54%` 推進到 `58%`;但 owner response received / accepted、live access state、host key pinning、port policy、firewall owner、NetworkPolicy / NodePort、WireGuard cutover、SSH、keyscan、known_hosts patch、firewall / port 變更、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 再新增 `docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md``docs/security/port-firewall-change-evidence-acceptance.snapshot.json`,將 14 個端口 / 防火牆 / NodePort / NetworkPolicy / WireGuard / deploy SSH / sudo / alert action surface 轉成變更證據驗收只讀帳本。固定 `candidates=14``write_capable=6``policy_or_exposure=5``evidence_fields=40``required_evidence_fields=21``reviewer_checks=21``outcome_lanes=9``blocked_actions=28`,並納入事故嚴重度、服務健康影響、通知證據、恢復時間與 break-glass 回補欄位,讓 SSH / network 類別成熟度從 `58%` 推進到 `62%`;但 change evidence received / accepted、actor identified、before / after state、service health impact accepted、operator notification accepted、cross-project sync、post-check evidence、firewall / port 變更、route smoke、host restart、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 再新增 `docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md``docs/security/ssh-network-post-incident-readback-plan.snapshot.json`,把 14 個端口 / 防火牆事故 surface 補成 post-incident readback plan。固定 `readback_candidates=14``write_capable=6``policy_or_exposure=5``readback_fields=30``required_readback_fields=24``reviewer_checks=24``outcome_lanes=10``blocked_actions=34`,並要求 actor、before / after、service / public route / AI provider / monitoring impact、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation讓 SSH / network 類別成熟度從 `62%` 推進到 `64%`;但 readback received / accepted、actor attribution accepted、before / after accepted、impact accepted、notification accepted、cross-project sync accepted、restoration accepted、recurrence guard accepted、host write、runtime gate 仍全部為 `0 / false`
### 0.3a 2026-06-15 K8s / ArgoCD GitOps 變更證據驗收
`k8s_argocd_change_evidence_acceptance_v1` 已把 `awoooi_prod``argocd``velero``monitoring` 四個 scan group 轉成 GitOps 變更證據驗收只讀帳本。固定 `candidates=4``c0=3``write_capable=4``required_evidence_fields=18``reviewer_checks=18``outcome_lanes=8``blocked_actions=28`,讓 K8s / ArgoCD 類別成熟度從 `62%` 推進到 `64%`
此更新只表示 proposed commit、rendered manifest diff、ArgoCD app / sync revision、health before / after、rollout status、route smoke、metrics / alert、secret metadata parity、blast radius、maintenance window、rollback revision 與 postcheck owner 已有收件驗收規則change evidence received / accepted、runtime approval package、ArgoCD API read、ArgoCD sync、kubectl action、Helm upgrade、NetworkPolicy apply、NodePort change、RBAC change、live cluster read、production write、runtime gate 仍全部為 `0 / false`
### 0.3b 2026-06-15 K8s / ArgoCD 事故後回讀計畫
`k8s_argocd_post_incident_readback_plan_v1` 已把同一批 `awoooi_prod``argocd``velero``monitoring` 四個 scan group 轉成事故後回讀計畫。固定 `readback_candidates=4``c0=3``c1=1``write_capable=4``readback_fields=36``required_readback_fields=31``reviewer_checks=28``outcome_lanes=10``blocked_actions=41`,讓 K8s / ArgoCD 類別成熟度從 `64%` 推進到 `66%`
此更新只表示 ArgoCD health / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / Secret metadata、public/admin route、AI provider / monitoring、backup / restore、operator notification、cross-project sync、recovery / still degraded、postcheck、recurrence guard 與 no-false-green 已有脫敏回讀欄位與審查分流post-incident readback received / accepted、ArgoCD API read、ArgoCD sync、live cluster read、kubectl action、Helm action、NetworkPolicy / NodePort / RBAC 變更、secret value collection、route smoke、production write、runtime gate 仍全部為 `0 / false`
### 0.3c 2026-06-15 CD / Runner / Secret 注入變更證據驗收
`cd_runner_secret_injection_change_evidence_acceptance_v1` 已把 CD pipeline、Code Review、Deploy alerts、Runner attestation 與 Repository secret name parity / injection owner 轉成 metadata-only 變更證據驗收只讀帳本。固定 `candidates=5``c0=4``c1=1``write_capable=5``workflow_files=33``referenced_secret_names=42``runner_labels=5``required_evidence_fields=19``reviewer_checks=19``outcome_lanes=8``blocked_actions=32`
此更新讓 `secret_metadata` 類別成熟度從 `66%` 推進到 `68%`,讓 `gitea_workflow_runner_source_control` 類別成熟度從 `70%` 推進到 `72%`。它只表示 workflow diff、runner owner attestation、secret name parity、secret injection route、Gitea run readback、guard result、rollback owner 與 post-check evidence 已有收件驗收規則workflow 修改、workflow dispatch、runner 啟用 / 重啟、GitHub hosted runner、secret value / hash / partial token 收集、secret store read、secret 建立 / 更新 / rotate / 刪除、webhook 修改、deploy key 修改、branch protection / CODEOWNERS 修改、refs sync、force push、GitHub primary switch、Gitea 停用、production deploy、runtime gate 仍全部為 `0 / false`
### 0.3c-1 2026-06-16 CD / Runner / Secret 注入事故後回讀計畫
`cd_runner_secret_injection_post_incident_readback_plan_v1` 已把同一批 CD pipeline、Code Review、Deploy alerts、Runner attestation 與 Repository secret name parity / injection owner 轉成事故後回讀計畫。固定 `candidates=5``c0=4``c1=1``write_capable=5``readback_fields=44``required_readback_fields=33``reviewer_checks=30``outcome_lanes=11``blocked_actions=52`
此更新讓 `secret_metadata` 類別成熟度從 `68%` 推進到 `70%`,讓 `gitea_workflow_runner_source_control` 類別成熟度從 `72%` 推進到 `74%`。它只表示 workflow diff state、runner attestation、executor / host、workspace cleanup、permission scope、secret name parity、secret injection route、step-env secret guard、log redaction、deploy marker / Gitea run、webhook / notification receipt、before / after deploy state、cross-project sync、rollback、post-check、post-change monitoring、recurrence guard 與 no-false-green 已有事故後脫敏回讀欄位post-incident readback received / accepted、workflow 修改、workflow dispatch、runner 變更、GitHub hosted runner、repo secret 變更、secret value collection、secret injection change、webhook / deploy key / branch protection / CODEOWNERS 變更、Gitea action dispatch、K8s secret injection、ArgoCD sync、production deploy、runtime gate 仍全部為 `0 / false`
### 0.3c-2 2026-06-18 Telegram notification egress 旁路清冊
`telegram_notification_egress_inventory_v1` 已把 repo 內 direct Telegram Bot API `sendMessage` 旁路納入只讀清冊。固定 `direct_bot_api_file_count=11``direct_bot_api_call_count=18``workflow_direct_bot_api_call_count=13``ops_script_direct_bot_api_call_count=4``api_direct_bot_api_call_count=1``gateway_normalized_callsite_count=56``gateway_final_exit_formatter_present_count=1`
此更新只表示 `.gitea/workflows``scripts/ops``apps/api/src/services/channel_hub.py` 的 direct egress 已可重跑盤點不代表已遷移。owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、direct Bot API migration authorized、Telegram send、Bot API call、workflow / script modification、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`
