wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
f2ffbf2ffa3a1bfaf76648e9548b85df96c1fd84
awoooi/apps/web/messages/en.json

8036 lines
410 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"metadata": {
"title": "AWOOOI - Zero-Touch Ops. Human-Centric Decisions.",
"description": "AI-Powered Intelligent Operations Platform"
},
"common": {
"loading": "Loading...",
"error": "An error occurred",
"success": "Success",
"cancel": "Cancel",
"confirm": "Confirm",
"close": "Close",
"closeEsc": "Close (ESC)",
"previous": "Previous (←)",
"next": "Next (→)",
"save": "Save",
"delete": "Delete",
"edit": "Edit",
"back": "Back",
"clear": "Clear",
"refresh": "Refresh",
"viewDetails": "View Details",
"later": "Later",
"keyboardShortcuts": "Keyboard Shortcuts",
"showShortcuts": "Show Shortcuts"
},
"brand": {
"name": "AWOOOI",
"slogan": "Zero-Touch Ops. Human-Centric Decisions.",
"sloganAlt": "零干預維運,以人為本的決策。",
"tagline": "AI-Powered Intelligent Operations Platform",
"aiTagline": "AI Sees. AI Acts. You Approve.",
"version": "v1.0.0",
"environment": "Production"
},
"nav": {
"home": "Home",
"dashboard": "Dashboard",
"approvals": "Approvals",
"errors": "Error Tracking",
"actions": "Action Log",
"knowledge": "Knowledge Base",
"settings": "Settings",
"alerts": "Alerts",
"monitoring": "Monitoring",
"apm": "APM",
"topology": "Topology",
"security": "安全",
"compliance": "合規",
"autoRepair": "Auto Repair",
"deployments": "Deployments",
"tickets": "Tickets",
"cost": "Cost",
"reports": "Reports",
"terminal": "Terminal",
"apps": "Apps",
"services": "Services",
"users": "Users",
"notifications": "Notifications",
"billing": "Billing",
"help": "Help",
"drift": "Drift Detection",
"neuralCommand": "Neural Command",
"commandCenter": "Command Center",
"observability": "Observability",
"automation": "Automation",
"operations": "Operations",
"securityCompliance": "安全合規",
"classicAICenter": "Classic AI Center",
"governance": "AI Governance",
"awooop": "AwoooP",
"iwooos": "IwoooS"
},
"locale": {
"switch": "Switch Language",
"zhTW": "繁體中文",
"en": "EN"
},
"demo": {
"title": "AWOOOI Demo",
"subtitle": "Visual Acceptance Test",
"mockMode": "MOCK MODE",
"spikeControls": "CPU Spike Demo Controls",
"spikeActive": "SPIKE ACTIVE",
"triggerSpike": "Spike {host}",
"clearSpike": "Clear Spike",
"liveDashboard": "Live Dashboard (SSE)",
"approvalCards": "HITL Approval Cards (CPO-107)",
"statusShowcase": "StatusOrb Showcase",
"lowRiskDemo": "LOW RISK - 1 second hold",
"highRiskDemo": "HIGH RISK - 1 second hold",
"criticalDemo": "CRITICAL + DESTRUCTIVE - 2 second hold + red glow",
"hitlRealApi": "HITL Multi-Sig (Real API)",
"addCritical": "+ Critical",
"addMedium": "+ Medium",
"creating": "Creating..."
},
"host": {
"devops": {
"name": "DevOps Vault",
"shortName": "DevOps"
},
"security": {
"name": "Kali Security Center",
"shortName": "Kali"
},
"k3s": {
"name": "K3s Master Node",
"shortName": "K3s"
},
"aiWeb": {
"name": "AI+Web Center",
"shortName": "AI+Web"
}
},
"dashboard": {
"title": "AI Center",
"subtitle": "AI-Powered Unified Operations View",
"liveStats": "Live Stats",
"activeNodes": "Active Nodes",
"pendingAlerts": "Pending Alerts",
"pendingApprovals": "Pending Approvals",
"overallStatus": "Overall Status",
"waitingData": "Waiting for data...",
"cpu": "CPU",
"memory": "MEM",
"baseline": "Baseline",
"baselineFormat": "(Baseline: {value}%)",
"criticality": "Criticality",
"systemStatus": "System Status",
"eventStream": "Event Stream",
"aiAgent": "AI Agent",
"globalPulse": "Global Pulse",
"liveUpdates": "Live Updates",
"loadingMetrics": "Loading metrics...",
"metricsError": "Failed to load metrics",
"flow": {
"alert": "Alert",
"detection": "AI Detection",
"analysis": "AI Analysis",
"proposal": "Proposal",
"approval": "Awaiting Auth",
"execution": "Execution",
"resolved": "Resolved"
},
"activeIncidents": "Active Incidents",
"serviceHealth": "Service Health",
"todayIncidents": "Today Incidents",
"autoRemediationRate": "Auto Remediation",
"mttrAvg": "MTTR Avg",
"stable": "Stable",
"normal": "Normal",
"openclawEngine": "OPENCLAW COGNITIVE ENGINE",
"infrastructure": "INFRASTRUCTURE",
"podHealth": "POD Health",
"allRunning": "All Running",
"servicesUp": "Services Up",
"monitoringTools": "Monitoring Tools",
"monitoringStatus": {
"up": "OK",
"down": "Down",
"unknown": "Unknown",
"firing": "firing",
"alert": "alerts"
},
"connectionError": "Connection failed",
"metaVersion": "Version",
"metaStats": "Stats",
"metaUpdatedAt": "Updated",
"tabs": {
"overview": "Overview",
"alerts": "Alerts & Approvals",
"stream": "Activity Stream",
"disposition": "Disposition Stats"
},
"alertEvents": "Alert Events",
"noActiveAlerts": "No active alerts",
"pendingApprovalsTitle": "Pending Approvals",
"noPendingApprovals": "No pending approvals",
"approve": "Approve",
"reject": "Reject",
"activityStream": "System Activity Stream",
"sseConnected": "SSE Connected",
"sseDisconnected": "Disconnected",
"waitingEvents": "Waiting for events...",
"statusLabel": "Status",
"hostsLabel": "Hosts",
"eventsCount": "{count} events",
"noDispositionData": "No disposition data available",
"totalDispositions": "Total Dispositions",
"autoRate": "Automation Rate",
"humanRate": "Human Intervention Rate",
"autoRepairLabel": "Auto Repair",
"humanApprovedLabel": "Human Approved",
"manualResolvedLabel": "Manual Resolved",
"coldStartLabel": "Cold Start",
"dispositionBreakdown": "Disposition Breakdown",
"hostView": "Hosts",
"topoView": "Topology",
"waitingHostData": "Waiting for host data...",
"dashboardConnecting": "Dashboard API connecting...",
"alertBadge": "{count} alerts",
"alertBadgeZero": "0 alerts",
"awaitingConfirm": "Awaiting Confirmation",
"viewAllAlerts": "View All Alerts",
"viewAllAuth": "View All Authorizations",
"viewAllReport": "View Full Report",
"aiModelStatus": "AI Model Status",
"loading": "Loading...",
"trendUp": "↑{pct}%",
"searchPlaceholderShort": "Search...",
"cotTitle": "Reasoning Timeline",
"cotNoEvents": "Waiting for reasoning data...",
"cotReasoning": "Reasoning",
"cotConfidence": "Confidence",
"cotProvider": "Model",
"cotLatency": "Latency",
"cotTools": "Tool Calls",
"cotClickHint": "Click an event to view reasoning details",
"byAnomalyTitle": "Anomaly Type Distribution Top 5",
"byAnomalyAutoRate": "Auto {pct}%",
"mttrTitle": "MTTR Overview",
"mttrUnit": "min",
"mttrNoData": "No MTTR data yet"
},
"openclaw": {
"name": "OpenClaw",
"monitoring": "Monitoring",
"statusOk": "OK",
"statusWarning": "WARNING",
"messageOk": "All systems operational. No action required.",
"messageWarning": "{host} status abnormal. Recommend checking related services."
},
"ai": {
"title": "AI Decision Engine",
"intercepting": "[SYS] Intercepting anomaly signals...",
"analyzing": "OpenClaw analyzing blast radius...",
"calculating": "Calculating risk matrix & approval threshold...",
"generating": "Generating remediation script...",
"complete": "Analysis complete. Approval card created.",
"processingAlert": "Processing alert...",
"analysisComplete": "Analysis complete",
"patrolling": "Patrolling...",
"standby": "STANDBY",
"processFlow": "AI Decision Flow",
"processing": "Processing"
},
"agent": {
"title": "AI Agent",
"state": "State",
"idle": "Idle",
"standby": "Standby",
"patrolling": "Patrolling",
"intercepting": "Intercepting",
"analyzing": "Analyzing",
"generating": "Generating",
"complete": "Complete",
"executing": "Executing",
"waitingApproval": "Awaiting Approval",
"error": "Error",
"lastCheck": "Last check"
},
"metrics": {
"title": "Global Pulse",
"realtime": "Real-time",
"rps": "Requests/sec",
"errorRate": "Error Rate",
"p99Latency": "P99 Latency",
"aiSuccess": "AI Success"
},
"connection": {
"disconnected": "Disconnected",
"connecting": "Connecting...",
"subscribing": "Subscribing...",
"connected": "Live",
"streaming": "Streaming",
"reconnecting": "Reconnecting...",
"error": "Connection Error",
"mockMode": "MOCK"
},
"terminal": {
"title": "AWOOOI Terminal",
"version": "Version",
"waiting": "> Waiting for command...",
"initiate": "INITIATE SYNC",
"executing": ">_ EXECUTING...",
"events": "{count} events",
"stream": "STREAM: /agent/thinking",
"waitingForData": "Waiting for decision chain data...",
"steps": "Steps",
"streaming": "Streaming",
"paused": "Paused",
"blastRadius": "[ BLAST RADIUS ]",
"rootCauseChain": "[ ROOT CAUSE CHAIN ]",
"upstreamImpact": "[ UPSTREAM IMPACT ]",
"downstreamDependencies": "[ DOWNSTREAM DEPENDENCIES ]",
"dependsOn": "depends on",
"calls": "calls",
"finopsAnalysis": "[ FINOPS ANALYSIS ]",
"wastedPerMonth": "Wasted/mo",
"realizable": "Realizable",
"freed": "Freed",
"connecting": "Connecting...",
"connected": "Connected",
"streamComplete": "Stream complete",
"streamAborted": "Stream aborted",
"stop": "STOP",
"clear": "CLEAR"
},
"omniTerminal": {
"title": "OMNI-TERMINAL",
"fullTitle": "AWOOOI // OMNI-TERMINAL",
"shortcut": "⌘J",
"open": "Open Terminal",
"close": "Close Terminal",
"inputPlaceholder": "Enter command...",
"inputPlaceholderFull": "Enter command or ask AI... (e.g., /approval list)",
"sseLive": "SSE Live",
"offline": "Offline",
"system": "[SYS]",
"agent": "[AI]",
"user": "$",
"unknownComponent": "Unknown Component",
"executing": "Executing",
"completed": "Completed",
"failed": "Failed"
},
"nuclearKey": {
"authorize": "Authorize Execution",
"authorized": "Authorized",
"authorizing": "Authorizing...",
"holdToAuthorize": "Hold to authorize...",
"holdHintMobile": "Press and hold to authorize",
"holdHintDesktop": "Hold Y key or click and hold to authorize",
"keepHolding": "Keep holding to authorize...",
"highBlastRadius": "This action has a HIGH blast radius",
"executionAuthorized": "Execution Authorized & Completed",
"executionFailed": "Execution Failed",
"riskLevel": {
"low": "LOW",
"medium": "MEDIUM",
"high": "HIGH",
"critical": "CRITICAL"
}
},
"incident": {
"title": "Incident Management",
"activeIncidents": "Active Incidents",
"noActiveIncidents": "No active incidents",
"systemStable": "System Stable",
"activeAlerts": "active alerts",
"signals": "signals",
"proposals": "proposals",
"affectedServices": "Affected Services",
"emptyState": "No active incidents",
"emptyStateDescription": "All systems operational",
"status": {
"investigating": "Investigating",
"mitigating": "Mitigating",
"resolved": "Resolved",
"closed": "Closed"
},
"severity": {
"P0": "P0 (Critical)",
"P1": "P1 (High)",
"P2": "P2 (Warning)",
"P3": "P3 (Info)"
},
"generateProposal": "Generate Proposal",
"viewDetails": "View Details",
"card": {
"executing": "Executing...",
"approved": "[ APPROVED ]",
"rejected": "[ REJECTED ]",
"error": "Error",
"timeout": "Timeout",
"retry": "Retry",
"timeoutMessage": "Execution timeout, please check API logs",
"checkApiLogs": "Please check API logs",
"analyzing": "Brain analyzing...",
"waitingDecision": "Waiting for decision",
"authorizeExecution": "Authorize execution",
"rejectProposal": "Reject proposal",
"aiExecuting": ">_ AI Executing (Tier 1)",
"brainAnalyzing": ">_ Brain analyzing...",
"decisionReady": ">_ Decision ready (Tier {tier})",
"waitingCommander": ">_ Awaiting commander approval (Tier {tier})",
"suggestedAction": "> Suggested action:",
"authorize": "Authorize",
"reject": "Reject",
"anomaly": "anomaly",
"affectedServices": "Affected Services",
"signalCount": "Signals",
"statusLabel": "Status",
"aiProposal": "AI Proposal",
"processingTimeline": "Processing Timeline",
"timelineLoading": "Loading processing timeline...",
"timelineEvents": "Event Details",
"timelineSource": "Source",
"timelineRoute": "MCP",
"timelineWrites": "Writes"
}
},
"status": {
"idle": "Idle",
"thinking": "Thinking",
"syncing": "Syncing",
"executing": "Executing",
"waitingApproval": "Waiting Approval",
"error": "Error",
"healthy": "Healthy",
"warning": "Warning",
"critical": "Critical",
"degraded": "Degraded",
"unhealthy": "Unhealthy"
},
"approval": {
"title": "Approval Request",
"card": "Approval Card",
"approve": "APPROVE",
"reject": "REJECT",
"holdToApprove": "HOLD TO APPROVE",
"holdToConfirm": "HOLD TO CONFIRM",
"holdToSign": "HOLD TO SIGN",
"confirming": "CONFIRMING...",
"signing": "SIGNING...",
"needMore": "NEED {count} MORE",
"confirmDestructive": "CONFIRM DESTRUCTIVE",
"approveDestructive": "APPROVE (DESTRUCTIVE)",
"pendingApprovals": "Pending Approvals",
"riskLevel": "Risk Level",
"signatures": "SIGNATURES",
"requiredSignatures": "Required Signatures",
"currentSignatures": "Current Signatures",
"requestedBy": "Requested by",
"expiresAt": "Expires At",
"holdHint": "Hold button for {seconds}s to {action}",
"actionApprove": "approve",
"actionConfirm": "confirm destructive action",
"actionSign": "sign",
"waitingSecondSig": "Waiting for second approver",
"signedBy": "Signed by {name}",
"signedAt": "at {time}",
"signSuccess": "Signed successfully",
"executionTriggered": "Execution triggered",
"rejectSuccess": "Rejected",
"rejectReason": "Rejection reason",
"enterReason": "Enter rejection reason...",
"signComment": "Sign comment (optional)",
"enterComment": "Enter comment...",
"noApprovals": "No pending approvals",
"fetchError": "Failed to fetch approvals",
"noPendingApprovals": "No pending approvals",
"selectApproval": "Select an approval to view details",
"backToList": "Back to list",
"previousApproval": "Previous",
"nextApproval": "Next",
"holdToApproveHint": "Hold button to approve or reject",
"swipeHint": "Swipe left for details, swipe right to go back",
"holdYToApprove": "Hold Y to approve (2s)",
"pressNToReject": "Press N to reject",
"justNow": "just now",
"minutesAgo": "{count}m ago",
"hoursAgo": "{count}h ago",
"daysAgo": "{count}d ago",
"batch": {
"title": "Batch Mode",
"bulkApprove": "Accept All",
"sequential": "Review One by One",
"criticalOnly": "CRITICAL Only",
"eligible": "eligible",
"items": "items",
"securityNote": "CRITICAL risk and DESTRUCTIVE data impact items require individual review."
