708 lines
34 KiB
JSON
708 lines
34 KiB
JSON
{
|
||
"coverage_categories": [
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "nginx_public_gateway",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 90,
|
||
"coverage_status": "emergency_change_backfill_ready_needs_owner_live_diff",
|
||
"current_gap": "已固定 owner response acceptance、手動 / 緊急 gateway 變更回補欄位與 rendered diff evidence acceptance 只讀帳本;owner response、live conf、rendered diff evidence、nginx -t evidence、route smoke evidence、maintenance window 與 rollback owner 仍全部為 0。",
|
||
"evidence_refs": [
|
||
"docs/security/NGINX-CONFIG-DRIFT-DETECTOR.md",
|
||
"docs/security/nginx-config-drift-repo.snapshot.json",
|
||
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
|
||
"docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md",
|
||
"docs/security/public-gateway-preflight-inventory.snapshot.json",
|
||
"docs/security/PUBLIC-GATEWAY-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/public-gateway-owner-response-acceptance.snapshot.json",
|
||
"docs/security/PUBLIC-GATEWAY-RENDERED-DIFF-ACCEPTANCE.md",
|
||
"docs/security/public-gateway-rendered-diff-acceptance.snapshot.json",
|
||
"docs/schemas/public_gateway_preflight_inventory_v1.schema.json"
|
||
],
|
||
"label": "Nginx / reverse proxy / public route",
|
||
"next_owner_action": "補 public gateway owner 回覆、owner-provided live conf、source-to-live rendered diff ref、nginx -t evidence ref、route smoke evidence ref、change intent / break-glass、route health impact、rollback validation、maintenance window 與 rollback owner。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"infra/ansible/roles/nginx/templates/*.j2",
|
||
"infra/ansible/playbooks/nginx-sync.yml",
|
||
"k8s/nginx/**",
|
||
"ops/nginx/**",
|
||
"docs/runbooks/disaster-recovery/DR-Nginx.md"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "public_gateway_owner_response_required",
|
||
"required_validation": [
|
||
"rendered_diff",
|
||
"nginx_t",
|
||
"affected_route_smoke",
|
||
"admin_route_smoke_if_affected",
|
||
"acme_path_smoke_if_affected",
|
||
"rollback_ref"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "dns_tls_certbot",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 78,
|
||
"coverage_status": "owner_response_acceptance_ledger_ready_needs_certificate_owner_evidence",
|
||
"current_gap": "已固定 4 份 DNS / TLS / certbot owner response acceptance candidate;仍缺 owner response、certificate coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan。",
|
||
"evidence_refs": [
|
||
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
|
||
"docs/security/domain-tls-certbot-inventory.snapshot.json",
|
||
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-CONFIRMATION-REQUEST.md",
|
||
"docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json",
|
||
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
|
||
],
|
||
"label": "DNS / TLS / certbot / certificate path",
|
||
"next_owner_action": "補 SAN / wildcard / 共用憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口、rollback owner 與 validation plan。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"docs/runbooks/REGISTRY-CERTBOT-188.md",
|
||
"docs/runbooks/**/*CERTBOT*.md",
|
||
"docs/runbooks/**/*TLS*.md",
|
||
"scripts/ops/**/*cert*",
|
||
"scripts/ops/**/*tls*",
|
||
"ops/**/*cert*",
|
||
"ops/**/*tls*",
|
||
"infra/**/*cert*",
|
||
"infra/**/*tls*",
|
||
"k8s/**/*tls*"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "domain_tls_owner_response_required",
|
||
"required_validation": [
|
||
"domain_inventory",
|
||
"certificate_path_check",
|
||
"renewal_window",
|
||
"acme_path_smoke",
|
||
"public_https_smoke",
|
||
"rollback_ref"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "k8s_production_gitops",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 64,
|
||
"coverage_status": "change_evidence_acceptance_ready_needs_gitops_owner_evidence",
|
||
"current_gap": "已固定 owner response acceptance 與 GitOps 變更證據驗收只讀帳本;proposed commit、rendered manifest diff、ArgoCD app / sync revision、health before / after、rollout、route smoke、metrics / alert、rollback、maintenance window 與 post-check evidence 仍全部為 0。",
|
||
"evidence_refs": [
|
||
"docs/security/HIGH-VALUE-CONFIG-CHANGE-GATE.md",