同日再新增 `telegram_notification_egress_owner_request_draft_v1`,將 11 個 direct egress 檔案轉成人工送件前 owner request 草稿。固定 `request_draft_count=11``workflow_request_draft_count=6``ops_script_request_draft_count=4``api_direct_request_draft_count=1``required_owner_field_count=19``preflight_check_count=16``outcome_lane_count=9``forbidden_payload_count=14``blocked_action_count=26`。request sent、recipient confirmed、audit event emitted、owner response accepted、formatter convergence accepted、break-glass fallback accepted、Telegram send、Bot API call、workflow / script modification、API sender refactor、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`
同日再新增 `telegram_notification_egress_migration_plan_draft_v1`,將 11 份 owner request 草稿排成 workflow notification wrapper、ops notification wrapper、API sender gateway 三個遷移波次。固定 `migration_candidate_count=11``workflow_migration_candidate_count=6``ops_script_migration_candidate_count=4``api_direct_migration_candidate_count=1``proposed_wave_count=3``owner_response_required_count=11``maintenance_window_required_count=11``rollback_owner_required_count=11`。owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`
2026-06-19 再新增 `telegram_notification_egress_no_new_bypass_guard_v1`,將既有 18 個 direct send 固定成 baseline signature並掃描 `sendMessage``sendDocument``sendPhoto``sendMediaGroup``editMessageText``sendAnimation``sendVideo``sendAudio``sendVoice` 等 9 類 Bot API method。固定 `baseline_signature_count=18``current_direct_bot_api_call_count=18``new_bypass_count=0``sendDocument_call_count=0``runtime_gate_count=0`。此更新只代表 repo source 目前沒有新增未登記 Telegram 直送旁路;既有 18 個 direct send 仍未遷移owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`
同日再新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、`runtime_write_gate=controlled` 事件卡語意、no-false-green guard ref以及 Telegram send / runtime gate 仍為 `0 / false` 的邊界。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1``acceptance_field_count=33``required_owner_field_count=19``reviewer_check_count=23``outcome_lane_count=10``forbidden_payload_count=14``blocked_action_count=35`。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 `0 / false`
同日再新增 `telegram_alert_readability_guard_v1`,把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 `source_formatter_marker_count=11``final_exit_contract_count=3``test_contract_count=11``ai_signal_lane_count=7``host_resource_lane_count=6``blocked_raw_output_marker_count=12``required_output_marker_count=7`,並由 `security-mirror-progress-guard.py` 直接呼叫。此 guard 確認 `_send_request()``send_alert_notification()``send_text()` 都會套用 normalizer且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 `0 / false`
### 0.3d 2026-06-15 Public / Admin / API runtime config 變更證據驗收
`public_runtime_config_change_evidence_acceptance_v1` 已把公開產品頁、AwoooP 後台、API / CORS、frontend env、Sentry tunnel、webhook / callback 與跨產品 runtime route 轉成 metadata-only 變更證據驗收只讀帳本。固定 `candidates=6``c0=5``c1=1``write_capable=6``source_refs=20``required_evidence_fields=21``reviewer_checks=21``outcome_lanes=8``blocked_actions=32`
此更新讓 Public / admin / API / frontend runtime config 類別成熟度從 `62%` 推進到 `64%`。它只表示 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook / callback owner、desktop / mobile smoke、sensitive string scan、console error scan、rollback owner 與 post-check evidence 已有收件驗收規則route 變更、CORS 變更、NEXT_PUBLIC env 變更、middleware auth 變更、callback / webhook 變更、security header / cookie / CSRF / rate limit 變更、database migration、frontend / API deploy、production deploy、runtime gate 仍全部為 `0 / false`
此帳本同時把 raw owner namespace、repo slug、內部狀態碼、內部協作文字、cookie、token、secret value、DSN value、raw payload 與未脫敏截圖列為拒收或隔離條件。AwoooP Tenants、IwoooS、Code Review 或其他公開頁只能顯示脫敏產品 / 專案名稱與控管狀態,不得顯示個人 namespace、內部狀態碼、內部協作內容或抱怨語句。
2026-06-15 再新增 `public_frontend_sensitive_surface_guard_v1` snapshot並將 `scripts/security/public-frontend-env-guard.py` 擴充為 source / messages 防洩漏 guard。固定掃描 `225` 個前端檔案、`12` 類禁字、`2` 個遮罩器 allowlist、`0` 個違規、`0` 個 env violation、`0` 個 runtime gate。此更新讓 Public / admin / API / frontend runtime config 類別成熟度從 `64%` 推進到 `66%`;但 production bundle scan accepted、desktop / mobile production smoke accepted、owner response received / accepted、route / CORS / env / auth / webhook 變更、frontend / API deploy、runtime gate 仍全部為 `0 / false`
`backup_restore_owner_request_draft_v1` 已把 backup、restore、offsite、credential escrow、retention、Velero、alert / health 與 DR runbook 的 38 個 surface 轉成人工送件前 owner request draft。固定 `drafts=38``write_capable=27``live_evidence_required=38``owner_fields=14``blocked_actions=18`,但 request sent、owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、host write、runtime gate 仍全部為 `0 / false`
此更新仍不是 live network truthlive firewall、sudoers、known_hosts、NetworkPolicy、NodePort、WireGuard evidence、network owner、maintenance window、rollback owner 與 owner response received / accepted 全部仍為 `0`,也不得執行 SSH、keyscan、sudo、firewall change、NetworkPolicy apply、NodePort change 或 WireGuard cutover。
### 0.4 2026-06-11 Backup / restore / escrow / retention repo-only 清冊
`backup_restore_escrow_inventory_v1` 已把 backup orchestration、service backup scripts、restic retention、offsite sync、credential escrow、Velero restore drill、backup health alert 與 cold-start / DR runbook 納入只讀 snapshot。清冊目前共有 `38` 個 surface、`15` 個 backup script surface、`8` 個 offsite / escrow surface、`5` 個 Velero surface、`3` 個 retention surface、`5` 個 credential surface 與 `27` 個 write-capable surface讓 backup / restore / credential 類別成熟度從 `52%` 推進到 `58%`
2026-06-15 已新增 `backup_restore_owner_response_acceptance_v1`,將 38 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=38``write_capable=27``live_evidence_required=38``owner_fields=14``reviewer_checks=13``outcome_lanes=7``blocked_actions=22`,讓 backup / restore / credential 類別成熟度從 `58%` 推進到 `62%`;但 owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、host write、runtime gate 仍全部為 `0 / false`