}
},
"risk": {
"low": "LOW RISK",
"medium": "MEDIUM RISK",
"high": "HIGH RISK",
"critical": "CRITICAL"
},
"dryRun": {
"title": "Dry-Run",
"validation": "DRY-RUN VALIDATION",
"passed": "Passed",
"failed": "Failed",
"checks": "Checks",
"rbac": "RBAC Check",
"syntax": "Syntax Check",
"resource": "Resource Check",
"replicaCount": "Replica Count",
"backupAvailable": "Backup Available",
"clusterAdmin": "cluster-admin",
"dbAdmin": "db-admin",
"deploymentAdmin": "deployment-admin",
"noRecentBackup": "No recent backup!",
"ok": "OK"
},
"blastRadius": {
"title": "BLAST RADIUS",
"affectedPods": "AFFECTED PODS",
"estimatedDowntime": "EST. DOWNTIME",
"relatedServices": "RELATED SERVICES",
"dataImpact": "DATA IMPACT",
"none": "NONE",
"readOnly": "READ ONLY",
"write": "WRITE",
"destructive": "DESTRUCTIVE"
},
"graphRag": {
"title": "Topology Analysis",
"blastRadius": "Blast Radius",
"rootCause": "Root Cause",
"upstreamImpact": "Upstream Impact",
"downstreamChain": "Downstream Chain",
"dependsOn": "depends on",
"calls": "calls",
"affectedCount": "Affected Count",
"probableRootCauses": "Probable Root Causes"
},
"finops": {
"title": "Cost Analysis",
"totalWasted": "Monthly Waste",
"realizableSavings": "Realizable Savings",
"freedResources": "Freed Resources",
"annualProjection": "Annual Projection",
"topActions": "Top Actions",
"orphanedPvc": "Orphaned PVC",
"zombiePod": "Zombie Pod",
"overProvisioned": "Over-provisioned"
},
"trustEngine": {
"title": "Trust Engine",
"trustScore": "Trust Score",
"progressive": "Progressive Autonomy",
"approved": "Approved",
"rejected": "Rejected",
"neverDowngrade": "Never Downgrade"
},
"multiSig": {
"title": "Multi-Sig",
"signature": "Signature",
"signedBy": "Signed By",
"signedAt": "Signed At",
"voided": "Voided",
"toctouWarning": "State Changed Warning"
},
"privacy": {
"title": "Privacy Shield",
"redacted": "Redacted",
"piiDetected": "PII Detected"
},
"mockData": {
"deletePod": "Delete Pod: nginx-frontend-7d4b8c9f5-xk2m3",
"deletePodDesc": "Clean up unresponsive frontend Pod, ReplicaSet will auto-rebuild",
"dropTable": "DROP TABLE: user_sessions",
"dropTableDesc": "Clear all user sessions, will force logout all users",
"scaleDeployment": "Scale Deployment: api-backend",
"scaleDeploymentDesc": "Scale from 3 to 5 replicas for increased traffic",
"testActions": {
"lowAction": "Scale deployment api-backend to 5 replicas",
"lowDesc": "Increase backend replicas to handle traffic growth",
"mediumAction": "kubectl delete pod nginx-ingress-7d6f8c9b5-abc12",
"mediumDesc": "Clean up unresponsive frontend Pod, ReplicaSet will auto-rebuild",
"criticalAction": "DROP TABLE user_sessions",
"criticalDesc": "Clear all user sessions to force re-login. This will affect all online users."
}
},
"actionLog": {
"title": "Action Log",
"subtitle": "K8s Operation Execution Audit Trail",
"noLogs": "No execution records",
"loading": "Loading...",
"fetchError": "Failed to fetch audit logs",
"columns": {
"time": "Execution Time",
"operation": "Operation Type",
"target": "Target Resource",
"namespace": "Namespace",
"status": "Status",
"duration": "Duration",
"executor": "Executor"
},
"operations": {
"DELETE_POD": "Delete Pod",
"RESTART_DEPLOYMENT": "Restart Deployment",
"SCALE_DEPLOYMENT": "Scale Deployment"
},
"status": {
"success": "Success",
"failure": "Failure"
},
"stats": {
"title": "Statistics",
"total": "Total Executions",
"successRate": "Success Rate",
"avgDuration": "Avg Duration",
"last24h": "Last 24 Hours"
},
"dryRun": {
"passed": "Dry-Run Passed",
"failed": "Dry-Run Failed"
},
"pagination": {
"page": "Page {current} of {total}",
"prev": "Previous",
"next": "Next"
}
},
"placeholder": {
"underConstruction": "Under Construction",
"authorizations": "[ AUTHORIZATIONS MODULE UNDER CONSTRUCTION ]",
"knowledgeBase": "[ KNOWLEDGE BASE MODULE UNDER CONSTRUCTION ]",
"settings": "[ SETTINGS MODULE UNDER CONSTRUCTION ]"
},
"footer": {
"copyright": "© 2026 岑洋國際行銷有限公司",
"poweredBy": "Powered by leWOOOgo Engine"
},
"errorBoundary": {
"systemFailure": "[SYSTEM FAILURE]",
"criticalError": "Critical UI rendering error detected. Auto-healing attempts exhausted.",
"escalating": "Escalating to OpenClaw AIOps Agent...",
"forceRestart": "FORCE MANUAL RESTART",
"detectingAnomaly": "[ DETECTING ANOMALY ]",
"autoHealingAttempt": "Initiating Auto-Healing Protocol (Attempt {attempt}/3)"
},
"errors": {
"title": "Error Tracking",
"subtitle": "Sentry Error Tracking + OpenClaw AI Analysis",
"overview": "Error Overview",
"recentIssues": "Recent Issues",
"errorTrend": "Error Trend",
"noData": "No error data",
"noIssues": "No issues at the moment",
"noTrendData": "No trend data",
"unresolvedIssues": "Unresolved Issues",
"errors24h": "Errors (24h)",
"criticalErrors": "Critical Errors",
"totalIssues": "Total Issues",
"totalErrors": "Total Errors ({period})",
"projects": "Projects",
"aiAnalyze": "AI Analyze",
"aiAnalysis": "AI Analysis Result",
"analyzing": "Analyzing...",
"rootCause": "Root Cause",
"fixSummary": "Fix Recommendation",
"category": "Category",
"confidence": "Confidence",
"loading": "Loading...",
"refresh": "Refresh",
"sentryDashboard": "Sentry Dashboard",
"footerInfo": "Data from Sentry Self-Hosted | AI Analysis: OpenClaw | Auto-refresh: 60s",
"timeAgo": {
"minutes": "{count}m ago",
"hours": "{count}h ago",
"days": "{count}d ago"
},
"uxAudit": {
"title": "UX Audit",
"noData": "No Session Replay data",
"replaysWithErrors": "Replays with Errors",
"uiErrors": "UI Errors",
"rageClicks": "Rage Clicks",
"deadClicks": "Dead Clicks",
"recentReplays": "Recent Replays",
"recentUIErrors": "Recent UI Errors",
"replayWithErrors": "Replay with {count} errors",
"occurrences": "{count} occurrences",
"viewDashboard": "View Replay Dashboard",
"health": {
"good": "Good",
"moderate": "Moderate",
"poor": "Poor"
}
}
},
"alerts": {
"autoRefresh": "Auto-refresh every {seconds}s",
"incidentCount": "{count, plural, one {# incident} other {# incidents}}"
},
"navSection": {
"aiCore": "AI Core",
"monitoring": "Monitoring & Security",
"ops": "Operations",
"knowledge": "Knowledge & Tools"
},
"sidebar": {
"expand": "Expand sidebar",
"collapse": "Collapse sidebar"
},
"settings": {
"title": "Settings",
"appearance": "Appearance",
"appearanceDesc": "Theme, fonts, density",
"appearanceSettings": "Appearance Settings",
"language": "Language",
"languageDesc": "Interface language",
"languageSettings": "Language Settings",
"notify": "Notifications",
"notifyDesc": "Telegram / browser notification preferences",
"notifySettings": "Notification Settings",
"system": "System Info",
"systemDesc": "Version & API endpoints",
"systemSettings": "System Info",
"compactMode": "Compact Mode",
"compactModeDesc": "Reduce spacing, show more content",
"designSystem": "Design System",
"designSystemValue": "Nothing.tech Pure White Industrial (fixed)",
"themeColor": "Theme Color",
"themeColorValue": "OpenClaw Blue + Orange Accent (fixed)",
"browserNotify": "Browser Push Notifications",
"browserNotifyDesc": "Show system notification on new Incident",
"p0Only": "P0 CRITICAL Only",
"p0OnlyDesc": "Filter low-severity alerts to reduce noise",
"telegramNotify": "Telegram Notifications",
"telegramNotifyDesc": "Pushed by OpenClaw Bot (requires backend config)",
"backendConfig": "Backend Config",
"frontendVersion": "Frontend Version",
"apiEndpoint": "API Endpoint",
"notConfigured": "(not configured)",
"phase": "Phase",
"save": "Save Settings",
"saved": "Saved",
"zhTW": "繁體中文",
"zhTWSub": "Traditional Chinese",
"en": "EN",
"enSub": "English (US)"
},
"autoRepair": {
"subtitle": "High-quality Playbook auto-execution · Risk ≤ MEDIUM · Success ≥ 95%",
"approvedPlaybooks": "Approved Playbooks",
"highQualityPlaybooks": "High-Quality Playbooks",
"highQualitySub": "Success ≥ 95% · Runs ≥ 10",
"totalExecutions": "Total Executions",
"overallSuccessRate": "Overall Success Rate",
"eligible": "✓ Auto-repair available",
"notEligible": "No high-quality Playbook yet",
"ready": "Auto-repair Ready",
"notReady": "Auto-repair Not Ready",
"readyDesc": "{count} high-quality Playbooks available",
"notReadyDesc": "Need at least 1 high-quality Playbook (success ≥ 95%, runs ≥ 10)",
"incidentEval": "Active Incident Evaluation (P1/P2)",
"canAutoRepair": "Can auto-repair",
"notEligibleShort": "Not eligible",
"riskLevel": "Risk Level",
"successRate": "Success Rate",
"execCount": "Executions",
"decisionReason": "Decision Reason",
"execSuccess": "Success ({ms}ms)",
"execFailed": "Failed: {error}",
"executing": "Executing...",
"execute": "Execute Repair",
"noEligible": "No incidents eligible for auto-repair",
"dispositionAuto": "Auto Repair",
"dispositionHuman": "Human Approved",
"dispositionManual": "Manual Resolved",
"dispositionCold": "Cold Start Trust"
},
"openclawPanel": {
"patrolling": "[AGENT] patrolling...",
"intercepting": "[SYS] Intercepting anomaly...",
"analyzing": "[SYS] Analyzing blast radius...",
"generating": "[SYS] Generating proposed action...",
"complete": "[SYS] Analysis complete"
},
"knowledgeBase": {
"title": "Knowledge Base",
"searchPlaceholder": "Search knowledge entries...",
"allCategories": "All",
"noResults": "No knowledge entries found",
"createEntry": "New Entry",
"viewCount": "views",
"relatedPlaybook": "Related Playbook",
"relatedIncident": "Related Incident",
"approve": "Approve",
"approving": "Approving...",
"archive": "Archive",
"archiving": "Archiving...",
"status": {
"draft": "Draft",
"review": "In Review",
"approved": "Approved",
"archived": "Archived",
"published": "Published"
},
"type": {
"incident_case": "Incident Case",
"runbook": "Runbook",
"best_practice": "Best Practice",
"postmortem": "Postmortem",
"auto_runbook": "Auto Runbook",
"anti_pattern": "Anti-Pattern"
},
"source": {
"ai_extracted": "AI Extracted",
"human": "Manual"
},
"category": {
"infrastructure": "Infrastructure",
"application": "Application",
"ai_system": "AI System",
"security": "Security / Compliance"
},
"filterByType": "Filter by type",
"filterByStatus": "Filter by status",
"entries": "entries",
"empty": "No knowledge entries yet",
"emptyDescription": "Entries will be auto-extracted from incidents, or you can create them manually",
"semanticSearchPlaceholder": "Enter semantic search query...",
"semanticOn": "Semantic",
"semanticOff": "Semantic",
"switchToSemantic": "Switch to semantic search (pgvector)",
"switchToKeyword": "Switch to keyword search",
"semanticSearchHint": "Enter a query to search with AI vector similarity"
},
"monitoring": {
"healthy": "Healthy",