|
||
"docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md",
|
||
"docs/security/k8s-argocd-manifest-inventory.snapshot.json",
|
||
"docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/k8s-argocd-owner-response-acceptance.snapshot.json",
|
||
"docs/security/K8S-ARGOCD-CHANGE-EVIDENCE-ACCEPTANCE.md",
|
||
"docs/security/k8s-argocd-change-evidence-acceptance.snapshot.json",
|
||
"k8s/awoooi-prod",
|
||
"k8s/argocd"
|
||
],
|
||
"label": "K8s / ArgoCD / production manifests",
|
||
"next_owner_action": "補 GitOps owner 回覆、proposed commit ref、rendered manifest diff ref、ArgoCD app / sync revision ref、health before / after、rollout、route smoke、metrics / alert、blast radius、rollback revision、maintenance window 與 post-check owner。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"k8s/awoooi-prod/**",
|
||
"k8s/argocd/**",
|
||
"k8s/velero/**",
|
||
"k8s/monitoring/**"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "gitops_owner_response_required",
|
||
"required_validation": [
|
||
"gitops_diff",
|
||
"argocd_health_readback",
|
||
"sync_authorization_check",
|
||
"rollback_revision",
|
||
"post_deploy_health_if_executed"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "secret_metadata",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 68,
|
||
"coverage_status": "secret_injection_change_evidence_acceptance_ready_needs_owner_evidence",
|
||
"current_gap": "已固定 secret name / injection owner 變更證據驗收帳本;secret value、hash、partial token、secret store read、secret rotation、repo secret change 與 injection path change 仍全部為 0。",
|
||
"evidence_refs": [
|
||
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
|
||
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
|
||
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
|
||
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json",
|
||
"docs/security/CD-RUNNER-SECRET-INJECTION-CHANGE-EVIDENCE-ACCEPTANCE.md",
|
||
"docs/security/cd-runner-secret-injection-change-evidence-acceptance.snapshot.json",
|
||
"docs/security/SECRETS_REFERENCE.md"
|
||
],
|
||
"label": "Secret metadata / injection / redaction",
|
||
"next_owner_action": "補 secret name parity ref、injection route owner、rotation owner、guard result ref、rollback owner、post-check evidence 與 redacted evidence refs。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"k8s/**/*secret*",
|
||
"k8s/**/*Secret*",
|
||
".gitea/workflows/*.yml",
|
||
".gitea/workflows/*.yaml",
|
||
".github/workflows/*.yml",
|
||
".github/workflows/*.yaml",
|
||
"docs/runbooks/SECRETS-MANAGEMENT.md",
|
||
"docs/security/SECRETS_REFERENCE.md"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "secret_metadata_owner_response_required",
|
||
"required_validation": [
|
||
"secret_name_parity",
|
||
"metadata_only_check",
|
||
"no_secret_value_check",
|
||
"rotation_owner",
|
||
"injection_readback_if_deployed"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "gitea_workflow_runner_source_control",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 72,
|
||
"coverage_status": "cd_runner_secret_injection_change_evidence_acceptance_ready_needs_owner_evidence",
|
||
"current_gap": "已固定 CD / runner / secret injection 變更證據驗收帳本;workflow diff、runner attestation、secret parity、guard result、deploy marker readback、rollback owner 與 post-check evidence 仍全部為 0。",
|
||
"evidence_refs": [
|
||
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
|
||
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
|
||
"docs/security/CD-RUNNER-SECRET-INJECTION-CHANGE-EVIDENCE-ACCEPTANCE.md",
|
||
"docs/security/cd-runner-secret-injection-change-evidence-acceptance.snapshot.json",
|
||
"docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md"
|
||
],
|
||
"label": "Gitea workflow / runner / deploy key / webhook / branch protection",
|
||
"next_owner_action": "補 workflow diff ref、runner owner attestation、secret name parity ref、Gitea run readback、guard result、maintenance window、rollback owner 與 post-check evidence。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
".gitea/workflows/**",
|
||
".github/workflows/**",
|
||
"ops/runner/**",
|
||
"scripts/setup-runner*.sh",
|
||
"scripts/**/*runner*",
|
||
"docs/security/SOURCE-CONTROL-*",