同日再補 restore recovery backfill Gate`backup_restore_owner_response_acceptance_v1` 固定為 `acceptance_fields=33``owner_fields=23``reviewer_checks=22``outcome_lanes=9``blocked_actions=31`。新增 freshness SLO、隔離 restore target、backup dependency map、data classification、remote delete guard、retention runway、restore observer / stop condition、credential recovery non-secret proof 與 backup health no-false-green review讓 backup / restore / credential 類別成熟度從 `62%` 推進到 `64%`。這不代表 owner response received / accepted、live backup evidence、freshness SLO accepted、restore target isolation accepted、remote delete guard accepted、retention runway accepted、credential recovery drill accepted、backup run、restore run、offsite sync、remote delete、retention change、secret collection、host write 或 runtime gate 已授權。
2026-06-18 再新增 `backup_restore_post_incident_readback_plan_v1`,將同一批 38 個 backup / restore / escrow / retention surface 補成事故後回讀計畫。固定 `readback_candidates=38``write_capable=27``live_evidence_required=38``restore_drill_required=38``offsite_or_escrow_required=20``retention_or_remote_delete_required=17``required_readback_fields=34``reviewer_checks=32``outcome_lanes=11``blocked_actions=51`,並要求 actor、時間窗、改前改後 freshness、backup status readback、restore drill、隔離 restore target、offsite sync、remote delete guard、credential escrow non-secret proof、credential recovery metadata、retention runway、retention / prune decision、dependency map、data classification、restore observer、alert textfile、cold-start scorecard、cross-project sync、rollback、post-change monitoring、防再發與 no-false-green attestation讓 backup / restore / credential 類別成熟度從 `64%` 推進到 `66%`。這不代表 post-incident readback received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、secret collection、host write 或 runtime gate 已授權。
此更新仍不是 live backup truthowner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、maintenance window、rollback owner 與 runtime gate 全部仍為 `0`,也不得執行 backup、restore、offsite sync、remote delete、restic prune、escrow marker write、rclone config、Velero restore、kubectl 或 SSH。
### 0.5 2026-06-12 Monitoring / alerting / observability repo-only 清冊
`monitoring_alerting_observability_inventory_v1` 已把 Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL、Telegram / notification policy、deploy / reload scripts 與 alert chain smoke scripts 納入只讀 snapshot。清冊目前共有 `60` 個 surface、`13` 個 alert rule surface、`6` 個 deploy / reload surface、`11` 個 write-capable surface 與 `1` 個 drift guard surface讓 monitoring / alerting / observability 類別成熟度從 `56%` 推進到 `62%`
此更新仍不是 live alert chain truthowner response、live evidence、reload owner、receiver owner、route smoke、maintenance window、rollback owner 與 runtime gate 全部仍為 `0`,也不得執行 Prometheus reload、Alertmanager reload、Grafana import、SigNoz rule apply、Sentry deploy、Langfuse change、OTEL reload、remote write change、silence change、Telegram send、live alert fire、alert chain smoke、SSH 或 kubectl。
2026-06-14 已新增 `monitoring_owner_request_draft_v1`,把 60 個 monitoring / alerting / observability surface 轉成人工送件前 owner request draft。固定 `drafts=60``write_capable=11``live_evidence_required=60``owner_fields=14``blocked_actions=24`,但 request sent、owner response received / accepted、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 已新增 `monitoring_owner_response_acceptance_v1`,將 60 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=60``write_capable=11``live_evidence_required=60``owner_fields=14``reviewer_checks=15``outcome_lanes=7``blocked_actions=28`,讓 monitoring / alerting / observability 類別成熟度從 `62%` 推進到 `66%`;但 owner response received / accepted / rejected、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 再補告警鏈路 no-false-green 回補欄位,將 `monitoring_owner_response_acceptance_v1` 固定為 `acceptance_fields=38``reviewer_checks=23``outcome_lanes=12``blocked_actions=34`。新增要求包含 incident context、alert chain health 不能只看 route 200、receiver receipt proof、stale alert review、silence / dedup review、false-green risk review、post-reload readback plan 與 cross-project notification ref讓 monitoring / alerting / observability 類別成熟度從 `66%` 推進到 `68%`;但 owner response、receiver receipt、stale alert review、silence / dedup review、false-green risk review、post-reload readback、reload、Telegram send、live alert fire、alert chain smoke、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 再新增 `monitoring_post_incident_readback_plan_v1`,將同一批 60 個 monitoring / alerting / observability surface 轉成事故後回讀計畫。固定 `candidates=60``write_capable=11``live_evidence_required=60``alert_rule=13``deploy_or_reload=6``required_readback_fields=30``reviewer_checks=28``outcome_lanes=11``blocked_actions=53`,讓 monitoring / alerting / observability 類別成熟度從 `68%` 推進到 `70%`;但 post-incident readback received / accepted、receiver receipt、stale / silence review、alert chain health、reload、Telegram send、live alert fire、alert chain smoke、host write、production write、runtime gate 與 action button 仍全部為 `0 / false`
### 0.6 2026-06-12 Public Gateway Preflight repo-only 清冊
`public_gateway_preflight_inventory_v1` 已把 Nginx public gateway reload / route change 前置 Gate 固定成只讀 snapshot。清冊目前共有 `3` 份 Nginx source config、`2` 份 C0 source config、`14` 個 route impact、`14` 個 unique upstream、`10` 條 TLS certificate path、`4` 個 certificate owner 確認缺口、`7` 個 ACME challenge domain、`1` 個 admin route domain、`6` 個 WebSocket route domain 與 `12` 個 preflight gate讓 Nginx public gateway 類別成熟度從 `78%` 推進到 `84%`
此更新仍不是 live gateway truthowner response、owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、maintenance window、rollback owner 與 runtime gate 全部仍為 `0`,也不得 SSH、讀 live conf、執行 `nginx -t`、reload Nginx、改 public route、改 admin route、改 WebSocket / API route、改 ACME、做 DNS / TLS probe、執行 certbot renew 或寫入主機。
2026-06-14 已新增 `public_gateway_owner_response_acceptance_v1`,把 3 份 Public Gateway config 轉成 owner response acceptance 只讀帳本。2026-06-15 已強化手動 / 緊急 gateway 變更 metadata gate固定 `candidates=3``c0=2``owner_fields=22``reviewer_checks=22``outcome_lanes=8``blocked_actions=28`。此更新要求 owner response 必須能提供 change actor/source、change time window、cross-project impact、communication sync、change intent / ticket、pre-change approval 或 break-glass reason、route health impact、rollback validation 與 post-change monitoring window 的脫敏 refNginx public gateway 類別成熟度從 `88%` 推進到 `90%`,因為亂改 Nginx 後不再只看 owner 口頭回覆,而會要求事前意圖或事後 break-glass、健康影響、回滾驗證與監控窗口。不過 owner response received / accepted、redacted export、rendered diff、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 `0 / false`