"warning": "Warning",
"critical": "Critical",
"goldMetrics": "GOLD METRICS",
"hostStatus": "HOST STATUS (FOUR-HOST ARCHITECTURE)",
"serviceList": "SERVICE LIST",
"serviceName": "Service",
"status": "Status",
"latency": "Latency",
"uptime": "Uptime",
"lastCheck": "Last Check"
},
"services": {
"title": "Services",
"subtitle": "All services across hosts",
"name": "Service Name",
"host": "Host",
"status": "Status",
"cpu": "CPU%",
"ram": "RAM%",
"noServices": "No service data available",
"fetchError": "Failed to load services"
},
"topology": {
"title": "Topology",
"subtitle": "Service dependencies & health status",
"noHosts": "No host data available",
"fetchError": "Failed to load host data",
"services": "Services",
"cpu": "CPU",
"ram": "RAM",
"groupInfra": "Infrastructure",
"groupSecurity": "Security",
"groupK3s": "K3s Cluster",
"groupAiData": "AI/Data Center",
"allHealthy": "All Healthy",
"allReachable": "All Reachable",
"warning": "Warning",
"healthy": "Healthy",
"investigating": "Investigating",
"groupExternal": "External Services",
"hostDevops": "DevOps Vault",
"hostAiData": "AI+Web Hub",
"hostK3sMaster": "K3s Master",
"hostK3sWorker": "K3s Worker"
},
"notifications": {
"title": "Notifications",
"subtitle": "Notification channel settings",
"channel": "Channel",
"type": "Type",
"status": "Status",
"noChannels": "No notification channels",
"fetchError": "Failed to load notification channels"
},
"reports": {
"title": "Reports",
"subtitle": "Incident statistics summary",
"incidentSummary": "Incident Summary",
"resolutionStats": "Resolution Statistics",
"total": "Total",
"resolved": "Resolved",
"unresolved": "Unresolved",
"avgResolutionTime": "Avg Resolution Time",
"resolutionRate": "Resolution Rate",
"fetchError": "Failed to load report data",
"noData": "No statistics available",
"totalDispositions": "Total Dispositions",
"autoRate": "Automation Rate",
"humanRate": "Human Intervention Rate",
"autoRepair": "Auto Repair",
"humanApproved": "Human Approved",
"manualResolved": "Manual Resolved",
"coldStartTrust": "Cold Start Trust",
"dispositionBreakdown": "Disposition Breakdown",
"byAnomalyType": "By Anomaly Type",
"anomalyKey": "Anomaly Type"
},
"apm": {
"title": "APM",
"subtitle": "Application Performance Monitoring — Golden Signals",
"loading": "Loading...",
"metric": "Metric",
"value": "Value",
"status": "Status",
"openSignoz": "Open SigNoz",
"noData": "No APM data",
"noDataDescription": "APM integration pending, will display automatically after SignOz connects"
},
"apps": {
"title": "Applications",
"subtitle": "All host services status",
"loading": "Loading...",
"host": "Host",
"service": "Service",
"port": "Port",
"latency": "Latency",
"status": "Status",
"error": "Load failed",
"noApps": "No service data"
},
"billing": {
"title": "Usage",
"subtitle": "System operation usage statistics",
"loading": "Loading...",
"totalExecutions": "Total Executions",
"last24h": "Last 24h",
"successRate": "Success Rate",
"avgDuration": "Avg Duration",
"currentMonth": "This Month",
"totalUsage": "Total Usage",
"error": "Load failed",
"noData": "No usage data"
},
"compliance": {
"title": "Compliance",
"subtitle": "System governance & compliance status",
"loading": "Loading...",
"totalIncidents": "Total Incidents",
"resolvedRate": "Resolution Rate",
"approvedPlaybooks": "Playbooks",
"highQualityPlaybooks": "High-Quality Playbooks",
"executionSuccessRate": "Execution Success Rate",
"autoRepairEligible": "Auto-Repair Eligible",
"yes": "Yes",
"no": "No",
"error": "Load failed",
"noData": "No compliance data"
},
"cost": {
"title": "Cost Analysis",
"subtitle": "AI execution efficiency stats",
"loading": "Loading...",
"totalProposals": "Total Proposals",
"executionRate": "Execution Rate",
"successRate": "Success Rate",
"avgEffectiveness": "Avg Effectiveness",
"error": "Load failed",
"noData": "No cost data"
},
"deployments": {
"title": "Deployments",
"subtitle": "K3s service deployment status",
"loading": "Loading...",
"service": "Service",
"port": "Port",
"latency": "Latency",
"status": "Status",
"host": "Host",
"error": "Load failed",
"noDeployments": "No deployment data",
"name": "Service Name",
"version": "Version",
"time": "Time"
},
"help": {
"title": "Help",
"subtitle": "System information",
"version": "Version Info",
"appVersion": "Application Version",
"platform": "Platform",
"docs": "Documentation",
"docsDescription": "Visit AWOOOI Docs for full documentation"
},
"securityCompliance": {
"frontStage": {
"eyebrow": "前台資安入口",
"title": "安全合規保留,並整合到 IwoooS",
"subtitle": "專業建議是不移除。這個頁面保留既有安全監控與合規統計作為前台使用者熟悉的入口IwoooS 則成為資安網的總覽與唯一姿態來源,避免安全合規與 IwoooS 變成兩套敘事。",
"openIwooos": "查看 IwoooS 總覽",
"boundaryTitle": "低摩擦整合邊界",
"boundaryIntro": "這裡只做前台整合與導流,不新增掃描、修復、批准、部署或硬性阻擋控制。",
"routeRoleTitle": "前台入口角色對照",
"routeRoleSubtitle": "從安全合規進來時,也能直接看懂每個資安入口該負責什麼;這些入口只導覽與說明,不提供執行按鈕。",
"routeLabel": "入口",
"rolloutTitle": "低摩擦分階段收斂",
"rolloutSubtitle": "初期先建立框架、可視化與證據鏈;等負責人回覆、人工審查與執行期閘門都完成後,再逐步收嚴,不讓資安一開始拖慢產品流程。",
"phaseLabel": "階段",
"items": {
"routePreserved": {
"label": "路由策略",
"detail": "既有書籤、導覽與頁籤維持可用。"
},
"iwooosBridge": {
"label": "資安總覽",
"detail": "IwoooS 承接總覽與跨頁姿態。"
},
"dedupeNarrative": {
"label": "敘事收斂",
"detail": "安全合規不再另開一套資安來源。"
},
"noRuntimeControl": {
"label": "執行控制",
"detail": "不新增掃描、修復、批准或部署按鈕。"
}
},
"routeRoles": {
"iwooosOverview": {
"title": "IwoooS 看總覽",
"body": "閱讀資安網進度、主機範圍、版本來源、負責人回覆與執行期邊界。"
},
"securityComplianceHub": {
"title": "安全合規看熟悉入口",
"body": "保留既有安全監控與合規統計,讓前台使用者不用改變原本路徑。"
},
"securityMonitor": {
"title": "安全看事件訊號",
"body": "查看錯誤、議題與安全事件類訊號;仍只做資料呈現。"
},
"complianceStats": {
"title": "合規看統計",
"body": "查看事件摘要、處置劇本與自動修復統計,不把統計視為批准。"
},
"awooopApprovals": {
"title": "AwoooP 看人控等待",
"body": "查看審批與負責人回覆等待狀態;仍不代表資安執行期閘門已開。"
}
},
"rolloutPhases": {
"observe": {
"title": "觀測與盤點",
"body": "目前只整理入口、主機、專案、網站、監控與工具姿態,不阻擋使用者流程。"
},
"evidence": {
"title": "補齊證據",
"body": "收斂脫敏證據、版本來源、負責人回覆與 AwoooP 只讀消費證明。"
},
"humanReview": {
"title": "人工審查",
"body": "由負責人確認例外、風險接受、修復順序與是否進入執行期閘門。"
},
"runtimeGate": {
"title": "批准後開閘",
"body": "只有明確批准後才允許掃描、修復、部署或主機變更的執行期流程。"
},
"tightening": {
"title": "逐步收嚴",
"body": "依證據與影響範圍分批提高管控,不一次把整個產品流程鎖死。"
}
}
}
},
"security": {
"title": "Security",
"subtitle": "Errors & security event monitoring",
"loading": "Loading...",
"totalIssues": "Total Issues",
"criticalIssues": "Critical Issues",
"errorRate": "Error Rate",
"recentIssues": "Recent Issues",
"issue": "Issue",
"count": "Count",
"error": "Load failed",
"noData": "No security events",
"iwooosBridge": {
"title": "Included in the IwoooS read-only security mirror",
"subtitle": "This existing security / compliance page now shows its IwoooS scope in reverse; it only displays progress, framework maturity, and runtime boundaries without adding scan, repair, approval, or deploy buttons.",
"compactTitle": "IwoooS",
"compactDetail": "58% / gate 0",
"openIwooos": "Open IwoooS",
"sourceLabel": "Integration source",
"sourceDetail": "SecurityPanel, CompliancePanel, standalone /security, and /compliance keep their original data sources; IwoooS only indexes the security mesh and aggregates mirror-only posture.",
"boundaryLabel": "Execution boundary",
"metrics": {
"overall": {
"label": "Overall mesh",
"detail": "headline progress"
},
"framework": {
"label": "Framework maturity",
"detail": "docs / schema / read-only evidence"
},
"runtimeGates": {
"label": "Runtime gates",
"detail": "not active"
},
"actions": {
"label": "Action buttons",
"detail": "not provided"
}
}
}
},
"iwooos": {
"eyebrow": "Information Security Mesh",
"title": "IwoooS",
"subtitle": "The security mesh posture entry. It gathers Kali, source control, owner response, approval gates, and AwoooP mirror-only evidence into one readable posture without starting scans, repairs, or product blockers.",
"boundary": {
"label": "Current boundary",
"state": "Mirror-only / Observe-first",
"detail": "All numbers come from verified snapshots and guards. This page only displays posture, gaps, next gates, and non-blocking lanes."
},
"metrics": {
"overall": {
"label": "Overall mesh",
"detail": "headline progress, not authorization"
},
"framework": {
"label": "Framework maturity",
"detail": "docs, schema, read-only evidence"
},
"runtime": {
"label": "Runtime landing",
"detail": "runtime gates are not active"
},
"contracts": {
"label": "Core contracts",
"detail": "33 ready / 2 partial / 1 contract-only"
},
"activeGates": {
"label": "Active runtime gates",
"detail": "kept at 0 before approval"
}
},
"pillars": {
"exposure": {
"title": "Exposure Posture",
"state": "Waiting evidence",
"body": "Mainstream security management puts assets, exposure, vulnerabilities, and owner gates in one view. IwoooS shows coverage gaps without turning them into blockers."
},
"sourceControl": {
"title": "Source-control Supply Chain",
"state": "Draft gated",
"body": "GitHub is the long-term direction, but refs, workflows, secret names, and rollback ADRs still need owner responses."
},
"kali": {
"title": "Kali 112 Mesh",
"state": "Observe-only",
"body": "Kali 112 is in scope, and 111 / 168 are also observe-only. Active scan and /execute remain block candidates."
},
"governance": {
"title": "Approval Boundary",
"state": "Locked",
"body": "7 pending approvals, 1 block candidate, and 0 active runtime gates. Execution requires a human decision record and a follow-up runtime gate."
}
},
"lanes": {
"title": "Non-blocking Lanes",
"subtitle": "The initial phase stays observe / warn so security does not slow product and deployment flow.",
"lowMedium": {
"title": "LOW / MEDIUM observation",
"body": "Label risk, create follow-up, add evidence_ref, do not block deploy."
},
"ownerMissing": {
"title": "Owner response missing",
"body": "Show gaps and the next collection candidate; do not treat silence as rejection."
},
"mirrorIncomplete": {
"title": "Mirror data incomplete",
"body": "Show partial / quarantine reason and wait for a new redacted snapshot."
},
"sourceDrift": {
"title": "Source-control drift draft",
"body": "Keep the draft reconcile plan; do not sync refs or force push."
},
"kaliObserve": {
"title": "Kali observe finding",
"body": "Show only redacted finding summary; do not start active scan."
},
"workflowGap": {
"title": "Workflow / secret name gap",
"body": "Request redacted export; do not collect secret values or enable runners."
},
"progressHolding": {
"title": "Progress display holding",
"body": "58% means high-level gates are pending; it is neither stuck nor runtime approval."