|
||
"docs/security/GITEA-*",
|
||
"docs/security/GITHUB-*"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "workflow_source_control_owner_response_required",
|
||
"required_validation": [
|
||
"workflow_diff",
|
||
"runner_label_owner",
|
||
"deploy_key_metadata_only",
|
||
"webhook_metadata_only",
|
||
"branch_protection_metadata",
|
||
"no_token_value_check"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "public_admin_api_runtime_config",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 64,
|
||
"coverage_status": "change_evidence_acceptance_ready_needs_runtime_config_owner_evidence",
|
||
"current_gap": "已固定 Public / Admin / API runtime config 變更證據驗收只讀帳本;affected route、admin/auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、webhook owner、desktop/mobile smoke、sensitive string scan、rollback 與 post-check evidence 仍全部為 0。",
|
||
"evidence_refs": [
|
||
"docs/HARD_RULES.md",
|
||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||
"docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md",
|
||
"docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json"
|
||
],
|
||
"label": "Public / admin / API / frontend runtime config",
|
||
"next_owner_action": "補 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook/callback owner、desktop/mobile smoke、sensitive string scan、rollback owner 與 post-check evidence。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"apps/web/next.config.*",
|
||
"apps/web/src/lib/config.*",
|
||
"apps/api/src/core/config.py",
|
||
"apps/api/src/api/v1/monitoring.py",
|
||
"apps/api/src/middleware/**",
|
||
"apps/web/src/middleware.*"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "public_runtime_config_owner_response_required",
|
||
"required_validation": [
|
||
"public_url_check",
|
||
"frontend_internal_ip_ban",
|
||
"cors_boundary_check",
|
||
"admin_auth_boundary_check",
|
||
"desktop_mobile_smoke_if_frontend"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "backup_restore_credential",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 62,
|
||
"coverage_status": "owner_response_acceptance_ledger_ready_needs_restore_drill_owner",
|
||
"current_gap": "已固定 owner response acceptance 只讀帳本;restore drill、offsite sync、credential escrow、retention change、live evidence 與 owner response 仍全部為 0。",
|
||
"evidence_refs": [
|
||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||
"docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md",
|
||
"docs/security/backup-restore-escrow-inventory.snapshot.json",
|
||
"docs/security/BACKUP-RESTORE-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/backup-restore-owner-response-acceptance.snapshot.json",
|
||
"docs/schemas/backup_restore_escrow_inventory_v1.schema.json"
|
||
],
|
||
"label": "Backup / restore / escrow / retention",
|
||
"next_owner_action": "補 restore drill approval package、offsite owner、escrow owner、retention owner、rollback owner、validation plan 與 no-secret-value evidence。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"scripts/backup/**",
|
||
"k8s/velero/**",
|
||
"docs/runbooks/disaster-recovery/**",
|
||
"docs/runbooks/**/*RESTORE*.md",
|
||
"docs/runbooks/**/*BACKUP*.md"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "backup_restore_owner_response_required",
|
||
"required_validation": [
|
||
"credential_absence_check",
|
||
"restore_drill_gate",
|
||
"retention_policy",
|
||
"escrow_owner",
|
||
"rollback_ref"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "agent_bounty_protocol_runtime",
|
||
"control_tier": "C0",
|
||
"coverage_percent": 68,
|
||
"coverage_status": "owner_request_draft_ready_needs_runtime_owner",
|
||
"current_gap": "owner request draft 已固定 11 份草稿;尚未收到 runtime / MCP / A2A / treasury / payout owner response,runtime gate 必須維持 0。",
|
||
"evidence_refs": [
|
||
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
|
||
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
|
||
"docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md",
|
||
"docs/security/agent-bounty-owner-request-draft.snapshot.json",
|
||
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md"
|
||
],
|
||
"label": "agent-bounty-protocol runtime / MCP / A2A / treasury boundary",
|
||