2026-06-14 再新增 `public_gateway_rendered_diff_acceptance_v1`,把 3 份 Public Gateway config 轉成 rendered diff evidence acceptance 只讀帳本。固定 `candidates=3``c0=2``required_evidence_fields=14``reviewer_checks=15``outcome_lanes=8``blocked_actions=22`,讓 Nginx public gateway 類別成熟度從 `86%` 推進到 `88%`。此更新只表示未來 owner-provided rendered diff、`nginx -t` readback、route smoke evidence、TLS / ACME impact、maintenance window、rollback owner 與 post-check evidence 有收件驗收規則owner response accepted、rendered diff accepted、nginx test evidence accepted、route smoke evidence accepted、reload、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 `0 / false`
2026-06-15 再新增 `public_gateway_post_incident_readback_plan_v1`,把同一批 3 份 Public Gateway config 補成事故後回讀計畫。固定 `readback_candidates=3``c0=2``c1=1``write_capable=3``readback_fields=36``required_readback_fields=30``reviewer_checks=28``outcome_lanes=10``blocked_actions=41`,讓 Nginx public gateway 類別成熟度從 `90%` 推進到 `92%`。此更新只表示 actor、變更時間窗、change intent / break-glass、改前改後 route、source-to-live diff、`nginx -t` readback、reload / no-reload、route smoke、TLS / ACME、WebSocket、upstream、AI provider、monitoring、跨專案同步、回滾、防再發與 no-false-green 已有脫敏回讀欄位與審查分流readback received / accepted、live conf read、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 `0 / false`
### 0.7 2026-06-14 DNS / TLS / certbot owner response acceptance 只讀帳本
`domain_tls_certbot_owner_response_acceptance_v1` 已把 4 份 DNS / TLS / certbot owner confirmation request 轉成 owner response acceptance 只讀帳本。固定 `candidates=4``c0=4``owner_fields=13``reviewer_checks=13``outcome_lanes=7``blocked_actions=20`,讓 DNS / TLS / certbot 類別成熟度從 `74%` 推進到 `78%`
此更新只表示 SAN / wildcard / 共用憑證覆蓋關係、certificate expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan 已有收件驗收規則owner response received / accepted、certificate coverage confirmed、DNS query、TLS probe、certbot renew、Nginx reload、route smoke、DNS record / certificate path / ACME route 變更、host write、runtime gate 仍全部為 `0 / false`
### 0.8 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本
`host_service_owner_response_acceptance_v1` 已把 9 份 Docker / systemd / host service owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=9``write_capable=3``live_evidence_required=8``owner_fields=18``reviewer_checks=21``outcome_lanes=8``blocked_actions=27`並追加事故恢復、依賴圖、port binding、cold-start sequence、source-of-truth 與 daemon / runner 競爭回補要求,讓 Docker / systemd / host service 類別成熟度從 `54%` 推進到 `58%`
此更新只表示 live config hash ref、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence 已有收件驗收規則owner response received / accepted、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 仍全部為 `0 / false`
### 0.8a 2026-06-15 Docker / systemd / host service change evidence acceptance 只讀帳本
`host_service_change_evidence_acceptance_v1` 已把 9 個 Docker / systemd / host service surface 轉成事故 / 變更證據驗收只讀帳本。固定 `candidates=9``write_capable=3``live_evidence_required=8``evidence_fields=45``required_evidence_fields=25``reviewer_checks=26``outcome_lanes=10``blocked_actions=39`,並納入重啟 actor、before / after service state、Docker daemon state、compose / systemd state、failed unit review、port binding、dependency impact、cold-start sequence、route recovery、operator notification、cross-project sync 與 no-false-green service health讓 Docker / systemd / host service 類別成熟度從 `58%` 推進到 `62%`
此更新只表示未來 host service 事故或變更證據已有收件驗收規則change evidence received / accepted、Docker daemon state accepted、compose stack state accepted、systemd unit state accepted、failed unit review accepted、port binding accepted、route recovery accepted、operator notification accepted、live host read、SSH、Docker / systemd、repair-bot、Ansible、route smoke、host write、runtime gate 仍全部為 `0 / false`
### 0.8b 2026-06-15 Docker / systemd / host service 事故後回讀計畫
`host_service_post_incident_readback_plan_v1` 已把同一批 9 個 Docker / systemd / host service surface 補成 post-incident readback plan。固定 `readback_candidates=9``write_capable=3``live_evidence_required=8``readback_fields=36``required_readback_fields=28``reviewer_checks=28``outcome_lanes=10``blocked_actions=41`,並要求 actor、boot time、restart / recovery window、before / after、Docker daemon、compose、systemd、failed unit、port binding、dependency、public/admin route、AI provider、monitoring、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation讓 Docker / systemd / host service 類別成熟度從 `62%` 推進到 `64%`
此更新只表示 110 / 188 類主機服務事故已有事故後回讀收件規則post-incident readback received / accepted、actor attribution accepted、Docker daemon accepted、compose accepted、systemd accepted、route recovery accepted、monitoring accepted、cross-project sync accepted、recurrence guard accepted、live host read、SSH、Docker / systemd、repair-bot、Ansible、route smoke、host write、production write、runtime gate 仍全部為 `0 / false`
### 0.8c 2026-06-15 AI provider / model routing owner response acceptance 只讀帳本
`ai_provider_owner_response_acceptance_v1` 已把 AI router provider policy、Ollama proxy gateway、fallback order / circuit breaker、cost budget / quota、privacy / data egress、benchmark / dry-run、model card / version inventory 與 agent replacement candidate boundary 轉成 metadata-only owner response acceptance 帳本。固定 `candidates=8``write_capable=5``paid_provider_related=5``data_egress=6``live_evidence_required=6``acceptance_fields=37``required_owner_fields=24``reviewer_checks=24``outcome_lanes=10``blocked_actions=38`,讓 AI provider / model routing 類別成熟度從 `60%` 推進到 `64%`
此更新只表示未來 provider、fallback、cost、privacy、benchmark、dry-run、模型卡片與 agent replacement 證據已有收件驗收規則owner response received / accepted、dry-run accepted、benchmark accepted、cost review accepted、privacy review accepted、fallback order accepted、provider switch、external provider call、paid provider call、prompt send、live endpoint probe、secret collection、SDK install、model download、shadow / canary、production deploy、runtime gate 仍全部為 `0 / false`
## 1. 目前已不符合新要求的項目
| 優先 | 項目 | 現況 | 風險 | 本階段處置 |
|------|------|------|------|------------|
| P0 | Nginx public gateway | 已有 Ansible source-of-truth、repo-only drift detector、DNS / TLS 清冊、public gateway preflight Gate、owner response acceptance、rendered diff evidence acceptance 與事故後回讀計畫,但尚缺 owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、maintenance window 與 rollback owner | 手改 live conf 會讓公開網站、admin route、TLS、API、WebSocket 或 ACME 被改壞,且不易追責 | 已新增高價值配置 Hard Rule、drift detector、preflight 清冊、owner response acceptance 與 post-incident readback plan仍不得 SSH 或 reload |
| P0 | `docs/runbooks/SECRETS-MANAGEMENT.md` Gitea token 範例 | 文件內存在可疑 token 範例 | 可能造成 Gitea API 權限外洩或複製貼上事故 | 已改為 owner-managed token env不保存 value |