}
},
"existingSurfaces": {
"title": "Existing Security Surfaces",
"subtitle": "Collects the frontend routes that already carry security, compliance, alert, authorization, governance, audit, and code review signals into one read-only index.",
"sourceLabel": "Original source",
"mode": "read-only link / no execution button",
"items": {
"securityCompliance": {
"title": "Security Compliance Hub",
"body": "The existing integrated page for SecurityPanel and CompliancePanel, covering errors, incidents, repair, and compliance stats.",
"source": "SecurityPanel / CompliancePanel; errors, incident summary, auto-repair stats"
},
"legacySecurity": {
"title": "Legacy Security Monitor",
"body": "Keeps the earlier standalone security route visible so existing error stats and Sentry issue entrypoints do not disappear behind IwoooS.",
"source": "apps/web/src/app/[locale]/security/page.tsx; errors stats / issues"
},
"legacyCompliance": {
"title": "Legacy Compliance Page",
"body": "Keeps the earlier standalone compliance route visible for incident, playbook, and auto-repair effectiveness data.",
"source": "apps/web/src/app/[locale]/compliance/page.tsx; incident summary / auto-repair stats"
},
"alerts": {
"title": "Alert Management",
"body": "The active incident surface sorted from P0 to P3, feeding near-real-time security posture signals.",
"source": "useIncidents; incidents / pending approvals"
},
"errors": {
"title": "Errors and UX Audit",
"body": "The existing error tracking and UX audit entrypoint for issues, trends, session replay, and user friction.",
"source": "ErrorsPanel; error stats / trends / ux-audit"
},
"authorizations": {
"title": "Authorization Center",
"body": "The existing HITL and multi-sig entrypoint, preserving the human control boundary before future security runtime gates.",
"source": "LiveApprovalPanel; pending approvals / SSE"
},
"governance": {
"title": "AI Governance Hub",
"body": "The existing governance events, SLO, remediation queue, and dry-run history surface for automation evidence.",
"source": "governance tabs; AI SLO / governance events / queue"
},
"alertOperationLogs": {
"title": "Alert Operation Logs",
"body": "The full alert operation log surface for guardrails, preflight, approval escalation, and handling results.",
"source": "alert-operation-logs; events / stats"
},
"awooopApprovals": {
"title": "AwoooP Approval Queue",
"body": "The existing AwoooP approvals page showing read-only dry-run, write observed, blocked, and human gate status.",
"source": "AwoooP approvals; platform approvals"
},
"codeReview": {
"title": "AI Code Review Control Plane",
"body": "The existing Code Review page showing Hermes, OpenClaw, Elephant Alpha, NemoTron, and the non-blocking review pipeline.",
"source": "code-review page; review pipeline / agent assignment"
}
}
},
"surfaceConnections": {
"title": "Security Page Connection Status",
"subtitle": "Shows how the 10 existing entrypoints connect back to IwoooS: direct bridge, embedded panel bridge, or AwoooP read-only candidate. This is visible coverage only, not authorization or blocking.",
"states": {
"embeddedBridge": "Embedded bridge visible",
"directBridge": "Direct bridge visible",
"awooopCandidate": "AwoooP read-only candidate"
},
"items": {
"securityCompliance": {
"title": "Security Compliance Hub",
"body": "Shows IwoooS inclusion through the embedded SecurityPanel and CompliancePanel bridges.",
"boundary": "Displays integration status only; no repair, approval, deploy, or blocking control is added."
},
"legacySecurity": {
"title": "Legacy Security Monitor",
"body": "The standalone security page now shows the IwoooS read-only bridge and 58% / gate 0 boundary.",
"boundary": "Keeps error and security signals visible without turning the page into a scan entrypoint."
},
"legacyCompliance": {
"title": "Legacy Compliance Page",
"body": "The standalone compliance page now shows the IwoooS read-only bridge and runtime false boundary.",
"boundary": "Displays compliance state only; no owner response, approval, or runtime gate is created."
},
"alerts": {
"title": "Alert Management",
"body": "The active incident page now shows the IwoooS read-only bridge so alert signals return to the mesh.",
"boundary": "Displays alert inclusion only; no alert blocker, scan, or repair is added."
},
"errors": {
"title": "Errors and UX Audit",
"body": "ErrorsPanel now shows the IwoooS read-only bridge so errors and UX audit stay observable.",
"boundary": "Keeps issue tracking and user friction visible without adding execution controls."
},
"authorizations": {
"title": "Authorization Center",
"body": "The authorization page now shows the IwoooS read-only bridge while preserving HITL / multi-sig control.",
"boundary": "The bridge is not an approval record and cannot mark owner response accepted."
},
"governance": {
"title": "AI Governance Hub",
"body": "The governance page now shows the IwoooS read-only bridge so SLOs, events, and queues remain evidence surfaces.",
"boundary": "Displays governance evidence only; visibility is not runtime authorization."
},
"alertOperationLogs": {
"title": "Alert Operation Logs",
"body": "The operation log page now shows the dark IwoooS read-only bridge and keeps the audit chain visible.",
"boundary": "Displays event flow only; no preflight bypass, repair, or deploy is added."
},
"awooopApprovals": {
"title": "AwoooP Approval Queue",
"body": "AwoooP approvals connect back to IwoooS through the owner-response read-only candidate.",
"boundary": "AwoooP human gate state is not security approval and cannot open runtime gates."
},
"codeReview": {
"title": "AI Code Review Control Plane",
"body": "The Code Review page now shows the dark IwoooS read-only bridge and preserves its non-blocking review posture.",
"boundary": "Code Review is not deploy approval and does not add Gitea/GitHub actions."
}
}
},
"coverage": {
"title": "Coverage and Boundary Matrix",
"subtitle": "Groups the 10 existing security surfaces into four responsibility planes so IwoooS can show where to read signals, human control, governance audit, and engineering review.",
"groups": {
"signals": {
"title": "Signals and Exposure",
"body": "Collects security, compliance, alert, error, and UX audit signals; observations stay visible without becoming blockers."
},
"humanControl": {
"title": "Human Control Boundary",
"body": "Keeps HITL, multi-sig, and AwoooP approvals visible; runtime gates still require human decisions."
},
"governanceAudit": {
"title": "Governance and Audit",
"body": "Governance events, SLOs, remediation queues, and operation logs are evidence surfaces, not execution authorization."
},
"engineeringReview": {
"title": "Engineering Review",
"body": "Code Review remains a non-blocking review pipeline for risk grading and coding follow-up, not deploy approval."
}
},
"conflicts": {
"title": "Overlap and Conflict Controls",
"subtitle": "The same security signal can appear on multiple pages. IwoooS only organizes entrypoints and does not change ownership or authority.",
"preserveOwnership": {
"title": "Preserve Route Ownership",
"body": "Each route remains owned by its original page and API contract; IwoooS does not move write authority."
},
"noRuntimeLift": {
"title": "No Runtime Lift",
"body": "The coverage matrix can show coverage and gaps, but cannot create scan, execute, repair, or blocking gates."
},
"codeReviewNotDeployGate": {
"title": "Code Review Is Not Deploy Approval",
"body": "AI Code Review can grade risk and propose coding follow-up, but cannot become deploy approval by itself."
},
"awooopNotSecurityApproval": {
"title": "AwoooP Approval Is Not Security Approval",
"body": "The AwoooP approval queue can show human gate state, but security gates still require decision records and follow-up runtime gates."
},
"kaliNotCalled": {
"title": "Frontend Index Does Not Call Kali",
"body": "Kali 112 remains observe-only; active scan or /execute must go through human approval and follow-up gates."
}
}
},
"journey": {
"title": "Security Handling Journey",
"subtitle": "Pins the visible security mesh flow into a read-only status map: read posture, inspect existing surfaces, then move through owner evidence, human decisions, and follow-up gates.",
"outputLabel": "Output",
"steps": {
"readPosture": {
"title": "Read Current Posture",
"body": "Start from the 58% headline, framework / runtime landing, active gates, and next high-level gate.",
"output": "read-only posture, not authorization"
},
"openSurface": {
"title": "Open Existing Surfaces",
"body": "Enter the original page by security, alert, authorization, governance, audit, or code review responsibility.",
"output": "preserve original owner and data boundary"
},
"triageLane": {
"title": "Triage Non-blocking Lanes",
"body": "LOW / MEDIUM, missing owner response, partial mirror, and Kali observe findings stay observe / warn first.",
"output": "follow-up, not blocking"
},
"collectEvidence": {
"title": "Collect Owner Evidence",
"body": "The next recommended collection item remains S4.9 Gitea owner attestation response, accepting redacted evidence only.",
"output": "update received / accepted state, no execution"
},
"humanDecision": {
"title": "Wait for Human Decision",
"body": "Security gates need decision records; AwoooP approval, Code Review, or progress numbers cannot replace that.",
"output": "human decision, not runtime"
},
"runtimeGate": {
"title": "Follow-up Runtime Gate",
"body": "Only after human approval can work move into follow-up runtime gate templates; active runtime gates remain 0.",
"output": "separate gate after approval"
}
}
},
"evidenceReadiness": {
"title": "Owner Evidence Readiness",
"subtitle": "Shows the evidence that can actually move headline progress. Every item is waiting for collection or human decision and does not trigger execution from the frontend.",
"unlockLabel": "Unlock condition",
"items": {
"giteaOwnerAttestation": {
"title": "Gitea owner attestation",
"body": "The recommended first collection item is S4.9, covering Gitea inventory coverage and owner disposition.",
"unlock": "redacted owner response received and accepted"
},
"githubTargetOwner": {
"title": "GitHub target owner",
"body": "Confirms GitHub targets, visibility, canonical owner, and whether repos can enter primary readiness.",
"unlock": "S4.10 owner response accepted"
},
"refsTruthOwner": {
"title": "Refs truth owner",
"body": "Confirms truth for main/dev, deprecated drift, release tags, and GitHub-only refs.",
"unlock": "S4.11 refs truth response accepted"
},
"workflowSecretOwner": {
"title": "Workflow / secret name owner",
"body": "Confirms workflow, webhook, runner, deploy key, branch protection, and secret name parity.",
"unlock": "S4.12 workflow / secret response accepted"
},
"redactedFindingIngestion": {
"title": "Redacted finding ingestion",
"body": "Kali findings and security findings must enter mirror as redacted payloads before any runtime path.",
"unlock": "human-approved redacted finding ingestion"
},
"kaliScanScope": {
"title": "Kali scan scope",
"body": "Kali 112, 111, and 168 remain observe-only; active scan and /execute require separate approval.",
"unlock": "scan scope approval plus follow-up gate"
},
"followupRuntimeGate": {
"title": "Follow-up runtime gate",
"body": "Real execution waits for a human decision record and a separate follow-up runtime gate.",
"unlock": "decision record accepted; active gates remain 0"
}
}
},
"hostCoverage": {
"title": "Host Coverage View",
"subtitle": "Places Kali and the two development hosts inside the visible IwoooS security scope. This only shows coverage and gate state; it does not create SSH, scan, update, or blocking controls.",
"stateLabel": "Current state",
"items": {
"kali112": {
"title": "Kali security host",
"body": "192.168.0.112 is the Kali node for the security mesh and is visible in posture and evidence refs as observe-only integration.",
"state": "in scope; active scan, /execute, and host updates still require separate approval"
},
"dev168": {
"title": "Development host 168",
"body": "192.168.0.168 is included in IwoooS observe-only development host coverage for future scope approval and finding correlation.",
"state": "scope declared; credentialed scan and runtime control are not approved"
},
"dev111": {
"title": "Development host 111",
"body": "192.168.0.111 is included in IwoooS observe-only development host coverage and stays paired with 168 for phased tightening.",
"state": "scope declared; credentialed scan and runtime control are not approved"
}
}
},
"hostActionGates": {
"title": "Host Action Gate Matrix",
"subtitle": "Breaks host-related high-risk actions into read-only gates. This only explains what is locked and what human decision is required; it does not provide execution entry points.",
"gateLabel": "Required gate",
"items": {
"activeScan": {
"title": "Active scan",
"body": "Active scans for Kali 112 and development hosts 168 / 111 are not approved and cannot be triggered from IwoooS.",
"gate": "requires S1.6 scan scope approval plus a follow-up runtime gate"
},
"credentialedScan": {
"title": "Credentialed scan",
"body": "Any credentialed scan requires scope, credential handling, and redacted evidence rules before it can proceed.",
"gate": "requires S1.6 scope approval; credentialed scan remains false"
},
"kaliExecute": {
"title": "Kali /execute",
"body": "The Kali execution endpoint remains a block candidate and is not opened just because hosts are visible.",
"gate": "requires a human decision record and S3.4 follow-up runtime gate"
},
"sshChange": {
"title": "SSH / host change",
"body": "Logging into hosts, changing settings, tuning services, restarting services, or changing SSH settings is outside the frontend authority.",
"gate": "requires explicit human approval, a change plan, and rollback evidence"
},
"kaliUpdate": {
"title": "Kali host update",
"body": "Kali updates and host tuning affect scan results and toolchain stability, so they must be approved separately from posture display.",
"gate": "requires maintenance window, update list, validation metrics, and rollback plan"
},
"runtimeBlocking": {
"title": "Runtime blocking control",
"body": "Turning findings into product blocking or runtime enforcement still waits for owner evidence and a human decision.",
"gate": "requires an accepted decision record; active runtime gates remain 0"
}
}
},
"hostEvidenceReadiness": {
"title": "Host Evidence Readiness",
"subtitle": "Lists the evidence required before host scans, updates, SSH changes, or runtime blocking can proceed. These items are waiting for collection and do not mean approval.",
"evidenceLabel": "Required evidence",
"items": {
"scopeBoundary": {
"title": "Scope boundary",
"body": "Confirms allowed targets, exclusions, scan depth, and rate limits for 112, 168, and 111.",
"evidence": "requires redacted scan scope approval; received=0, accepted=0"
},
"ownerDecision": {
"title": "Owner decision record",
"body": "Every host action needs human control; IwoooS visibility or AwoooP queue status cannot replace a decision.",
"evidence": "requires accepted decision record; active runtime gates=0"
},
"credentialHandling": {
"title": "Credential handling",
"body": "Credentialed scans require defined credential source, storage boundary, redaction, and rejection rules.",
"evidence": "credential material collection is forbidden; credentialed scan=false"
},
"maintenanceWindow": {
"title": "Maintenance window",
"body": "Kali updates, host tuning, or SSH changes need a maintenance window to avoid disrupting development and product flow.",
"evidence": "requires window, impact scope, notification, and recovery criteria"
},
"rollbackPlan": {
"title": "Rollback plan",
"body": "Every host change needs a recovery path covering packages, settings, services, and toolchain versions.",
