wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
5343d4627bc0c765e6045eb0ecdb5b55869fb310
awoooi/docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md
Your Name 33b4608117
All checks were successful
Code Review / ai-code-review (push) Successful in 14s
Details
CD Pipeline / tests (push) Successful in 1m31s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m13s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m2s
Details
fix(iwooos): 新增 ssh network owner acceptance ledger
2026-06-14 21:52:13 +08:00

8.0 KiB
Raw Blame History

IwoooS SSH / Firewall / Network Access Owner Response Acceptance

項目 內容
日期 2026-06-15
狀態 owner_response_acceptance_ledger_ready_no_runtime_action
工具 scripts/security/ssh-network-owner-response-acceptance.py
Snapshot docs/security/ssh-network-owner-response-acceptance.snapshot.json
Source inventory docs/security/ssh-network-access-inventory.snapshot.json
Source owner request docs/security/ssh-network-owner-request-draft.snapshot.json
runtime gate 0

1. 目的

本文件承接 SSH / network access repo-only 清冊與 owner request draft把 16 個 surface 轉成 owner response acceptance 只讀帳本。它定義收到 owner 回覆後必須如何做欄位完整性、脫敏證據、live access state、allowed source CIDR、host key pinning、port impact、firewall owner、NetworkPolicy / NodePort、WireGuard cutover、維護窗口、rollback 與 validation plan 檢查。

這不是 SSH 授權、不是 host keyscan、不是 known_hosts patch、不是 firewall / port change、不是 NetworkPolicy apply、不是 NodePort change、不是 WireGuard cutover也不是 runtime gate。

2. 摘要

指標 目前值 說明
acceptance candidate 16 每個 SSH / network request draft 一份 acceptance candidate
write-capable acceptance candidate 6 CI deploy SSH、monitoring deploy、sudoers、alert action catalog
live evidence required candidate 16 全部都需 owner 提供脫敏 live access evidence
acceptance field 29 acceptance 欄位總數
required owner field 13 owner 必填欄位,沿用 request draft
reviewer check 15 owner、scope、secret、CIDR、host key、port impact、firewall、NetworkPolicy、WireGuard、rollback 檢查
outcome lane 7 waiting、quarantine、reject、supplement、review、ledger-only、runtime gate
blocked action 22 SSH、keyscan、known_hosts、firewall、port、NetworkPolicy、NodePort、WireGuard、sudo、secret、active scan、runtime gate 等
request sent / recipient confirmed 0 / 0 尚未送件
owner response received / accepted 0 / 0 尚未收到或驗收
live evidence received 0 不 SSH、不 keyscan、不讀 live firewall
runtime gate / action button 0 / 0 不提供操作入口

3. Acceptance Candidate 範圍

Candidate 類型 範圍 驗收焦點
ssh_network_owner_response_acceptance:ansible_inventory_ssh_targets SSH target inventory 110_111_112_120_121_188 host owner、pinned known_hosts、ProxyJump、key owner
ssh_network_owner_response_acceptance:ansible_common_ssh_args SSH client policy multi_host accept-new 是否只限 bootstrap
ssh_network_owner_response_acceptance:gitea_cd_known_hosts_secret known_hosts workflow 110_120_121_188_known_hosts known_hosts secret metadata、缺 120 處置、key rotation owner
ssh_network_owner_response_acceptance:gitea_cd_deploy_ssh CI deploy SSH k8s_ssh_host deploy SSH host owner、rollback、break-glass
ssh_network_owner_response_acceptance:gitea_cd_dev_ssh CI deploy SSH 192.168.0.120 dev/prod 邊界、deploy key scope、host key policy
ssh_network_owner_response_acceptance:deploy_alerts_ssh_path CI deploy SSH 192.168.0.110 alert deploy owner、known_hosts pinning、通知路徑
ssh_network_owner_response_acceptance:monitoring_discover_docker_ssh SSH discovery script 110_188_docker_hosts read-only window、輸出脫敏、失敗處置
ssh_network_owner_response_acceptance:monitoring_exporter_deploy_ssh monitoring SSH deploy 192.168.0.188 exporter deploy owner、maintenance window、post-check
ssh_network_owner_response_acceptance:backup_config_ssh_capture SSH backup capture 110_188_120_121_cluster backup execution owner、secret redaction、restore validation
ssh_network_owner_response_acceptance:host_ops_sudoers_wrapper sudoers policy host_ops_minimal_sudo live sudoers hash、visudo validation、forbidden command proof
ssh_network_owner_response_acceptance:k8s_prod_network_policy K8s NetworkPolicy awoooi_prod_namespace ingress / egress owner、live policy diff、route smoke
ssh_network_owner_response_acceptance:argocd_metrics_network_policy K8s NetworkPolicy argocd_namespace Prometheus scrape owner、NodePort exposure owner
ssh_network_owner_response_acceptance:argocd_metrics_nodeport K8s NodePort argocd_nodeport_30882_30883 NodePort exposure owner、firewall owner、source whitelist
ssh_network_owner_response_acceptance:velero_metrics_nodeport K8s NodePort velero_nodeport_30885 backup metrics exposure、firewall owner
ssh_network_owner_response_acceptance:wireguard_mesh_runbook WireGuard runbook 110_111_120_121_gcp_a_gcp_b WireGuard owner、firewall rule owner、canary / rollback
ssh_network_owner_response_acceptance:alert_rules_ssh_actions alert SSH action rules ssh_mcp_action_catalog action owner、read/write/admin 分級、cooldown、post-check