| P0 | `k8s/monitoring/docker-compose-110.yml` Grafana admin 密碼 | compose 內有固定密碼常值 | 若被當作 live 密碼或複製使用,會造成監控後台弱控管 | 已改為 `GRAFANA_ADMIN_PASSWORD` owner secret store 注入 |
| P0 | `ops/monitoring/discover_docker.py` SSH host key 驗證 | 仍使用關閉 host key 驗證的參數 | MITM 或錯誤主機信任風險 | 已改為 `BatchMode=yes` + `accept-new`;後續升級 pinned known_hosts |
| P0 | `apps/api/src/api/v1/monitoring.py` Grafana 探測認證 | 程式碼內有 Grafana Basic Auth 常值 | API 程式碼保存 credential且會被複製到後續部署 | 已改為 `settings.GRAFANA_API_KEY` Bearer token未設定時不送 Authorization header |
| P1 | Nginx 188 / 110 live conf drift | repo 有 templates 與 drift detector比對模式需 owner 提供脫敏 live conf目前 live evidence 仍為 `0` | 手改後 repo 不知道,下一次 Ansible 可能覆蓋或保留錯誤路由 | 下一步收 owner-provided live conf 與 rendered diff不主動 SSH |
| P1 | 高價值配置變更 Gate | 已有 C0-C3 清冊與 Hard Rule但原本缺少可重跑 path 分類 | reviewer 只能靠人工記憶判斷 Nginx、workflow、secret、K8s、DNS、AI provider 是否需 owner gate | 已新增 `scripts/security/high-value-config-change-gate.py`;本階段只分類,不接 CI blocking |
| P0 | DNS / TLS / certbot | 已有 domain / certificate path 清冊、owner confirmation request 與 owner response acceptance 只讀帳本,但仍缺 owner-provided coverage metadata、expiry metadata、renewal owner、ACME route owner、maintenance window 與 rollback owner | 憑證過期、錯誤 cert path、ACME challenge 被覆蓋會造成公開服務中斷 | 維持 C0下一步只收脫敏 metadata ref不做 DNS query、TLS probe、certbot renew 或 reload |
| P1 | workflow / runner / deploy key / secret name | 已有 Gitea / GitHub readiness 盤點,但尚未把配置變更和 IwoooS 高價值配置共用 gate 合併 | workflow 或 runner 改錯會直接影響部署與 secret 注入 | 納入 C0維持只讀 owner response不收 secret value |
| P1 | Docker Compose / systemd live config | 已有 repo-only inventory、owner request draft、owner response acceptance、change evidence acceptance 與 post-incident readback plan 只讀帳本,但仍缺 owner-provided live hash、事故回讀包、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence | restart policy、port、volume、env、daemon / compose / systemd 異動會影響 Harbor、Sentry、Langfuse、Gitea、監控、AI provider 與代理賞金協議 runtime | 下一步只收脫敏 owner response / live hash metadata / 事故回讀 ref不主動 SSH、不重啟、不跑 repair-bot |
| P1 | AI provider / Ollama proxy | Nginx proxy template、API provider route、fallback order、模型治理卡與 agent replacement 候選 | provider route drift 會造成成本、可用性、資料外送與模型品質風險 | 納入 C1owner response acceptance 已固定;任何切換仍需 dry-run / benchmark / cost / privacy / rollback owner gate |
| P1 | agent-bounty-protocol runtime / treasury / A2A / MCP | 已納入只讀範圍,但尚未有 production host、compose、domain、TLS、rollback owner 完整資料 | 外部 agent、claim / submit、payout 或 webhook 若未控管,風險高於一般網站 | 納入 C2仍不改該 repo、不讀 `.env`、不部署 |
## 2. Nginx 控管機制
Nginx 是目前必須最先資安控管的配置,原因是它同時控制公開 domain、TLS、admin route、API / WebSocket、ACME challenge、跨產品 upstream 與內網曝光邊界。
### 2.1 Source of truth
| 主機 | repo source-of-truth | live path | 涵蓋 |
|------|----------------------|-----------|------|
| `192.168.0.188` | `infra/ansible/roles/nginx/templates/188-all-sites.conf.j2` | `/etc/nginx/sites-enabled/all-sites.conf` | `aiops.wooo.work``gitlab.wooo.work``signoz.wooo.work``www.tsenyang.com``tsenyang.com``stock.wooo.work``mo.wooo.work``bitan.wooo.work``vtuber.wooo.work` |
| `192.168.0.188` | `infra/ansible/roles/nginx/templates/188-internal-tools-https.conf.j2` | live path 需 owner 確認 | `gitea.wooo.work``sentry.wooo.work``langfuse.wooo.work``harbor.wooo.work``registry.wooo.work``signoz.wooo.work``stock.wooo.work` |
| `192.168.0.110` | `infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2` | `/etc/nginx/sites-enabled/110-ollama-proxy.conf` | Ollama GCP-A `11435`、GCP-B `11436`、local fallback `11437` |
| 部署入口 | `infra/ansible/playbooks/nginx-sync.yml` | Ansible apply | `nginx -t`、backup、reload handler |
| 回滾 SOP | `docs/runbooks/disaster-recovery/DR-Nginx.md` | Runbook | 語法錯誤、Git rollback、188 失效接管 |
### 2.2 必要 gate
| 階段 | 必要資料 | 未滿足時 |
|------|----------|----------|
| 變更前 | owner role / team、affected domains、affected paths、upstream、TLS / ACME 影響、rollback owner、maintenance window | 不可 reload不可部署 |
| diff | repo diff、rendered diff、live drift evidence refs | 只可進入 owner review |
| preflight | `nginx -t`、port conflict check、certificate path check | 不可 reload |
| post-check | public route smoke、API / WebSocket smoke、admin route smoke、ACME path smoke、錯誤率觀察 | 不可宣稱完成 |
| rollback | 前一份 live backup、Git revert ref、rollback owner、停止條件 | 不可進 production window |
### 2.3 Drift 原則
1. 偵測到 live Nginx 與 repo template 不一致時,只建立 evidence不自動覆寫 live。
2. drift 必須標記受影響 domain、upstream、TLS、admin route、ACME path 與風險等級。
3. 若 drift 是緊急手改,需補 break-glass owner response、時間、原因、回滾條件與後續 source-of-truth patch。
4. 若 drift 是未授權變更,列為 P0 config drift不得等到下一次部署才處理。
5. IwoooS UI 可顯示 drift但不能因此提高 runtime gate。
## 3. 需要優先納管的配置總清單
| 優先 | 配置 | 代表 repo 路徑 | live / owner 來源 | 必要控管 |
|------|------|----------------|-------------------|----------|
| P0 | Nginx public gateway | `infra/ansible/roles/nginx/templates/*.j2``infra/ansible/playbooks/nginx-sync.yml``ops/nginx/*` | 188 / 110 live Nginx | source-of-truth、drift detector、owner gate、`nginx -t`、route smoke、rollback |
| P0 | DNS / TLS / certbot | Nginx templates、`docs/runbooks/REGISTRY-CERTBOT-188.md`、TLS alert rules、`docs/security/DOMAIN-TLS-CERTBOT-OWNER-CONFIRMATION-REQUEST.md``docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md` | DNS provider、Let's Encrypt、188 / 110 | domain inventory、cert path、owner coverage metadata、renewal owner、ACME path owner、rollback、validation plan不得 live probe 或 renew |
| P0 | K8s production manifests | `k8s/awoooi-prod/*``k8s/argocd/awoooi-prod-app.yaml` | ArgoCD / K3s | GitOps diff、ArgoCD health / sync readback、rollback revision、no manual kubectl unless approved |
| P0 | K8s Secret metadata | `k8s/awoooi-prod/03-secrets.example.yaml`、secret templates、workflow injection | Gitea Secrets / K8s Secret names | secret name parity only、no value collection、rotation owner |
| P0 | Gitea workflows | `.gitea/workflows/*.yaml` | Gitea Actions | self-hosted runner, secret reference guard, deployment verification, no write action without owner |
| P0 | Runner / deploy key / webhook / branch protection | `ops/runner/*`、source-control snapshots | Gitea / GitHub owner metadata | labels、key names、webhook names、ruleset metadata onlyno token / key value |