"evidence": "requires rollback owner, steps, and validation method"
},
"validationMetrics": {
"title": "Validation metrics",
"body": "Host actions need post-check metrics to confirm scanners, monitoring, services, and user flows did not regress.",
"evidence": "requires post-check metrics and failure lane"
},
"redactedIngestion": {
"title": "Redacted ingestion",
"body": "Host findings or scan results may only enter mirror as redacted summaries, not raw runtime input.",
"evidence": "requires redacted payload acceptance; payloads_ingested=false"
}
}
},
"hostEvidenceCollection": {
"title": "Host Evidence Collection Order",
"subtitle": "Orders the seven host evidence items into a recommended collection sequence. Each step only names the next reviewable item and does not change received / accepted from 0.",
"stepLabel": "Collection step",
"dependencyLabel": "Dependency",
"items": {
"scopeFirst": {
"title": "Define scope boundary first",
"body": "Confirm allowed targets, exclusions, depth, and rate limits first. No scope means no scan.",
"dependency": "none; this is the first host collection step"
},
"ownerSecond": {
"title": "Collect owner decision second",
"body": "Confirm who approves, the approved range, and the decision record; queue state cannot replace human control.",
"dependency": "requires readable scope boundary"
},
"credentialThird": {
"title": "Isolate credential handling",
"body": "If future scans need credentials, define credential source, storage boundary, redaction, and rejection first.",
"dependency": "requires owner decision; plaintext credential collection remains forbidden"
},
"maintenanceFourth": {
"title": "Schedule maintenance window",
"body": "Before updates, tuning, or SSH changes, confirm the window, impact scope, and notification.",
"dependency": "requires owner decision and change scope"
},
"rollbackFifth": {
"title": "Add rollback plan",
"body": "Every host action needs recovery for packages, settings, services, and toolchain versions.",
"dependency": "requires maintenance window and change list"
},
"validationSixth": {
"title": "Define validation metrics",
"body": "Define post-check metrics and failure handling lanes before execution is discussed.",
"dependency": "requires rollback plan"
},
"redactedSeventh": {
"title": "Collect redacted ingestion last",
"body": "Findings / scan results enter mirror only as redacted summaries, never as raw payload.",
"dependency": "requires validation metrics; payloads_ingested=false"
}
}
},
"hostEvidenceIntake": {
"title": "Host Evidence Intake Preflight",
"subtitle": "Before future host evidence enters human review, this read-only preflight checks whether it is safe to review. It does not accept raw payloads, plaintext credentials, or change received / accepted.",
"checkLabel": "Preflight",
"rejectLabel": "Reject / quarantine condition",
"items": {
"metadataPointer": {
"title": "Metadata pointer only",
"body": "Host evidence only accepts redacted metadata pointers, source steps, and summaries, not full scan output.",
"reject": "reject when redacted metadata pointer is missing"
},
"dependencyOrder": {
"title": "Collection order match",
"body": "Submitted evidence must follow the S2.17 collection order and cannot skip scope or owner decision.",
"reject": "quarantine when prerequisite dependencies are skipped"
},
"scopeBeforeScan": {
"title": "Scope before scan",
"body": "Any scan-related evidence must map to scope boundary before it can enter human review.",
"reject": "reject scan evidence without scope"
},
"ownerBeforeChange": {
"title": "Owner before host change",
"body": "SSH, updates, tuning, or blocking-control evidence requires an owner decision pointer.",
"reject": "reject host-change evidence without decision record"
},
"credentialPlaintext": {
"title": "Credential plaintext blocked",
"body": "Passwords, tokens, private keys, sessions, or plaintext credentials cannot enter IwoooS mirror.",
"reject": "reject and quarantine when plaintext credential material is detected"
},
"rawPayload": {
"title": "Raw payload blocked",
"body": "Full raw scan output, unredacted findings, host dumps, or log bundles do not enter projection.",
"reject": "raw payload is always rejected"
},
"counterFreeze": {
"title": "Frontend counters frozen",
"body": "The frontend can display preflight state only and cannot move received / accepted away from 0.",
"reject": "block frontend attempts to advance counters"
}
}
},
"hostEvidenceReviewOutcomes": {
"title": "Host Evidence Review Outcome Lanes",
"subtitle": "After preflight, evidence can only move into these read-only lanes. This shows possible human review outcomes and does not create approval records, runtime gates, or host actions.",
"laneLabel": "Outcome lane",
"nextLabel": "Next step",
"items": {
"readyForHumanReview": {
"title": "Ready for human review",
"body": "Evidence becomes a human review candidate only when metadata pointer, dependency order, scope, and owner pointer are readable.",
"next": "display candidate only; received=0, accepted=0"
},
"needsScopeEvidence": {
"title": "Needs scope evidence",
"body": "Scan or finding evidence that cannot map to scope boundary returns to the scope lane.",
"next": "collect scope, no scan"
},
"needsOwnerDecision": {
"title": "Needs owner decision",
"body": "Host change, update, SSH, or blocking evidence without decision pointer returns to owner decision lane.",
"next": "collect decision record, no host action"
},
"quarantineDependencySkip": {
"title": "Quarantine dependency skip",
"body": "Evidence that skips the S2.17 order or has incomplete prerequisites is quarantined for human interpretation.",
"next": "show quarantine reason, do not advance counters"
},
"rejectRawPayload": {
"title": "Reject raw payload",
"body": "Full scan output, unredacted findings, host dumps, or log bundles do not enter IwoooS.",
"next": "request redacted summary instead"
},
"rejectCredentialPlaintext": {
"title": "Reject credential plaintext",
"body": "Passwords, tokens, private keys, sessions, or plaintext credentials are rejected and quarantined.",
"next": "do not store, forward, or display plaintext"
},
"waitingRuntimeGate": {
"title": "Waiting runtime gate",
"body": "Even after human review allows action, the work waits for a later runtime gate and is not executed by this lane.",
"next": "active runtime gates remain 0"
}
}
},
"nextGate": {
"title": "Next High-level Gate",
"body": "S4.9 Gitea owner attestation response is the recommended next owner evidence. Headline progress should only increase after owner responses, redacted payload ingestion, active runtime gates, or GitHub primary readiness actually change."
},
"evidence": {
"title": "Current Evidence"
},
"blocked": {
"title": "Blocked Actions",
"body": "This page does not provide scan, execute, repo, refs, workflow, secret, runner, primary switch, or deploy action buttons."
},
"hostEvidenceReviewHandoff": {
"title": "Host Evidence Review Handoff Packets",
"subtitle": "Human reviewers can interpret evidence only through these redacted handoff packets. This shows required review material and does not mark received / accepted, create approval records, or open runtime gates.",
"packetLabel": "Handoff packet",
"requiredLabel": "Required material",
"items": {
"scopeSummaryPacket": {
"title": "Scope summary packet",
"body": "Describes host, service, network, scan boundary, and exclusions with indicators and summaries only, without storing raw scan output.",
"required": "redacted scope pointer; no raw payload"
},
"ownerDecisionPacket": {
"title": "Owner decision packet",
"body": "Shows who approved review, scope, constraints, and expiry so the reviewer cannot expand authority.",
"required": "owner decision record pointer; not host-action approval"
},
"credentialHandlingPacket": {
"title": "Credential handling packet",
"body": "Shows credential handling and custody responsibility only, without exposing plaintext authentication material.",
"required": "metadata-only handling statement; secret value=blocked"
},
"maintenanceRollbackPacket": {
"title": "Maintenance / rollback packet",
"body": "If later change is needed, it first shows maintenance window, blast radius, rollback owner, and recovery validation method.",
"required": "maintenance window + rollback pointer; no change execution"
},
"validationMetricsPacket": {
"title": "Validation metrics packet",
"body": "Defines which metrics, logs, baselines, or follow-up evidence the reviewer should inspect after review.",
"required": "post-check metrics pointer; runtime gate not opened"
},
"redactionAttestationPacket": {
"title": "Redaction attestation packet",
"body": "Confirms evidence removed raw logs, host dumps, credentials, private URL credentials, and unredacted screenshots.",
"required": "redaction attestation only; sensitive payload not stored"
},
"runtimeGatePacket": {
"title": "Runtime gate pointer packet",
"body": "Routes any possible later action back to a separate runtime gate so review outcome lanes cannot execute work.",
"required": "follow-up gate pointer; active runtime gates=0"
}
}
},
"hostEvidenceReviewerChecklist": {
"title": "Host Evidence Reviewer Checklist",
"subtitle": "After reading handoff packets, reviewers can only use this read-only checklist to decide whether the case can move to the next human decision. The checklist does not mark passed, received / accepted, approval, or runtime gates.",
"checkLabel": "Review check",
"verifyLabel": "Verify",
"items": {
"scopeBoundaryMatch": {
"title": "Scope boundary match",
"body": "Confirm the handoff scope matches host coverage, network, service, and exclusions without expanding scan boundary.",
"verify": "compare redacted pointer only; no scan starts"
},
"ownerDecisionScopeExpiry": {
"title": "Owner decision scope / expiry",
"body": "Confirm the owner decision record has reviewer, scope, constraints, expiry, and is still valid.",
"verify": "read decision pointer only; no approval record created"
},
"credentialHandlingMetadataOnly": {
"title": "Credential handling metadata only",
"body": "Confirm the reviewer sees only handling method and accountable owner, without plaintext authentication material.",
"verify": "secret value collection=false"
},
"redactionAttestationPass": {
"title": "Redaction attestation pass",
"body": "Confirm raw logs, host dumps, unredacted screenshots, private URL credentials, and sensitive payloads are excluded.",
"verify": "raw payload allowed=false"
},
"maintenanceRollbackComplete": {
"title": "Maintenance / rollback complete",
"body": "If evidence implies later change, confirm maintenance window, rollback owner, and recovery validation metrics exist.",
"verify": "display future-change conditions only; no change execution"
},
"validationMetricsLinked": {
"title": "Validation metrics linked",
"body": "Confirm post-check metrics, baseline, logs, or follow-up evidence link to readable redacted pointers.",
"verify": "display validation pointer only; runtime gate stays closed"
},
"runtimeGateSeparated": {
"title": "Runtime gate separated",
"body": "Confirm any reviewer checklist result cannot directly become runtime action and must return to a separate runtime gate.",
"verify": "active runtime gates=0; action buttons=false"
}
}
},
"hostEvidenceReviewerOutcomes": {
"title": "Host Evidence Reviewer Outcome Lanes",
"subtitle": "After reviewer checklist, cases can only enter these read-only outcome lanes. This shows next interpretation and does not mark passed, accepted, approval, or runtime gates.",
"laneLabel": "Reviewer outcome",
"nextLabel": "Next step",
"items": {
"readyForOwnerDecision": {
"title": "Ready for owner decision",
"body": "When scope, owner, redaction, rollback, validation, and runtime separation are readable, the case can only become an owner-decision candidate.",
"next": "display candidate; received=0, accepted=0"
},
"scopeMismatch": {
"title": "Scope mismatch",
"body": "When handoff scope does not match host coverage, network, service, or exclusions, the case returns to the scope lane.",
"next": "collect scope pointer; no scan starts"
},
"ownerExpired": {
"title": "Owner decision expired",
"body": "When owner decision lacks scope, constraints, or is expired, the case returns to the owner decision lane.",
"next": "collect decision record; no approval created"
},
"credentialMetadataFailed": {
"title": "Credential metadata failed",
"body": "When credential handling is not metadata-only or accountability boundary is unreadable, the reviewer outcome is quarantined.",
"next": "request metadata-only statement; no sensitive material collected"
},
"redactionFailed": {
"title": "Redaction failed",
"body": "When redaction attestation cannot prove raw logs, host dumps, unredacted screenshots, or sensitive payloads are excluded, the case is rejected.",
"next": "request redaction again; raw payload not stored"
},
"rollbackMissing": {
"title": "Rollback missing",
"body": "When maintenance window, rollback owner, or recovery validation metrics are missing, the case cannot move to later decision.",
"next": "collect rollback pointer; no change execution"
},
"runtimeGateRequired": {
"title": "Runtime gate required",
"body": "Any possible later host action must route to a separate runtime gate and cannot run from reviewer outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionCandidates": {
"title": "Host Owner Decision Candidate Packets",
"subtitle": "After reviewer outcome reaches the owner-decision candidate lane, IwoooS only displays the human decision packets. It does not create decision records, mark approval, or open runtime gates.",
"packetLabel": "Candidate packet",
"decisionLabel": "Human decision scope",
"items": {
"scopeApprovalCandidate": {
"title": "Scope approval candidate",
"body": "Confirm hosts, networks, services, exclusions, and observation purpose are readable for the owner.",
"decision": "display scope candidate only; owner decision received=0"
},
"scanModeCandidate": {
"title": "Scan mode candidate",
"body": "Separate observe-only, future active scan, and credentialed scan modes so the candidate packet is not mistaken for scan approval.",
"decision": "display mode options only; active scan=false"
},
"credentialHandlingCandidate": {
"title": "Credential handling candidate",
"body": "Describe metadata-only handling, accountable owner, and retention boundary without requesting or storing sensitive material.",
"decision": "display handling principle only; collection=false"
},
"maintenanceWindowCandidate": {
"title": "Maintenance window candidate",
"body": "If later host update or tuning is involved, display candidate maintenance window and constraints first.",
"decision": "display time window only; host update=false"
},
"rollbackOwnerCandidate": {
"title": "Rollback owner candidate",
"body": "Display future rollback owner, recovery route, and human contact point so accountability is clear before any change.",
"decision": "display owner pointer only; change=false"
},
"validationMetricsCandidate": {
"title": "Validation metrics candidate",
"body": "List future post-check metrics, baselines, and review evidence pointers as material for later human gate evaluation.",
"decision": "display validation items only; runtime gate=false"
},
"runtimeGateCandidate": {
"title": "Runtime gate candidate",
"body": "Any later host action still requires a separate runtime gate and cannot execute from an owner-decision candidate.",
"decision": "display gate candidate only; action buttons=false"
}
}
},
"hostOwnerDecisionReviewChecklist": {
"title": "Host Owner Decision Review Checklist",
"subtitle": "After owner decision candidate packets, every item still requires human review. This only displays review checks and does not create decision records, mark approval, or open runtime gates.",