"next_owner_action": "補 repo owner、external agent owner、treasury owner、runtime gate owner、maintenance window、rollback owner 與 validation plan。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
|
||
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
|
||
"docs/schemas/agent_bounty_iwooos_onboarding_handoff_v1.schema.json",
|
||
"agent-bounty-protocol/**"
|
||
],
|
||
"priority": "P0",
|
||
"required_gate": "agent_bounty_owner_response_required",
|
||
"required_validation": [
|
||
"repo_owner_scope",
|
||
"runtime_gate_false",
|
||
"no_payout_or_treasury_execution",
|
||
"no_mcp_a2a_runtime_execution",
|
||
"redacted_evidence_refs_only"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "monitoring_alerting_observability",
|
||
"control_tier": "C1",
|
||
"coverage_percent": 66,
|
||
"coverage_status": "owner_response_acceptance_ledger_ready_needs_live_route_evidence",
|
||
"current_gap": "已固定 60 份 monitoring / alerting / observability owner response acceptance candidate;仍缺 owner response、live config hash、rule diff、receiver diff、reload owner、route smoke、receipt proof、noise budget owner 與 maintenance window。",
|
||
"evidence_refs": [
|
||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||
"docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md",
|
||
"docs/security/monitoring-alerting-observability-inventory.snapshot.json",
|
||
"docs/security/MONITORING-OWNER-REQUEST-DRAFT.md",
|
||
"docs/security/monitoring-owner-request-draft.snapshot.json",
|
||
"docs/security/MONITORING-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/monitoring-owner-response-acceptance.snapshot.json",
|
||
"docs/schemas/monitoring_alerting_observability_inventory_v1.schema.json"
|
||
],
|
||
"label": "Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse",
|
||
"next_owner_action": "補 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / Telegram owner、live drift evidence、reload window、receiver owner、route smoke plan、noise budget、rollback owner 與 no-secret-value evidence。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"ops/monitoring/**",
|
||
"ops/alertmanager/**",
|
||
"ops/grafana/**",
|
||
"ops/signoz/**",
|
||
"ops/sentry-self-hosted/**",
|
||
"infra/langfuse/**",
|
||
"k8s/monitoring/**"
|
||
],
|
||
"priority": "P1",
|
||
"required_gate": "monitoring_observability_owner_response_required",
|
||
"required_validation": [
|
||
"rule_diff",
|
||
"receiver_diff",
|
||
"reload_gate",
|
||
"failure_notification_policy",
|
||
"public_route_smoke_if_affected"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "docker_compose_systemd_host_config",
|
||
"control_tier": "C1",
|
||
"coverage_percent": 54,
|
||
"coverage_status": "owner_response_acceptance_ledger_ready_needs_live_owner_evidence",
|
||
"current_gap": "已固定 9 份 Docker / systemd / host service owner response acceptance candidate;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence。",
|
||
"evidence_refs": [
|
||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
|
||
"docs/security/host-service-config-inventory.snapshot.json",
|
||
"docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md",
|
||
"docs/security/host-service-owner-request-draft.snapshot.json",
|
||
"docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/host-service-owner-response-acceptance.snapshot.json",
|
||
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md"
|
||
],
|
||
"label": "Docker Compose / systemd / host service config",
|
||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、maintenance / restart window、rollback owner、post-check plan 與 disable switch。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"docker-compose*.yml",
|
||
"docker-compose*.yaml",
|
||
"ops/**/docker-compose*.yml",
|
||
"ops/**/docker-compose*.yaml",
|
||
"scripts/reboot-recovery/**",
|
||
"scripts/**/*.service",
|
||
"ops/**/*.service"
|
||
],
|
||
"priority": "P1",
|
||
"required_gate": "host_service_owner_response_required",
|
||
"required_validation": [
|
||
"port_conflict_check",
|
||
"volume_diff",
|
||
"env_name_diff",
|
||
"restart_window",
|
||
"rollback_owner"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "ssh_firewall_network_access",
|
||
"control_tier": "C1",
|
||