| P0 | Public admin / API route config | Nginx templates、`apps/web/src/lib/config.ts``apps/api/src/core/config.py``docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md``docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json` | Product owner + runtime owner | auth boundary、CORS、public URL、admin path smoke、frontend internal IP ban、i18n redaction、raw namespace / repo slug / 內部狀態碼 / 內部協作內容外洩阻擋、desktop / mobile smoke |
| P0 | Backup / restore credential | `scripts/backup/*``k8s/velero/*`、DR runbooks、`docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md``docs/security/BACKUP-RESTORE-OWNER-REQUEST-DRAFT.md` | MinIO / restic / offsite escrow | owner request draft 已固定credential value absent、restore drill gate、offsite owner、escrow owner、retention policy、rollback owner |
| P0 | agent-bounty-protocol treasury / MCP / A2A | `docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md``docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md` | agent-bounty owner response | owner request draft 已固定no payout / claim / submit / daemon / webhook until explicit runtime approval |
| P1 | Prometheus / Alertmanager | `k8s/monitoring/*``ops/alertmanager/alertmanager.yml``ops/monitoring/*``docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md``docs/security/MONITORING-OWNER-REQUEST-DRAFT.md` | 110 monitoring stack | repo-only 清冊與 owner request draft 已固定;仍缺 rule diff、receiver diff、reload owner、receipt proof 與 live evidence |
| P1 | Grafana / SigNoz / Sentry / Langfuse | `ops/grafana/*``ops/signoz/*``ops/sentry-self-hosted/*``infra/langfuse/*``docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md``docs/security/MONITORING-OWNER-REQUEST-DRAFT.md` | 110 compose / public gateway | owner request draft 已固定;仍缺 admin secret owner、public route proof、backup owner、smoke plan、upgrade window 與 rollback owner |
| P1 | Harbor / registry | Nginx templates、backup scripts、CD workflows | 110 Harbor / registry domains | robot account owner、image tag immutability、scan policy、TLS |
| P1 | PostgreSQL / Redis / MinIO | app config、backup scripts、monitoring config | 188 / 110 / K3s | no plaintext DSN, access boundary, backup, restore, metrics auth |
| P1 | Docker Compose / systemd | `docker-compose.yml``ops/*/docker-compose.yml``scripts/reboot-recovery/*.service``docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md``docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` | 110 / 188 / agent-bounty hosts | live hash metadata、port / volume / env diff、maintenance / restart window、rollback owner、post-check plan、disable switch不得 restart / apply |
| P1 | SSH / sudoers / known_hosts | Ansible inventory、ops scripts、runner scripts | host owners | owner request draft 已固定;下一步只收脫敏 live access state、known_hosts / host-key policy、target whitelist 與 rollback owner |
| P1 | Firewall / WireGuard / NodePort / VIP | K8s service / network policy、Kali / wg-easy docs、`docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md` | network owner | owner request draft、owner response acceptance 與 change evidence acceptance 已固定;下一步只收 actor、before / after state、impact、cross-project sync、maintenance window、rollback owner 與 post-check evidenceno unreviewed port exposure |
| P1 | AI provider / model routing | `apps/api/src/services/ai_providers/*``apps/api/src/services/ai_router.py``docs/ai/AI-MODEL-CARDS.md``docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/ai-provider-owner-response-acceptance.snapshot.json` | AI owner | owner response acceptance、dry-run、benchmark、cost / privacy review、fallback order、prompt redaction、rollback owner不得 provider switch、外部呼叫、付費呼叫、prompt send 或 live endpoint probe |
| P1 | Kali 112 scanner config | `docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、Kali snapshots | Kali owner | maintenance window、no active scan、no `/execute`、hardening dry-run |
| P2 | AWOOOI / AwoooP / IwoooS frontend runtime config | `apps/web/next.config.js``apps/web/src/lib/config.ts`、i18n | web owner | NEXT_PUBLIC public-domain only、no internal transcript, desktop/mobile smoke |
| P2 | VibeWork product boundary | VibeWork owner docs / future evidence refs | VibeWork owner | independent product boundary、repo / deploy / admin / backup scope |
| P2 | StockPlatform / Tsenyang / Bitan / VTuber routes | Nginx templates、product runbooks | product owner | domain / admin / API / backup / owner matrix |
| P2 | Package / supply-chain baselines | `pnpm-lock.yaml``package.json``pyproject.toml``requirements.txt`、Dockerfiles、docker-compose、`docs/security/PACKAGE-SUPPLY-CHAIN-BASELINE.md``docs/security/package-supply-chain-baseline.snapshot.json``docs/security/PACKAGE-SUPPLY-CHAIN-OWNER-POLICY-GATE.md``docs/security/package-supply-chain-owner-policy-gate.snapshot.json` | repo / registry owner | package manager policy、lockfile owner、Python lock policy、requirements pinning policy、Docker digest pinning policy、compose image digest policy、CVE / license / SBOM window、registry owner、rollback owner |
| P3 | Runbook / endpoint docs / snapshots | `docs/reference/*``docs/runbooks/*``docs/security/*.snapshot.json` | doc owner | no secret value, stale endpoint flag, owner-reviewed evidence refs |
2026-06-14 P0-20 已新增 `docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md``docs/security/k8s-argocd-manifest-inventory.snapshot.json`,把 K8s / ArgoCD / Velero / monitoring repo source 固定為 `files=49``c0=36``yaml=45``unique_kinds=20``blocked_actions=13` 的只讀清冊。P0-21 再新增 `docs/security/K8S-ARGOCD-OWNER-REQUEST-DRAFT.md``docs/security/k8s-argocd-owner-request-draft.snapshot.json`,將四個 scan group 轉成 `drafts=4``c0=3``owner_fields=11` 的 owner request draft。2026-06-15 P0-25 再新增 `docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/k8s-argocd-owner-response-acceptance.snapshot.json`,固定 `candidates=4``c0=3``owner_fields=11``reviewer_checks=12``outcome_lanes=7``blocked_actions=18` 的 owner response acceptance 只讀帳本。2026-06-15 再新增 `docs/security/K8S-ARGOCD-CHANGE-EVIDENCE-ACCEPTANCE.md``docs/security/k8s-argocd-change-evidence-acceptance.snapshot.json`,固定 `candidates=4``c0=3``write_capable=4``required_evidence_fields=18``reviewer_checks=18``outcome_lanes=8``blocked_actions=28` 的 GitOps 變更證據驗收只讀帳本。這些都不是 live cluster read、ArgoCD API read、ArgoCD sync、kubectl action、Helm upgrade、secret collection、manual pod restart、scale workload、RBAC / NetworkPolicy change、restore backup、production write 或 runtime gate。
## 4. 新增規範
1. 高價值配置必須先分級C0 / C1 / C2 / C3。
2. 所有 C0 配置變更必須有 source-of-truth、owner gate、diff、rollback owner 與驗證點。