"checkLabel": "Owner review",
"guardLabel": "Safety boundary",
"items": {
"scopeBoundaryReadable": {
"title": "Scope boundary readable",
"body": "Confirm the owner can read hosts, networks, services, exclusions, and observation purpose without exceeding the original scope.",
"guard": "scope review only; owner decision received=0"
},
"scanModeNotAuthorization": {
"title": "Scan mode not authorization",
"body": "Confirm observe-only, future active scan, and credentialed scan are mode descriptions only, not scan authorization.",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "Confirm credential handling keeps only metadata, owner, and retention boundary without requesting sensitive material.",
"guard": "secret collection=false"
},
"maintenanceWindowNotChange": {
"title": "Maintenance window not change",
"body": "Confirm the maintenance window is only a future candidate condition and does not allow Kali updates or host tuning.",
"guard": "host update=false"
},
"rollbackOwnerReadable": {
"title": "Rollback owner readable",
"body": "Confirm rollback owner, recovery route, and human contact point are readable, but no change is approved.",
"guard": "approval record=false"
},
"validationMetricsPredefined": {
"title": "Validation metrics predefined",
"body": "Confirm post-check metrics, baseline, and evidence pointers are defined first for later gate review.",
"guard": "runtime gate opened=false"
},
"runtimeGateStillSeparate": {
"title": "Runtime gate still separate",
"body": "Confirm owner decision checklist cannot execute any later host action and still needs a separate runtime gate.",
"guard": "action buttons=false"
}
}
},
"hostOwnerDecisionReviewOutcomes": {
"title": "Host Owner Decision Review Outcome Lanes",
"subtitle": "After owner review checklist, cases can only enter these read-only outcome lanes. This shows next interpretation and does not create decision records, mark approval, or open runtime gates.",
"laneLabel": "Review outcome",
"nextLabel": "Next step",
"items": {
"readyForDecisionRecord": {
"title": "Ready for decision record",
"body": "When scope, scan mode, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only become a formal decision record candidate.",
"next": "display decision record candidate; received=0, accepted=0"
},
"scopeNeedsRefresh": {
"title": "Scope needs refresh",
"body": "When scope boundary is unreadable, expired, or outside host coverage, the case returns to the scope lane.",
"next": "collect scope pointer; no scan starts"
},
"scanModeNeedsScope": {
"title": "Scan mode needs scope",
"body": "When scan mode is not aligned with scope or is being mistaken for authorization, it must return to scope and mode explanation.",
"next": "collect scan mode statement; scan authorized=false"
},
"credentialBoundaryFailed": {
"title": "Credential boundary failed",
"body": "When credential handling cannot stay metadata-only or accountability boundary is unreadable, the decision outcome is quarantined.",
"next": "collect metadata-only boundary; secret collection=false"
},
"maintenanceWindowMissing": {
"title": "Maintenance window missing",
"body": "When later update or tuning is possible but maintenance window and constraints are missing, the case cannot move to decision record.",
"next": "collect window pointer; host update=false"
},
"rollbackOwnerMissing": {
"title": "Rollback owner missing",
"body": "When rollback owner or recovery path is unreadable, the case cannot enter later approval semantics.",
"next": "collect rollback owner; approval record=false"
},
"runtimeGateRequired": {
"title": "Runtime gate required",
"body": "Any later host action must route to a separate runtime gate and cannot execute from owner review outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordDrafts": {
"title": "Host Owner Decision Record Draft Packets",
"subtitle": "When owner review outcome enters the ready lane, IwoooS can still only display decision record draft fields. It does not create records, mark acceptance, or open runtime gates.",
"packetLabel": "Draft packet",
"metadataLabel": "Required metadata",
"items": {
"scopeStatementDraft": {
"title": "Scope statement draft",
"body": "The draft only organizes hosts, networks, services, exclusions, and observation intent so the owner decision does not stay ambiguous.",
"metadata": "host / network / service / exclusion; record created=false"
},
"scanModeDraft": {
"title": "Scan mode draft",
"body": "The draft only describes observe-only, future active scan, or credentialed scan candidate modes. It is not scan approval.",
"metadata": "mode candidate; active scan=false"
},
"credentialBoundaryDraft": {
"title": "Credential boundary draft",
"body": "The draft only keeps credential handling metadata, owner, and retention boundary. It does not collect sensitive material.",
"metadata": "metadata-only boundary; secret collection=false"
},
"maintenanceConstraintsDraft": {
"title": "Maintenance constraints draft",
"body": "The draft only records future maintenance window candidates, constraints, and impact boundaries. It is not host update approval.",
"metadata": "window / constraint; host update=false"
},
"rollbackOwnerDraft": {
"title": "Rollback owner draft",
"body": "The draft only organizes rollback owner, recovery path, and human contact so later gates have accountability.",
"metadata": "owner / recovery pointer; approval record=false"
},
"validationMetricsDraft": {
"title": "Validation metrics draft",
"body": "The draft only lists post-check metrics, baseline, and evidence pointer for later human interpretation.",
"metadata": "metrics / baseline; accepted=0"
},
"runtimeGateDraft": {
"title": "Runtime gate draft",
"body": "The draft only states that later approval must still open a separate follow-up runtime gate and cannot execute from the draft.",
"metadata": "runtime gate pointer; active gates=0"
}
}
},
"hostOwnerDecisionRecordDraftReview": {
"title": "Host Owner Decision Record Draft Review Checklist",
"subtitle": "Decision record draft packets still require read-only review. This only shows whether drafts have the metadata needed for human decision and does not create formal decision records.",
"checkLabel": "Draft review",
"guardLabel": "No upgrade",
"items": {
"scopeStatementComplete": {
"title": "Scope statement complete",
"body": "Confirm the scope draft includes host, network, service, exclusions, and observation intent so decision record scope is not ambiguous.",
"guard": "draft review only; record created=false"
},
"scanModeStillNotApproval": {
"title": "Scan mode still not approval",
"body": "Confirm scan mode remains a candidate description and is not read as active scan or credentialed scan authorization.",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "Confirm credential boundary stays metadata-only and does not request or store sensitive material.",
"guard": "secret collection=false"
},
"maintenanceConstraintsReadable": {
"title": "Maintenance constraints readable",
"body": "Confirm maintenance window, constraints, and impact boundary are readable without becoming host update approval.",
"guard": "host update=false"
},
"rollbackOwnerReadable": {
"title": "Rollback owner readable",
"body": "Confirm rollback owner, recovery path, and human contact are readable while no approval record is created.",
"guard": "approval record=false"
},
"validationMetricsLinked": {
"title": "Validation metrics linked",
"body": "Confirm post-check metrics, baseline, and evidence pointer are linked to the draft for later human review.",
"guard": "accepted=0"
},
"runtimeGateStillClosed": {
"title": "Runtime gate still closed",
"body": "Confirm decision record draft review does not open runtime gates. Later execution still requires a separate gate.",
"guard": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordDraftReviewOutcomes": {
"title": "Host Owner Decision Record Draft Review Outcome Lanes",
"subtitle": "After draft review checklist, cases can only enter these read-only outcome lanes. This shows next steps and does not mark review passed, create decision records, or open runtime gates.",
"laneLabel": "Review outcome",
"nextLabel": "Next step",
"items": {
"readyForDecisionRecordWriteup": {
"title": "Ready for decision record write-up",
"body": "When scope, scan mode, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only become a formal decision record write-up candidate.",
"next": "display write-up candidate; record created=false"
},
"scopeDraftIncomplete": {
"title": "Scope draft incomplete",
"body": "When the scope draft lacks host, network, service, exclusion, or observation intent, it returns to scope draft completion.",
"next": "collect scope statement; no record creation"
},
"scanModeAmbiguous": {
"title": "Scan mode ambiguous",
"body": "When scan mode can still be mistaken for authorization, it returns to scan mode draft and scope explanation.",
"next": "refine scan mode wording; scan authorized=false"
},
"credentialBoundaryIncomplete": {
"title": "Credential boundary incomplete",
"body": "When credential boundary is unclear about metadata-only handling, owner, or retention, it returns to credential draft completion.",
"next": "collect metadata-only boundary; secret collection=false"
},
"maintenanceConstraintsIncomplete": {
"title": "Maintenance constraints incomplete",
"body": "When maintenance window, constraints, or impact boundary are unreadable, the case cannot enter formal decision record write-up.",
"next": "collect constraints; host update=false"
},
"rollbackOwnerIncomplete": {
"title": "Rollback owner incomplete",
"body": "When rollback owner, recovery path, or human contact is unreadable, the case cannot enter later approval semantics.",
"next": "collect rollback owner; approval record=false"
},
"runtimeGateStillRequired": {
"title": "Runtime gate still required",
"body": "Any later host action must still wait for a separate runtime gate and cannot execute from draft review outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordWriteups": {
"title": "Host Owner Decision Record Write-Up Packets",
"subtitle": "When a draft review outcome is ready for write-up, IwoooS can still only display formal decision record write-up fields. It does not create records, mark completed / accepted, or open runtime gates.",
"packetLabel": "Write-up packet",
"fieldLabel": "Required field",
"items": {
"decisionSummaryWriteup": {
"title": "Decision summary write-up",
"body": "Only organizes the human owner decision, risk acceptance boundary, and no-execution statement.",
"field": "decision summary; write-up completed=0"
},
"approvedScopeWriteup": {
"title": "Approved scope write-up",
"body": "Only organizes hosts, networks, services, exclusions, observation intent, and expiry.",
"field": "scope / expiry; record created=false"
},
"scanModeLimitsWriteup": {
"title": "Scan mode limits write-up",
"body": "Only organizes limits for observe-only, future active scan, or credentialed scan modes. This is not scan approval.",
"field": "mode limits; scan authorized=false"
},
"credentialBoundaryWriteup": {
"title": "Credential boundary write-up",
"body": "Only organizes credential handling metadata, owner, retention boundary, and forbidden collection content.",
"field": "metadata-only boundary; secret collection=false"
},
"maintenanceRollbackWriteup": {
"title": "Maintenance and rollback write-up",
"body": "Only organizes maintenance window candidates, constraints, rollback owner, recovery path, and human contact.",
"field": "window / rollback; host update=false"
},
"validationEvidenceWriteup": {
"title": "Validation evidence write-up",
"body": "Only organizes post-check metrics, baseline, evidence pointer, and human acceptance condition.",
"field": "metrics / evidence; accepted=0"
},
"runtimeGatePointerWriteup": {
"title": "Runtime gate pointer write-up",
"body": "Only states that future approval still needs a separate follow-up runtime gate and cannot execute from write-up.",
"field": "runtime gate pointer; active gates=0"
}
}
},
"hostOwnerDecisionRecordWriteupReview": {
"title": "Host Owner Decision Record Write-Up Review Checklist",
"subtitle": "Write-up packets still require read-only review. This only shows whether formal decision record write-up fields are readable and does not mark write-up completed, create or accept decision records, or open runtime gates.",
"checkLabel": "Write-up review",
"guardLabel": "No upgrade",
"items": {
"decisionSummaryReadable": {
"title": "Decision summary readable",
"body": "Confirm the write-up only organizes the human owner decision, risk acceptance boundary, and no-execution statement without adding approval semantics.",
"guard": "write-up review only; completed=0"
},
"scopeExpiryComplete": {
"title": "Scope and expiry complete",
"body": "Confirm scope, exclusions, observation intent, and expiry are readable so the formal record scope is not ambiguous.",
"guard": "record created=false"
},
"scanModeLimitsExplicit": {
"title": "Scan mode limits explicit",
"body": "Confirm observe-only, future active scan, and credentialed scan limits are explicit while not becoming scan authorization.",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "Confirm credential handling still keeps only metadata, owner, and retention boundary without requesting or storing sensitive material.",
"guard": "secret collection=false"
},
"maintenanceRollbackLinked": {
"title": "Maintenance and rollback linked",
"body": "Confirm maintenance window candidates, constraints, rollback owner, recovery path, and human contact remain traceable.",
"guard": "host update=false"
},
"validationEvidenceLinked": {
"title": "Validation evidence linked",
"body": "Confirm post-check metrics, baseline, evidence pointer, and human acceptance condition are linked to the write-up.",
"guard": "accepted=0"
},
"runtimeGateStillSeparate": {
"title": "Runtime gate still separate",
"body": "Confirm the runtime gate pointer still points to a separate follow-up gate and write-up review does not open gates.",
"guard": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordWriteupReviewOutcomes": {
"title": "Host Owner Decision Record Write-Up Review Outcome Lanes",
"subtitle": "After write-up review checklist, cases can only enter these read-only outcome lanes. This shows next steps and does not mark review passed, create or accept decision records, or open runtime gates.",
"laneLabel": "Review outcome",
"nextLabel": "Next step",
"items": {
"readyForFormalRecordCandidate": {
"title": "Ready for formal record candidate",
"body": "When summary, scope, scan limits, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only show a formal record candidate.",
"next": "display formal record candidate; record created=false"
},
"decisionSummaryNeedsClarification": {
"title": "Decision summary needs clarification",
"body": "When the decision summary, risk acceptance boundary, or no-execution statement is unreadable, the case returns to write-up completion.",
"next": "collect decision summary; completed=0"
},
"scopeExpiryNeedsRefresh": {
"title": "Scope and expiry needs refresh",
"body": "When scope, exclusions, observation intent, or expiry are incomplete, the case cannot enter formal record candidate.",
"next": "collect scope / expiry; record created=false"
},
"scanModeLimitsAmbiguous": {
"title": "Scan mode limits ambiguous",
"body": "When scan mode limits can still be mistaken for active scan or credentialed scan authorization, the wording must return to write-up.",
"next": "refine scan wording; scan authorized=false"
},
"credentialBoundaryFailed": {
"title": "Credential boundary failed",
"body": "When credential boundary is unclear about metadata-only handling, owner, retention, or forbidden collection content, it returns to credential write-up.",