4. Reviewer Checks

  1. owner_identity_present
  2. decision_reason_present
  3. affected_scope_matches_surface
  4. redacted_refs_only
  5. secret_or_key_value_absent
  6. live_access_state_metadata_only
  7. allowed_source_cidr_metadata_only
  8. host_key_pinning_shape
  9. port_impact_review
  10. firewall_owner_present
  11. network_policy_nodeport_review
  12. wireguard_cutover_separate_gate
  13. maintenance_window_present
  14. rollback_validation_present
  15. counts_transition_safe

5. Outcome Lanes

Lane 說明
waiting_owner_response 尚未收到 owner response所有 accepted / runtime count 維持 0
quarantine_raw_payload 收到 raw firewall dump、SSH key、private key、token 或不可保存內容時只能隔離
reject_secret_or_key_value 出現 secret value、key material、credential derivative 或未脫敏 payload 時直接拒收
request_supplement 欄位不足、scope 不清、CIDR / owner / rollback / validation 缺失時要求補件
ready_for_network_review metadata 合格後,只能進 network / firewall reviewer review
owner_review_only_update 只允許更新只讀 owner review ledger不得改 port、firewall、known_hosts 或 policy
waiting_runtime_gate 即使 owner response acceptedruntime gate 仍等待獨立人工批准

6. 禁止動作

  1. ssh_read
  2. ssh_write
  3. host_keyscan
  4. known_hosts_patch
  5. firewall_change
  6. port_close
  7. port_open
  8. network_policy_apply
  9. nodeport_change
  10. wireguard_change
  11. sudo_action
  12. deploy_ssh_action
  13. secret_value_collection
  14. ssh_key_collection
  15. active_scan
  16. runtime_gate_open
  17. live_firewall_read
  18. live_sudoers_read
  19. raw_key_material_storage
  20. raw_firewall_dump_storage
  21. mark_owner_response_accepted_without_reviewer_record
  22. add_action_button

7. 指令

產生 committed snapshot

python3 scripts/security/ssh-network-owner-response-acceptance.py \
  --root . \
  --inventory-report docs/security/ssh-network-access-inventory.snapshot.json \
  --owner-request-report docs/security/ssh-network-owner-request-draft.snapshot.json \
  --output docs/security/ssh-network-owner-response-acceptance.snapshot.json \
  --generated-at 2026-06-15T01:18:00+08:00

驗證 guard

python3 scripts/security/security-mirror-progress-guard.py --root .

8. 完成度

工作 完成度 說明
owner response acceptance ledger artifact 100% 16 份 acceptance candidate、snapshot、文件與 guard 已固定
request dispatch 0% 尚未送件
owner response received / accepted 0% 尚未收到,尚未驗收
live evidence collection 0% 未 SSH、未 keyscan、未讀 live firewall
SSH / firewall / NetworkPolicy / NodePort / WireGuard gate 0% 未授權且未執行
runtime gate / production write 0% 未授權且未執行
Reference in New Issue View Git Blame Copy Permalink