3. Nginx live drift 不得自動覆蓋,只能先形成 P0 evidence 與 owner decision。
4. 文件與 runbook 的範例不得包含可用 token、password、private key、runner token、webhook secret、cookie、authorization header 或 partial credential。
5. SSH 類工具不得關閉 host key 驗證;短期可用 `accept-new`,長期要升級 pinned known_hosts。
6. Grafana / Harbor / MinIO / ArgoCD / Gitea / Telegram / AI provider 等管理面密碼只能由 owner secret store 注入。
7. agent-bounty-protocol、VibeWork 與其他產品的 route / admin / webhook / payout / deploy config 必須放入 IwoooS 控管,但不能混用 AWOOOI runtime approval。
8. Backup / restore / offsite / escrow / retention 清冊可見只代表需被控管;不得把 runbook 命令、snapshot、AwoooP approval 或 IwoooS UI 當作 backup run、restore drill、rclone sync、remote delete、restic prune、escrow marker write 或 Velero restore 授權。
9. DNS / TLS / certbot owner response 只能收脫敏 metadata ref、coverage basis、expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan不得因 owner 回覆而自動做 DNS query、live TLS probe、certbot renew、Nginx reload、route smoke、DNS record 變更、certificate path 變更或 ACME route 變更。
10. Public / admin / API / frontend runtime config 變更必須先通過 affected route、auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、desktop / mobile smoke、sensitive string scan、rollback owner 與 post-check evidence前台不得顯示 raw owner namespace、repo slug、內部狀態碼、內部協作內容或未脫敏截圖。
11. 高價值配置控管必須能由 `scripts/security/iwooos-config-control-guard.py` 集中驗證guard 通過只代表 repo snapshot 基線完整,不代表 owner response、live evidence、reload、restart、workflow / secret / runner 變更、backup / restore、scan、runtime 或 deploy 授權。
12. Package / Docker 供應鏈修復前必須先通過 owner policy gatePython lockfile、requirements pinning、Docker digest pinning、compose digest、CVE / license / SBOM 只能先收脫敏 owner metadata不得因 baseline 或 gate 通過而 install、upgrade、rewrite lockfile、pull / build / push image、登入 registry、修改 workflow、部署或開 runtime gate。
13. Public Gateway / Nginx 事故後回讀只能收脫敏 evidence ref不得保存 raw live conf、完整 diff、secret、憑證內容、cookie、token 或未脫敏截圖;不得把 route 200、Nginx active、dashboard up、CD success 或 UI 可見當成事故已驗收。
## 5. 需要調整的既有規範
| 規範 | 目前狀態 | 調整方向 |
|------|----------|----------|
| IwoooS 初期低摩擦 | 原本偏只讀框架 | 保留只讀框架,但 P0 即時危害可先做 source-control 止血 |
| Nginx DR runbook | 已寫禁止直接手改 live conf | 補 owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、跨產品通知、post-check |
| Secrets 管理手冊 | 有 secret 來源與 CD 注入說明 | 去除可用 token 範例補「metadata only」與 owner secret store |
| Gitea / GitHub readiness | 已有 repo / workflow / secret name 盤點 | 與高價值配置分級合併workflow 變更仍需獨立批准 |
| Deployment verification | 偏重 Pod / health | 加入 Nginx / DNS / TLS / public route / admin route smoke |
| AI provider governance | 已有 dry-run / benchmark 邊界 | 加入 Nginx Ollama proxy、GCP fallback、成本與資料外送控管 |
| Frontend i18n / internal IP | 已有 NEXT_PUBLIC 禁令 | 擴大到 public route / Sentry tunnel / admin path / product domain 一起驗證 |
## 6. 階段完成度
| 工作 | 完成度 | 說明 |
|------|--------|------|
| 重要配置範圍盤點 | `100%` | 已建立 C0-C3 分級與總清單 |
| Nginx 控管機制定義 | `100%` | 已定義 source-of-truth、live path、gate、drift 原則 |
| source-control P0 止血 | `100%` | 已清掉本波掃到的 token 範例、Grafana 密碼常值與 SSH host key 關閉 |
| repo-only Nginx drift detector | `100%` | 已新增 `scripts/security/nginx-config-drift-detector.py` 與 repo source-of-truth snapshot |
| public gateway preflight 清冊 | `100%` | 已新增 `public_gateway_preflight_inventory_v1`,固定 12 個 reload / route change 前置 Gate成熟度 `78% -> 84%` |
| Public Gateway / Nginx 事故後回讀計畫 | `100%` | 已新增 `public_gateway_post_incident_readback_plan_v1`,固定 3 份事故後回讀 candidate、2 份 C0、30 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action成熟度 `90% -> 92%`readback accepted、`nginx -t`、reload、route smoke 與 runtime gate 仍為 `0` |
| 高價值配置變更分類 Gate | `100%` | 已新增 `scripts/security/high-value-config-change-gate.py`,可用 git diff 或手動檔案分類 C0/C1/C2/C3 並列出 owner / rollback / evidence / 驗證欄位 |
| DNS / TLS / certbot owner response acceptance | `100%` | 已新增 `domain_tls_certbot_owner_response_acceptance_v1`4 個 C0 candidate、13 個 owner 必填欄位、13 個 reviewer checks、7 條 outcome lanes、20 類 blocked action成熟度 `74% -> 78%` |
| owner response evidence JSON 欄位檢查 | `70%` | Gate 可檢查必要欄位與 false flags尚未接正式收件 API 或 AwoooP queue |
| Gate → owner response packet 草案 | `100%` | 已新增 `scripts/security/high-value-config-owner-packet.py`,可將 impacted category 轉成 canonical owner response packet 草案 |
| canonical owner 欄位對齊 | `100%` | 高價值配置 Gate 已對齊 S4.9 `owner_role_or_team`,並保留 `owner_role_team` 等 alias 支援 |
| 全域配置覆蓋矩陣 | `100%` | 已新增 `scripts/security/high-value-config-control-coverage.py`、snapshot 與 schema14 類高價值配置可重跑檢查 |
| 高價值配置集中 guard | `100%` | 已新增 `scripts/security/iwooos-config-control-guard.py`,並串接 `security-mirror-progress-guard.py`14 類配置、主要 owner / change evidence 帳本、supply-chain manifest 與 `0 / false` 邊界可集中驗證 |
| Backup / restore / escrow 清冊 | `100%` | 已新增 `backup_restore_escrow_inventory_v1`,納入 38 個 repo-only surface成熟度 `52% -> 58%` |
| Backup / restore / escrow owner response acceptance | `100%` | 已新增並強化 `backup_restore_owner_response_acceptance_v1`38 個 candidate、27 個 write-capable、22 個 reviewer checks、9 條 outcome lanes、31 類 blocked action成熟度 `58% -> 64%` |
| Backup / restore / escrow 事故後回讀計畫 | `100%` | 已新增 `backup_restore_post_incident_readback_plan_v1`38 個事故回讀 candidate、27 個 write-capable、34 個必填欄位、32 個 reviewer checks、11 條 outcome lanes、51 類 blocked action成熟度 `64% -> 66%`readback accepted 與 runtime gate 仍為 `0` |
| Monitoring / alerting / observability 清冊 | `100%` | 已新增 `monitoring_alerting_observability_inventory_v1`,納入 60 個 repo-only surface成熟度 `56% -> 62%` |
| Monitoring / alerting / observability owner request draft | `100%` | 已將 60 個 monitoring surface 轉成 owner request draftrequest sent / received / accepted、reload、receiver route change、Telegram send、alert chain smoke 仍為 0 |
| Monitoring / alerting / observability owner response acceptance | `100%` | 已新增並強化 `monitoring_owner_response_acceptance_v1`60 個 candidate、11 個 write-capable、23 個 reviewer checks、12 條 outcome lanes、34 類 blocked action成熟度 `62% -> 68%` |
| Monitoring / alerting / observability post-incident readback plan | `100%` | 已新增 `monitoring_post_incident_readback_plan_v1`60 個事故回讀 candidate、11 個 write-capable、30 個必填欄位、28 個 reviewer checks、11 條 outcome lanes、53 類 blocked action成熟度 `68% -> 70%`readback accepted、receiver receipt、stale / silence、alert chain health、reload、Telegram send、alert chain smoke 與 runtime gate 仍為 0 |
| owner packet 前台只讀接入 | `100%` | `/zh-TW/iwooos` 已顯示高價值配置 owner packet 草案、C0/C1 packet 數、request / received / accepted 仍為 0 與禁止執行邊界 |