"next": "collect metadata-only boundary; secret collection=false"
},
"maintenanceRollbackIncomplete": {
"title": "Maintenance and rollback incomplete",
"body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is unreadable, the case cannot create approval semantics.",
"next": "collect maintenance / rollback; host update=false"
},
"runtimeGateStillRequired": {
"title": "Runtime gate still required",
"body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot execute from review outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordFormalCandidates": {
"title": "Host Owner Decision Record Formal Candidate Packets",
"subtitle": "Formal record candidate only organizes the fields that may later be written into a formal record. This does not create decision records, mark finalized or accepted, create approval records, or open runtime gates.",
"packetLabel": "Candidate packet",
"fieldLabel": "Candidate field",
"items": {
"recordIdentityCandidate": {
"title": "Record identity candidate",
"body": "Organizes candidate record id, version, owner, review scope, and trace source so a future formal record has a readable identity.",
"field": "identity / version; record created=false"
},
"decisionSummaryCandidate": {
"title": "Decision summary candidate",
"body": "Organizes human owner decision summary, risk acceptance boundary, and no-execution statement without writing it as an accepted decision.",
"field": "decision summary; finalized=0"
},
"approvedScopeCandidate": {
"title": "Approved scope candidate",
"body": "Organizes host, network, service, exclusion, observation intent, and expiry so scope remains readable.",
"field": "scope / expiry; accepted=0"
},
"scanModeLimitsCandidate": {
"title": "Scan mode limits candidate",
"body": "Organizes observe-only, future active scan, and credentialed scan limits so they cannot be mistaken for scan authorization.",
"field": "scan limits; scan authorized=false"
},
"credentialBoundaryCandidate": {
"title": "Credential boundary candidate",
"body": "Organizes metadata-only credential owner, retention boundary, masking requirement, and forbidden collection content.",
"field": "metadata-only boundary; secret collection=false"
},
"maintenanceRollbackCandidate": {
"title": "Maintenance and rollback candidate",
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact.",
"field": "window / rollback; host update=false"
},
"validationRuntimeGateCandidate": {
"title": "Validation and runtime gate candidate",
"body": "Organizes validation evidence, post-check metrics, baseline pointer, and the statement that a separate follow-up runtime gate is still required.",
"field": "validation / runtime pointer; active gates=0"
}
}
},
"hostOwnerDecisionRecordFormalCandidateReview": {
"title": "Host Owner Decision Record Formal Candidate Review Checklist",
"subtitle": "Formal candidate packets can still only enter read-only review before any later human record step. This does not mark review passed, create decision records, mark accepted, create approval records, or open runtime gates.",
"checkLabel": "Candidate review",
"guardLabel": "Still locked",
"items": {
"identityTraceable": {
"title": "Record identity traceable",
"body": "Confirm candidate record id, version, owner, review scope, and trace source are readable while no formal record is created.",
"guard": "record created=false"
},
"decisionSummaryReadable": {
"title": "Decision summary readable",
"body": "Confirm decision summary, risk acceptance boundary, and no-execution statement are readable while still not meaning decision accepted.",
"guard": "accepted=0"
},
"scopeExpiryConsistent": {
"title": "Scope and expiry consistent",
"body": "Confirm host, network, service, exclusion, observation intent, and expiry are consistent while remaining candidate fields only.",
"guard": "finalized=0"
},
"scanLimitsStillNotAuthorization": {
"title": "Scan limits still not authorization",
"body": "Confirm observe-only, future active scan, and credentialed scan limits cannot be mistaken for active scan or credentialed scan authorization.",
"guard": "scan authorized=false"
},
"credentialBoundaryStillMetadataOnly": {
"title": "Credential boundary still metadata-only",
"body": "Confirm credential boundary only keeps metadata, owner, retention, masking, and forbidden collection content.",
"guard": "secret collection=false"
},
"maintenanceRollbackTraceable": {
"title": "Maintenance and rollback traceable",
"body": "Confirm maintenance window, constraints, rollback owner, recovery path, and human contact remain traceable.",
"guard": "host update=false"
},
"runtimeGateStillClosed": {
"title": "Runtime gate still closed",
"body": "Confirm validation evidence and runtime gate pointer still only point to a separate follow-up gate and candidate review does not open gates.",
"guard": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordFormalCandidateReviewOutcomes": {
"title": "Host Owner Decision Record Formal Candidate Review Outcome Lanes",
"subtitle": "Formal candidate review outcome only shows next-step lanes after candidate review. This does not mark review passed, mark finalized, create decision records, mark accepted, create approval records, or open runtime gates.",
"laneLabel": "Outcome lane",
"nextLabel": "Next remains read-only",
"items": {
"readyForHumanRecordQueue": {
"title": "Ready for human record queue",
"body": "When candidate fields are readable, this can only show readiness for a human formal-record queue and does not create decision records.",
"next": "queue visible only; record created=false"
},
"identityNeedsTrace": {
"title": "Record identity needs trace",
"body": "When candidate record id, version, owner, review scope, or trace source is missing, the item returns to identity trace collection.",
"next": "collect identity trace; review passed=0"
},
"decisionSummaryNeedsClarification": {
"title": "Decision summary needs clarification",
"body": "When decision summary, risk acceptance boundary, or no-execution statement is unclear, the item remains a candidate.",
"next": "clarify decision summary; accepted=0"
},
"scopeExpiryNeedsRefresh": {
"title": "Scope and expiry need refresh",
"body": "When host, network, service, exclusion, observation intent, or expiry is inconsistent, the item cannot enter a formal record.",
"next": "refresh scope / expiry; finalized=0"
},
"scanLimitsAmbiguous": {
"title": "Scan limits remain ambiguous",
"body": "When active scan or credentialed scan limits could be misread, the lane stays locked as not authorized.",
"next": "clarify scan limits; scan authorized=false"
},
"credentialBoundaryFailed": {
"title": "Credential boundary failed",
"body": "When credential metadata, retention, masking, or forbidden collection boundary is unclear, the lane remains quarantined.",
"next": "repair metadata-only boundary; secret collection=false"
},
"maintenanceRollbackIncomplete": {
"title": "Maintenance and rollback incomplete",
"body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is not traceable, approval semantics cannot be created.",
"next": "collect maintenance / rollback; host update=false"
},
"runtimeGateStillRequired": {
"title": "Runtime gate still required",
"body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot open from the outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordFormalRecordQueue": {
"title": "Host Owner Decision Record Formal Record Queue Packets",
"subtitle": "Formal record queue packets only organize the data packets a future human formal-record queue would need to read. This does not enqueue, create decision records, mark accepted, create approval records, or open runtime gates.",
"packetLabel": "Queue packet",
"fieldLabel": "Queue field",
"items": {
"queueIdentityPacket": {
"title": "Queue identity packet",
"body": "Organizes candidate record id, version, owner, review scope, and trace source so a human queue can trace identity.",
"field": "identity trace; queue enqueued=0"
},
"queueDecisionSummaryPacket": {
"title": "Queue decision summary packet",
"body": "Organizes decision summary, risk acceptance boundary, and no-execution statement without creating a formal decision record.",
"field": "decision summary; record created=false"
},
"queueScopeExpiryPacket": {
"title": "Queue scope and expiry packet",
"body": "Organizes host, network, service, exclusion, observation intent, and expiry while remaining readable queue information only.",
"field": "scope / expiry; finalized=0"
},
"queueScanLimitsPacket": {
"title": "Queue scan limits packet",
"body": "Organizes observe-only, future active scan, and credentialed scan limits so they cannot be mistaken for scan authorization.",
"field": "scan limits; scan authorized=false"
},
"queueCredentialBoundaryPacket": {
"title": "Queue credential boundary packet",
"body": "Organizes metadata-only credential owner, retention, masking, and forbidden collection boundary.",
"field": "metadata-only boundary; secret collection=false"
},
"queueMaintenanceRollbackPacket": {
"title": "Queue maintenance and rollback packet",
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact.",
"field": "window / rollback; host update=false"
},
"queueValidationRuntimeGatePacket": {
"title": "Queue validation and runtime gate packet",
"body": "Organizes validation evidence, post-check metrics, baseline pointer, and the separate runtime gate requirement.",
"field": "validation / runtime pointer; active gates=0"
},
"queueNoExecutionAttestationPacket": {
"title": "Queue no-execution attestation packet",
"body": "Organizes the statement that nothing is executed, approved, or gate-opened so queue packets cannot be treated as authorization.",
"field": "not authorization; action buttons=false"
}
}
},
"hostOwnerDecisionRecordFormalRecordQueueReview": {
"title": "Host Owner Decision Record Formal Record Queue Review Checklist",
"subtitle": "The formal record queue review checklist only confirms whether queue packets are readable for a future human formal-record review. It does not mark review passed, enqueue, create decision records, create approval records, or open runtime gates.",
"checkLabel": "Queue review",
"guardLabel": "Guardrail",
"items": {
"queueIdentityTraceable": {
"title": "Queue identity traceable",
"body": "Confirms queue identity can trace candidate record, version, owner, review scope, and source without treating traceability as formal enqueue.",
"guard": "trace only; queue enqueued=0"
},
"queueDecisionSummaryReadable": {
"title": "Queue decision summary readable",
"body": "Confirms the decision summary and no-execution statement are readable without creating a formal decision record.",
"guard": "summary only; record created=false"
},
"queueScopeExpiryFresh": {
"title": "Queue scope and expiry fresh",
"body": "Confirms host, network, service, exclusion, observation intent, and expiry are not stale or outside the original scope.",
"guard": "scope check only; finalized=0"
},
"queueScanLimitsNotAuthorization": {
"title": "Queue scan limits not authorization",
"body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraints, not scan approval.",
"guard": "scan authorized=false"
},
"queueCredentialBoundaryMetadataOnly": {
"title": "Queue credential boundary metadata-only",
"body": "Confirms credential boundary keeps only metadata, owner, retention, and masking boundary without requesting sensitive material.",
"guard": "secret collection=false"
},
"queueMaintenanceRollbackLinked": {
"title": "Queue maintenance and rollback linked",
"body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact have pointers without allowing host package changes or tuning.",
"guard": "host change=false"
},
"queueValidationGateSeparate": {
"title": "Queue validation gate separate",
"body": "Confirms validation evidence, post-check metrics, and baseline pointer still route to a separate runtime gate.",
"guard": "active gates=0"
},
"queueNoExecutionAttestationPresent": {
"title": "Queue no-execution attestation present",
"body": "Confirms the no-execution, no-approval, and no-runtime-gate statement remains present so the checklist cannot become an action entry.",
"guard": "action buttons=false"
}
}
},
"hostOwnerDecisionRecordFormalRecordQueueReviewOutcomes": {
"title": "Host Owner Decision Record Formal Record Queue Review Outcome Lanes",
"subtitle": "Formal record queue review outcome lanes only show the next-step routing after checklist review. They do not mark review passed, enqueue, create decision records, accept owner decisions, create approval records, or open runtime gates.",
"laneLabel": "Queue review outcome",
"nextLabel": "Next step",
"items": {
"readyForHumanRecordOwnerHandoff": {
"title": "Ready for human record owner handoff",
"body": "When all queue review conditions are readable, this can only display a future candidate handoff state for a human record owner.",
"next": "display handoff candidate; review passed=0, queue enqueued=0"
},
"identityNeedsTraceRefresh": {
"title": "Identity needs trace refresh",
"body": "When candidate record id, version, owner, review scope, or trace source is unclear, route back to the identity packet for evidence refresh.",
"next": "refresh identity trace; record created=false"
},
"decisionSummaryNeedsClarification": {
"title": "Decision summary needs clarification",
"body": "When the decision summary or no-execution statement is not readable, route back to the summary packet for clarification.",
"next": "clarify decision summary; accepted=0"
},
"scopeExpiryNeedsRefresh": {
"title": "Scope and expiry need refresh",
"body": "When host, network, service, exclusion, observation intent, or expiry is stale or outside original scope, route back to the scope packet.",
"next": "refresh scope / expiry; finalized=0"
},
"scanLimitsRemainAmbiguous": {
"title": "Scan limits remain ambiguous",
"body": "If observe-only, future active scan, or credentialed scan limits can still be mistaken for authorization, route back to the scan limits packet.",
"next": "clarify scan limits; scan authorized=false"
},
"credentialBoundaryFailed": {
"title": "Credential boundary failed",
"body": "If the credential boundary cannot stay metadata-only or the responsibility boundary is unreadable, quarantine and request evidence refresh.",
"next": "refresh metadata-only boundary; secret collection=false"
},
"maintenanceRollbackIncomplete": {
"title": "Maintenance and rollback incomplete",
"body": "If maintenance window, constraints, rollback owner, recovery path, or human contact is missing, it cannot enter formal record semantics.",
"next": "refresh maintenance / rollback; host change=false"
},
"runtimeGateStillRequired": {
"title": "Runtime gate still required",
"body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot open from queue review outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordHumanHandoffReadiness": {
"title": "Host Owner Decision Record Human Record Owner Handoff Readiness Packets",
"subtitle": "Human record owner handoff readiness packets only display metadata to prepare before a future human record owner handoff. They do not start handoff, mark handoff ready, mark review passed, create decision records, accept owner decisions, or open runtime gates.",
"packetLabel": "Handoff readiness packet",
"guardLabel": "Guardrail",
"items": {
"handoffIdentityTrace": {
"title": "Handoff identity and trace",
"body": "Shows whether candidate record id, version, source outcome lane, source queue review, and trace pointer are readable enough for a future human record owner to identify.",
"guard": "handoff started=0; ready=0"
},
"handoffOwnerBoundary": {
"title": "Human record owner boundary",
"body": "Shows future record owner, backup owner, contact point, and responsibility boundary without sending notifications, collecting decisions, or creating approval records.",