"coverage_percent": 62,
|
||
"coverage_status": "incident_change_evidence_acceptance_ready_needs_network_owner_evidence",
|
||
"current_gap": "owner response acceptance 帳本已固定 16 個 SSH / network acceptance candidate,端口 / 防火牆事故型變更證據驗收帳本已固定 14 個 change evidence candidate;仍缺 owner-provided change / incident evidence、actor、before / after state、service health impact、operator notification、cross-project sync、maintenance window、rollback owner 與 post-check evidence。",
|
||
"evidence_refs": [
|
||
"docs/HARD_RULES.md",
|
||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||
"docs/security/SSH-NETWORK-ACCESS-INVENTORY.md",
|
||
"docs/security/ssh-network-access-inventory.snapshot.json",
|
||
"docs/security/SSH-NETWORK-OWNER-REQUEST-DRAFT.md",
|
||
"docs/security/ssh-network-owner-request-draft.snapshot.json",
|
||
"docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md",
|
||
"docs/security/ssh-network-owner-response-acceptance.snapshot.json",
|
||
"docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md",
|
||
"docs/security/port-firewall-change-evidence-acceptance.snapshot.json"
|
||
],
|
||
"label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort",
|
||
"next_owner_action": "補端口 / 防火牆變更的 change / incident ref、actor role / team、affected scope、before / after state、service dependency、customer impact、service health impact、operator notification、cross-project sync、rollback owner 與 post-check 指標。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"infra/ansible/inventory/**",
|
||
"infra/ansible/**/*known_hosts*",
|
||
"infra/ansible/**/*ssh*",
|
||
"scripts/**/*ssh*",
|
||
"scripts/**/*known_hosts*",
|
||
"ops/**/*wireguard*",
|
||
"ops/**/*firewall*",
|
||
"k8s/**/*network*",
|
||
"k8s/**/*Network*"
|
||
],
|
||
"priority": "P1",
|
||
"required_gate": "network_access_owner_response_required",
|
||
"required_validation": [
|
||
"target_whitelist",
|
||
"host_key_policy",
|
||
"ingress_egress_matrix",
|
||
"rollback_owner",
|
||
"maintenance_window"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "ai_provider_model_routing",
|
||
"control_tier": "C1",
|
||
"coverage_percent": 60,
|
||
"coverage_status": "policy_ready_needs_dry_run_pack",
|
||
"current_gap": "模型 / provider / Ollama proxy 切換需 dry-run、benchmark、成本與 privacy review;目前不切 production。",
|
||
"evidence_refs": [
|
||
"docs/HARD_RULES.md",
|
||
"docs/ai"
|
||
],
|
||
"label": "AI provider / model routing / Ollama proxy / cost and privacy",
|
||
"next_owner_action": "補 provider owner、fallback order、cost review、privacy review、benchmark 與 rollback owner。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"apps/api/src/services/ai_providers/**",
|
||
"apps/api/src/services/**/*model*",
|
||
"apps/api/src/services/**/*provider*",
|
||
"infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2",
|
||
"docs/ai/**",
|
||
"docs/**/*Ollama*"
|
||
],
|
||
"priority": "P1",
|
||
"required_gate": "ai_provider_owner_response_required",
|
||
"required_validation": [
|
||
"dry_run",
|
||
"benchmark",
|
||
"cost_review",
|
||
"privacy_review",
|
||
"fallback_order_check"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "product_surface_runtime_routes",
|
||
"control_tier": "C2",
|
||
"coverage_percent": 72,
|
||
"coverage_status": "scope_inventory_ready",
|
||
"current_gap": "跨產品 owner response 尚未 accepted;產品 route / admin / webhook 仍需逐產品補證。",
|
||
"evidence_refs": [
|
||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
|
||
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
|
||
"docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md"
|
||
],
|
||
"label": "AWOOOI / AwoooP / IwoooS / VibeWork / other product runtime routes",
|
||
"next_owner_action": "補 AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol 與公開網站 owner response。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"apps/web/src/app/**",
|
||
"apps/web/messages/*.json",
|
||
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
|
||
"docs/security/vibework-iwooos-onboarding-handoff.snapshot.json"
|
||
],
|
||
"priority": "P2",
|
||
"required_gate": "product_surface_owner_response_required",
|
||
"required_validation": [
|
||
"product_boundary_check",
|
||
"i18n_traditional_chinese_check",