| owner response request / received / accepted | `0%` | Packet 只是草案;尚未送件、尚未收件、尚未 reviewer accepted |
| agent-bounty-protocol owner request draft | `100%` | 已將 repo / refs、deployment、data classification、external agent / treasury 與 7 個 product surface 轉成 11 份 owner request draftclaim / submit、payout、cron / daemon、runtime gate 仍為 0 |
| Docker / systemd owner request draft | `100%` | 已將 9 個 host service surface 轉成 owner request draftrequest sent / received / accepted 仍為 0 |
| Docker / systemd owner response acceptance | `100%` | 已新增 `host_service_owner_response_acceptance_v1`9 個 candidate、3 個 write-capable、8 個需 live evidence、21 個 reviewer checks、8 條 outcome lanes、27 類 blocked action成熟度 `54% -> 58%` |
| Docker / systemd change evidence acceptance | `100%` | 已新增 `host_service_change_evidence_acceptance_v1`9 個 candidate、3 個 write-capable、26 個 reviewer checks、10 條 outcome lanes、39 類 blocked action成熟度 `58% -> 62%` |
| Docker / systemd 事故後回讀計畫 | `100%` | 已新增 `host_service_post_incident_readback_plan_v1`9 個 readback candidate、28 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action成熟度 `62% -> 64%`readback accepted 與 runtime gate 仍為 `0` |
| SSH / firewall / network owner request draft | `100%` | 已將 16 個 SSH / network access surface 轉成 owner request draftrequest sent / received / accepted、port change、firewall change、NetworkPolicy apply、NodePort change、WireGuard change 仍為 0 |
| SSH / firewall / network owner response acceptance | `100%` | 已新增 `ssh_network_owner_response_acceptance_v1`16 個 candidate、6 個 write-capable、15 個 reviewer checks、7 條 outcome lanes、22 類 blocked action成熟度 `54% -> 58%` |
| 端口 / 防火牆變更證據驗收 | `100%` | 已新增並強化 `port_firewall_change_evidence_acceptance_v1`14 個 candidate、6 個 write-capable、21 個 reviewer checks、9 條 outcome lanes、28 類 blocked action成熟度 `58% -> 62%` |
| SSH / firewall / network 事故後回讀計畫 | `100%` | 已新增 `ssh_network_post_incident_readback_plan_v1`14 個 readback candidate、24 個必填欄位、24 個 reviewer checks、10 條 outcome lanes、34 類 blocked action成熟度 `62% -> 64%`readback accepted 與 runtime gate 仍為 `0` |
| K8s / ArgoCD GitOps 變更證據驗收 | `100%` | 已新增 `k8s_argocd_change_evidence_acceptance_v1`4 個 candidate、3 個 C0、4 個 write-capable、18 個 reviewer checks、8 條 outcome lanes、28 類 blocked action成熟度 `62% -> 64%` |
| K8s / ArgoCD 事故後回讀計畫 | `100%` | 已新增 `k8s_argocd_post_incident_readback_plan_v1`4 個 readback candidate、31 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action成熟度 `64% -> 66%`readback accepted 與 runtime gate 仍為 `0` |
| Public / Admin / API runtime config 變更證據驗收 | `100%` | 已新增 `public_runtime_config_change_evidence_acceptance_v1``public_frontend_sensitive_surface_guard_v1`6 個 candidate、5 個 C0、21 個 reviewer checks、8 條 outcome lanes、32 類 blocked action另掃 225 個前端檔案、12 類禁字、違規 0成熟度 `62% -> 66%`raw namespace / repo slug / 內部狀態碼 / 內部協作內容外洩列為拒收或隔離條件 |
| Package / Docker supply-chain repo-only baseline | `100%` | 已新增 `package_supply_chain_baseline_v1`,盤點 `package_json=6``pyproject=4``requirements=2``dockerfiles=2``compose=6``gaps=5`;不 install、不掃 CVE、不改 image、不部署 |
| Package / Docker supply-chain owner policy gate | `100%` | 已新增 `package_supply_chain_owner_policy_gate_v1`6 個 owner policy request、2 個 C0、8 個 owner 欄位、12 個 reviewer checks、20 類 blocked actionrequest_sent / received / accepted / runtime / action 仍為 `0 / false` |
| Backup / restore / escrow owner request draft | `100%` | 已將 38 個 backup / restore / escrow surface 轉成 owner request draftrequest sent / received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change 仍為 0 |
| CI blocking / workflow gate | `0%` | 本階段刻意不修改 `.gitea/workflows`,避免初期資安流程摩擦過大 |
| owner-provided live Nginx file compare | `70%` | 工具可吃 owner 匯出的 live conf 檔比較;本階段不主動 SSH 取得 |
| live Nginx evidence collection | `0%` | 尚未 SSH / Ansible check-mode / live hash需 owner 與維護窗口規則 |
| live Nginx reload / restart | `0%` | 未授權,未執行 |
| DNS / TLS live validation | `0%` | 本階段未跑 live probe若下一階段改前端或 route需 desktop / mobile / route smoke |
| cross-product owner response | `0%` | 尚未收到 VibeWork、agent-bounty-protocol、StockPlatform 等 owner acceptance |
## 7. 下一階段優先順序
1. P0將 owner response packet 草案接入 AwoooP 只讀狀態,顯示 request / received / accepted 仍為 0。
2. P0由 owner 提供脫敏 live Nginx conf 匯出檔,重跑 compare mode不自動覆寫、不 reload。
3. P0向 owner 收 DNS / TLS / certbot 脫敏 coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan不做 DNS query、TLS probe、certbot renew 或 reload。
4. P0把 workflow / runner / secret name owner response 與高價值配置 C0 gate 串成同一個 IwoooS 狀態。
5. P0收 public / admin / API runtime config 的脫敏變更證據,先補 affected route、auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、desktop / mobile smoke、production bundle sensitive scan、rollback owner 與 post-check evidencesource / messages 防洩漏 guard 已固定違規 0但仍不改 route / CORS / env。
6. P0把 agent-bounty-protocol compose / MCP / A2A / treasury 高價值配置欄位接入同一個 owner packet queue不啟用 runtime。
7. P1向 owner 收 110 / 188 Docker Compose 與 systemd 脫敏 live hash metadata、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence不主動 SSH、不重啟、不跑 repair-bot。
7. P1向 owner 收 SSH / firewall / WireGuard / NodePort 脫敏 live access state、allowed source CIDR、change / incident ref、actor、before / after state、cross-project sync、maintenance window、rollback owner 與 validation plan不主動 keyscan、不改 firewall、不開關端口。
8. P1向 owner 收 backup / restore / offsite / escrow 非敏感 evidence id、最新備份狀態、freshness SLO、隔離 restore target、依賴圖、資料分級、remote delete guard、retention runway、restore observer / stop condition、restore drill plan、maintenance window、rollback owner 與 validation plan驗收前 backup run、restore drill、offsite sync、remote delete、escrow marker write、retention change 全部維持 `0 / false`
9. P1把 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse owner request draft 接入 AwoooP 只讀狀態;驗收前 reload、receiver route change、silence change、Telegram send 與 alert chain smoke 全部維持 `0 / false`
10. P1補 Kali 112、111、168 維護窗口 owner 欄位,仍不做 upgrade / restart / scan。
11. P2持續精簡 `/zh-TW/iwooos` 配置控管摘要但不得顯示內部工作對話、token、secret 或可執行按鈕。
## 8. 邊界
本清冊完成不代表 Nginx reload、DNS 修改、TLS renew、ArgoCD sync、kubectl、SSH 主機修改、workflow 修改、runner 啟用、secret rotation、backup run、restore drill、offsite sync、remote delete、restic prune、escrow marker write、Velero restore、active scan、agent-bounty runtime、payout、withdrawal、deploy 或任何 runtime execution 已授權。