|
||
"no_internal_transcript_check",
|
||
"desktop_mobile_smoke_if_frontend"
|
||
],
|
||
"runtime_gate_open": false
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"category_id": "security_evidence_tooling",
|
||
"control_tier": "C3",
|
||
"coverage_percent": 86,
|
||
"coverage_status": "guard_ready",
|
||
"current_gap": "guard 已可重跑,但尚未接 blocking CI;本階段刻意維持低摩擦。",
|
||
"evidence_refs": [
|
||
"scripts/security/security-mirror-progress-guard.py",
|
||
"scripts/security/high-value-config-change-gate.py",
|
||
"scripts/security/high-value-config-owner-packet.py",
|
||
"docs/security/high-value-config-change-gate.snapshot.json"
|
||
],
|
||
"label": "Security evidence / snapshot / guard tooling",
|
||
"next_owner_action": "維持 guard / doc secret sanity;若要 CI blocking 需另開人工批准與 rollout plan。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"owner_response_required": true,
|
||
"patterns": [
|
||
"docs/security/**",
|
||
"docs/schemas/**",
|
||
"scripts/security/**",
|
||
"docs/LOGBOOK.md"
|
||
],
|
||
"priority": "P3",
|
||
"required_gate": "security_evidence_owner_review_required",
|
||
"required_validation": [
|
||
"snapshot_parse",
|
||
"guard_smoke",
|
||
"doc_secret_sanity",
|
||
"no_runtime_gate_increase"
|
||
],
|
||
"runtime_gate_open": false
|
||
}
|
||
],
|
||
"execution_boundaries": {
|
||
"acme_challenge_change_authorized": false,
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"admin_route_change_authorized": false,
|
||
"agent_bounty_runtime_authorized": false,
|
||
"alert_chain_smoke_authorized": false,
|
||
"alertmanager_reload_authorized": false,
|
||
"api_contract_change_authorized": false,
|
||
"api_route_change_authorized": false,
|
||
"argocd_api_read_authorized": false,
|
||
"argocd_sync_authorized": false,
|
||
"backup_run_authorized": false,
|
||
"callback_url_change_authorized": false,
|
||
"certbot_renew_authorized": false,
|
||
"cookie_policy_change_authorized": false,
|
||
"cors_change_authorized": false,
|
||
"credential_escrow_marker_write_authorized": false,
|
||
"csrf_disable_authorized": false,
|
||
"database_migration_authorized": false,
|
||
"desktop_mobile_smoke_authorized": false,
|
||
"dns_tls_change_authorized": false,
|
||
"exporter_deploy_authorized": false,
|
||
"force_push_authorized": false,
|
||
"frontend_env_change_authorized": false,
|
||
"grafana_dashboard_apply_authorized": false,
|
||
"helm_upgrade_authorized": false,
|
||
"host_live_conf_read_authorized": false,
|
||
"host_write_authorized": false,
|
||
"i18n_public_text_internal_identity_allowed": false,
|
||
"internal_ip_exposure_allowed": false,
|
||
"internal_status_code_exposure_allowed": false,
|
||
"internal_transcript_exposure_allowed": false,
|
||
"kubectl_action_authorized": false,
|
||
"langfuse_config_change_authorized": false,
|
||
"live_alert_fire_authorized": false,
|
||
"middleware_auth_change_authorized": false,
|
||
"network_policy_apply_authorized": false,
|
||
"nginx_reload_authorized": false,
|
||
"nginx_test_authorized": false,
|
||
"nodeport_change_authorized": false,
|
||
"notification_route_change_authorized": false,
|
||
"offsite_remote_delete_authorized": false,
|
||
"offsite_sync_authorized": false,
|
||
"otel_collector_reload_authorized": false,
|
||
"owner_namespace_exposure_allowed": false,
|
||
"payout_or_withdrawal_authorized": false,
|
||
"prometheus_reload_authorized": false,
|
||
"public_gateway_reload_authorized": false,
|
||
"public_route_change_authorized": false,
|
||
"rate_limit_disable_authorized": false,
|
||
"raw_payload_storage_allowed": false,
|
||
"rbac_change_authorized": false,
|
||
"rclone_config_authorized": false,
|
||
"receiver_route_change_authorized": false,
|
||
"refs_sync_authorized": false,
|
||
"remote_write_change_authorized": false,
|
||
"repo_namespace_exposure_allowed": false,
|
||
"restic_prune_authorized": false,
|
||
"restore_drill_authorized": false,
|
||
"restore_run_authorized": false,
|
||
"retention_change_authorized": false,
|
||
"rollback_executed": false,
|
||
"route_smoke_authorized": false,
|
||
"runner_change_authorized": false,
|
||
"runtime_config_change_authorized": false,
|
||
"runtime_execution_authorized": false,
|
||
"secret_value_collection_allowed": false,
|
||
"security_header_change_authorized": false,
|
||
"sentry_deploy_authorized": false,
|
||
"signoz_rule_apply_authorized": false,
|
||
"silence_policy_change_authorized": false,
|
||
"telegram_send_authorized": false,
|
||
"velero_restore_authorized": false,
|
||
"webhook_receiver_change_authorized": false,
|
||
"webhook_secret_change_authorized": false,
|
||
"websocket_route_change_authorized": false,
|
||
"workflow_modification_authorized": false
|
||
},
|
||
"generated_at": "2026-06-15T14:12:00+08:00",
|
||
"git_commit": "ed8c1905",
|
||
"lowest_coverage_categories": [
|
||
{
|
||
"category_id": "docker_compose_systemd_host_config",
|
||
"coverage_percent": 54,
|
||
"current_gap": "已固定 9 份 Docker / systemd / host service owner response acceptance candidate;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence。",
|
||
"label": "Docker Compose / systemd / host service config",
|
||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、maintenance / restart window、rollback owner、post-check plan 與 disable switch。"
|
||
},
|
||
{
|
||
"category_id": "ai_provider_model_routing",
|
||
"coverage_percent": 60,
|
||
"current_gap": "模型 / provider / Ollama proxy 切換需 dry-run、benchmark、成本與 privacy review;目前不切 production。",
|
||
"label": "AI provider / model routing / Ollama proxy / cost and privacy",
|
||
"next_owner_action": "補 provider owner、fallback order、cost review、privacy review、benchmark 與 rollback owner。"
|
||
},
|
||
{
|
||
"category_id": "backup_restore_credential",
|
||
"coverage_percent": 62,
|
||
"current_gap": "已固定 owner response acceptance 只讀帳本;restore drill、offsite sync、credential escrow、retention change、live evidence 與 owner response 仍全部為 0。",
|
||
"label": "Backup / restore / escrow / retention",
|
||
"next_owner_action": "補 restore drill approval package、offsite owner、escrow owner、retention owner、rollback owner、validation plan 與 no-secret-value evidence。"
|
||
},
|
||
{
|
||
"category_id": "ssh_firewall_network_access",
|
||
"coverage_percent": 62,
|
||
"current_gap": "owner response acceptance 帳本已固定 16 個 SSH / network acceptance candidate,端口 / 防火牆事故型變更證據驗收帳本已固定 14 個 change evidence candidate;仍缺 owner-provided change / incident evidence、actor、before / after state、service health impact、operator notification、cross-project sync、maintenance window、rollback owner 與 post-check evidence。",
|
||
"label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort",
|
||
"next_owner_action": "補端口 / 防火牆變更的 change / incident ref、actor role / team、affected scope、before / after state、service dependency、customer impact、service health impact、operator notification、cross-project sync、rollback owner 與 post-check 指標。"
|
||
}
|
||
],
|
||
"next_collection_order": [
|
||
"nginx_public_gateway",
|
||
"dns_tls_certbot",
|
||
"k8s_production_gitops",
|
||
"secret_metadata",
|
||
"gitea_workflow_runner_source_control",
|
||
"public_admin_api_runtime_config",
|
||
"agent_bounty_protocol_runtime",
|
||
"docker_compose_systemd_host_config",
|
||
"monitoring_alerting_observability",
|
||
"ssh_firewall_network_access",
|
||
"backup_restore_credential"
|
||
],
|
||
"operator_interpretation": [
|
||
"這是全域配置控管覆蓋矩陣,不是單次 git diff 變更分類。",
|
||
"所有 category 都已有高價值配置 Gate 註冊與 owner response 欄位,但 owner response received / accepted 仍為 0。",
|
||
"C0 / C1 coverage percent 只代表只讀框架成熟度,不代表 runtime 可執行。",
|
||
"缺 live evidence 的項目只能收 owner-provided redacted evidence,不得主動 SSH、reload、scan 或讀 secret value。"
|
||
],
|
||
"schema_version": "high_value_config_control_coverage_v1",
|
||
"source_category_definition": "scripts/security/high-value-config-change-gate.py",
|
||
"status": "coverage_matrix_ready",
|
||
"summary": {
|
||
"action_button_count": 0,
|
||
"average_coverage_percent": 69,
|
||
"c0_category_count": 8,
|
||
"c1_category_count": 4,
|
||
"c2_category_count": 1,
|
||
"c3_category_count": 1,
|
||
"category_count": 14,
|
||
"lowest_coverage_category_count": 4,
|
||
"needs_live_evidence_count": 9,
|
||
"owner_response_accepted_count": 0,
|
||
"owner_response_received_count": 0,
|
||
"owner_response_required_count": 14,
|
||
"registered_control_count": 14,
|
||
"runtime_gate_count": 0
|
||
}
|
||
}
|