"guard": "owner decision received=0"
},
"handoffDecisionSummary": {
"title": "Decision summary packet",
"body": "Shows whether decision summary, no-execution statement, and candidate conclusion are readable so the handoff cannot be mistaken for approval.",
"guard": "decision record created=false"
},
"handoffScopeExpiry": {
"title": "Scope and expiry packet",
"body": "Shows the handoff summary for host, network, service, exclusion, observation intent, and expiry; stale or out-of-scope data can only route back to scope refresh.",
"guard": "review passed=0"
},
"handoffScanLimits": {
"title": "Scan limits packet",
"body": "Shows the wording for observe-only, future active scan, and credentialed scan limits so the human record owner can see this is not scan authorization.",
"guard": "scan authorized=false"
},
"handoffCredentialBoundary": {
"title": "Credential boundary packet",
"body": "Shows credential boundary metadata, retention, and masking responsibility without collecting plaintext, token values, or raw secrets.",
"guard": "secret collection=false"
},
"handoffMaintenanceRollback": {
"title": "Maintenance and rollback packet",
"body": "Shows maintenance window, constraints, rollback owner, recovery path, and human contact while still disallowing SSH, package updates, or host tuning.",
"guard": "host change=false"
},
"handoffRuntimeGate": {
"title": "Runtime gate separation packet",
"body": "Shows validation evidence and follow-up runtime gate pointer as a separate gate that cannot open from handoff readiness.",
"guard": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordHumanHandoffReadinessReview": {
"title": "Host Owner Decision Record Human Handoff Readiness Review Checklist",
"subtitle": "Human handoff readiness review checklist only displays read-only checks before handoff readiness packets can be reviewed by a future human record owner. It does not mark review passed, start handoff, mark handoff ready, create decision records, accept owner decisions, or open runtime gates.",
"checkLabel": "Handoff readiness check",
"guardLabel": "Guardrail",
"items": {
"identityTraceReadable": {
"title": "Identity trace readable",
"body": "Confirms candidate record id, version, source outcome lane, source queue review, and trace pointer are readable; gaps can only route back to identity trace refresh.",
"guard": "handoff started=0; ready=0"
},
"ownerBoundaryReadable": {
"title": "Owner boundary readable",
"body": "Confirms future record owner, backup owner, contact point, and responsibility boundary are readable without sending notifications or collecting owner decisions.",
"guard": "owner decision received=0"
},
"decisionSummaryReadable": {
"title": "Decision summary readable",
"body": "Confirms decision summary, candidate conclusion, and no-execution statement are readable so handoff readiness cannot be mistaken for approval.",
"guard": "decision record created=false"
},
"scopeExpiryCurrent": {
"title": "Scope and expiry current",
"body": "Confirms host, network, service, exclusion, observation intent, and expiry are current and in scope; stale scope can only route back to scope refresh.",
"guard": "review passed=0"
},
"scanLimitsNotAuthorization": {
"title": "Scan limits not authorization",
"body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraint wording, not scan approval.",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata-only",
"body": "Confirms credential boundary only contains metadata, retention, and masking responsibility without plaintext, token values, or raw secrets.",
"guard": "secret collection=false"
},
"maintenanceRollbackTraceable": {
"title": "Maintenance and rollback traceable",
"body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact are traceable while still disallowing SSH, package updates, or host tuning.",
"guard": "host change=false"
},
"runtimeGateSeparate": {
"title": "Runtime gate separate",
"body": "Confirms validation evidence and follow-up runtime gate remain independent and cannot open from readiness review.",
"guard": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordHumanHandoffReadinessReviewOutcomes": {
"title": "Host Owner Decision Record Human Handoff Readiness Review Outcome Lanes",
"subtitle": "Human handoff readiness review outcome lanes only show next-step routing after checklist review. They do not mark review passed, start handoff, mark handoff ready, create decision records, accept owner decisions, create approval records, or open runtime gates.",
"laneLabel": "Handoff review outcome",
"nextLabel": "Next step",
"items": {
"readyForHumanRecordOwnerReviewCandidate": {
"title": "Ready for human record owner review candidate",
"body": "When all readiness review conditions are readable, this can only display a future candidate state for human record owner review.",
"next": "display review candidate; review passed=0, handoff started=0"
},
"identityTraceNeedsRefresh": {
"title": "Identity trace needs refresh",
"body": "When candidate record id, version, source outcome lane, source queue review, or trace pointer is unclear, route back to the identity packet.",
"next": "refresh identity trace; handoff ready=0"
},
"ownerBoundaryNeedsClarification": {
"title": "Owner boundary needs clarification",
"body": "When record owner, backup owner, contact point, or responsibility boundary is unreadable, route back to the owner boundary packet.",
"next": "clarify owner boundary; decision received=0"
},
"decisionSummaryNeedsClarification": {
"title": "Decision summary needs clarification",
"body": "When decision summary, candidate conclusion, or no-execution statement is unreadable, route back to the decision summary packet.",
"next": "clarify decision summary; record created=false"
},
"scopeExpiryNeedsRefresh": {
"title": "Scope and expiry need refresh",
"body": "When host, network, service, exclusion, observation intent, or expiry is stale or out of scope, route back to the scope packet.",
"next": "refresh scope / expiry; review passed=0"
},
"scanLimitsRemainAmbiguous": {
"title": "Scan limits remain ambiguous",
"body": "If observe-only, future active scan, or credentialed scan limits can still be mistaken for authorization, route back to the scan limits packet.",
"next": "clarify scan limits; scan authorized=false"
},
"credentialBoundaryFailed": {
"title": "Credential boundary failed",
"body": "If credential boundary is not metadata-only or plaintext, token value, and raw secret boundaries are unclear, quarantine and request evidence refresh.",
"next": "refresh credential boundary; secret collection=false"
},
"maintenanceRollbackIncomplete": {
"title": "Maintenance and rollback incomplete",
"body": "If maintenance window, constraints, rollback owner, recovery path, or human contact is missing, it cannot enter human record owner review semantics.",
"next": "refresh maintenance / rollback; host change=false"
},
"runtimeGateStillRequired": {
"title": "Runtime gate still required",
"body": "Validation evidence or follow-up runtime gate pointer still requires a separate gate and cannot open from readiness review outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets": {
"title": "Host Owner Decision Record Human Record Owner Review Candidate Packets",
"subtitle": "Human record owner review candidate packets only organize metadata a future human record owner may need to inspect. They do not start handoff, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
"packetLabel": "Review candidate packet",
"guardLabel": "Guardrail",
"items": {
"reviewCandidateIdentity": {
"title": "Review candidate identity packet",
"body": "Organizes candidate id, source readiness outcome, version, trace pointer, and source queue review link so a future human record owner can understand provenance.",
"guard": "review started=0; decision record created=false"
},
"reviewOwnerBoundary": {
"title": "Review owner boundary packet",
"body": "Organizes human record owner, backup owner, contact channel, and responsibility boundary without treating owner contact as accepted work or a decision.",
"guard": "owner decision received=0; handoff started=0"
},
"reviewDecisionSummary": {
"title": "Review decision summary packet",
"body": "Organizes candidate decision summary, risk acceptance boundary, and no-execution statement so the review candidate is not mistaken for a formal record.",
"guard": "review ready=0; record accepted=0"
},
"reviewScopeExpiry": {
"title": "Review scope and expiry packet",
"body": "Organizes host, network, service, exclusion, observation intent, and expiry so the review candidate scope remains readable.",
"guard": "scope review only; runtime gate opened=false"
},
"reviewScanLimits": {
"title": "Review scan limits packet",
"body": "Organizes observe-only, future active scan, and credentialed scan limits while keeping active scan behind separate approval.",
"guard": "scan authorized=false; action buttons=false"
},
"reviewCredentialBoundary": {
"title": "Review credential boundary packet",
"body": "Organizes credential owner, retention, masking, and forbidden collection as metadata only; plaintext, token value, and raw secret are not collected.",
"guard": "secret collection=false; raw payload=false"
},
"reviewMaintenanceRollback": {
"title": "Review maintenance and rollback packet",
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.",
"guard": "host change=false; Kali update=false"
},
"reviewValidationRuntimeGate": {
"title": "Review validation and runtime gate packet",
"body": "Organizes validation evidence pointer, post-check metrics, and separate runtime gate requirement without opening a gate from the candidate packet.",
"guard": "runtime gate opened=false; runtime execution=false"
},
"reviewNoExecutionAttestation": {
"title": "Review no-execution attestation packet",
"body": "Fixes not authorization, no execution, no approval, and no runtime gate statements so the review candidate is not mistaken for approval.",
"guard": "not_authorization=true; approval record=false"
}
}
},
"hostOwnerDecisionRecordHumanRecordOwnerReviewCandidateChecklist": {
"title": "Host Owner Decision Record Human Record Owner Review Candidate Checklist",
"subtitle": "Human record owner review candidate checklist only checks whether candidate packets are readable. It does not mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
"checkLabel": "Review candidate check",
"guardLabel": "Guardrail",
"items": {
"candidateIdentityTraceable": {
"title": "Candidate identity traceable",
"body": "Checks that candidate id, source outcome, version, trace pointer, and queue review link are traceable.",
"guard": "check passed=0; review started=0"
},
"candidateOwnerBoundaryReadable": {
"title": "Candidate owner boundary readable",
"body": "Checks that human record owner, backup owner, contact channel, and responsibility boundary are readable without treating the owner as engaged.",
"guard": "owner decision received=0; review ready=0"
},
"candidateDecisionSummaryReadable": {
"title": "Candidate decision summary readable",
"body": "Checks that candidate decision summary, risk acceptance boundary, and no-execution statement are readable while remaining outside a formal decision record.",
"guard": "decision record created=false; accepted=0"
},
"candidateScopeExpiryCurrent": {
"title": "Candidate scope and expiry current",
"body": "Checks that host, network, service, exclusion, observation intent, and expiry remain within the candidate scope.",
"guard": "scope check only; runtime gate opened=false"
},
"candidateScanLimitsNotAuthorization": {
"title": "Candidate scan limits not authorization",
"body": "Checks that observe-only, future active scan, and credentialed scan limits are not written as scan authorization.",
"guard": "scan authorized=false; action buttons=false"
},
"candidateCredentialBoundaryMetadataOnly": {
"title": "Candidate credential boundary metadata-only",
"body": "Checks that credential owner, retention, masking, and forbidden collection remain metadata-only.",
"guard": "secret collection=false; raw payload=false"
},
"candidateMaintenanceRollbackTraceable": {
"title": "Candidate maintenance and rollback traceable",
"body": "Checks that maintenance window, constraints, rollback owner, recovery path, and human contact are traceable.",
"guard": "host change=false; Kali update=false"
},
"candidateValidationRuntimeGateSeparate": {
"title": "Candidate validation and runtime gate separate",
"body": "Checks that validation evidence pointer, post-check metrics, and runtime gate requirement remain separate.",
"guard": "runtime gate opened=false; runtime execution=false"
},
"candidateNoExecutionAttestationPresent": {
"title": "Candidate no-execution attestation present",
"body": "Checks that not authorization, no execution, no approval, and no runtime gate statements are visible.",
"guard": "not_authorization=true; approval record=false"
}
}
},
"hostOwnerDecisionRecordHumanRecordOwnerReviewCandidateOutcomes": {
"title": "Host Owner Decision Record Human Record Owner Review Candidate Outcome Lanes",
"subtitle": "Human record owner review candidate outcome lanes only display next-step routing after candidate checklist. They do not mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
"laneLabel": "Review candidate outcome",
"nextLabel": "Next step",
"items": {
"readyForHumanRecordOwnerReviewPreparation": {
"title": "Ready for human record owner review preparation candidate",
"body": "All candidate checklist read-only conditions can be prepared for a future human record owner review surface, but this remains a preparation candidate.",
"next": "display only; review started=0"
},
"identityTraceNeedsRefresh": {
"title": "Identity trace needs refresh",
"body": "Candidate identity, source outcome, version, trace pointer, or queue review link needs refresh before the next layer.",
"next": "refresh identity trace; check passed=0"
},
"ownerBoundaryNeedsClarification": {
"title": "Owner boundary needs clarification",
"body": "Human record owner, backup owner, contact channel, or responsibility boundary still needs clarification and cannot count as owner engagement.",
"next": "clarify owner boundary; decision received=0"
},
"decisionSummaryNeedsClarification": {
"title": "Decision summary needs clarification",
"body": "Candidate decision summary, risk acceptance boundary, or no-execution statement is still unclear and cannot create a formal record.",
"next": "clarify summary; record created=false"
},
"scopeExpiryNeedsRefresh": {
"title": "Scope and expiry need refresh",
"body": "Host, network, service, exclusion, observation intent, or expiry needs refresh before moving into the next human preparation layer.",
"next": "refresh scope; review ready=0"
},
"scanLimitsRemainAmbiguous": {
"title": "Scan limits remain ambiguous",
"body": "Observe-only, future active scan, or credentialed scan limits may still be mistaken for authorization and must remain routed to clarification.",
"next": "clarify limits; scan authorized=false"
},
"credentialBoundaryFailed": {
"title": "Credential boundary failed",
"body": "Credential owner, retention, masking, or forbidden collection failed the metadata-only boundary and must be quarantined.",
"next": "quarantine credential boundary; secret collection=false"
},
"maintenanceRollbackIncomplete": {
"title": "Maintenance and rollback incomplete",
"body": "Maintenance window, constraints, rollback owner, recovery path, or human contact is incomplete and cannot lead to host change.",
"next": "complete maintenance data; host change=false"
},
"runtimeGateStillRequired": {
"title": "Runtime gate still required",
"body": "Validation evidence, post-check metrics, or follow-up runtime gate pointer still requires an independent gate and cannot open from candidate outcome.",
"next": "active runtime gates=0; action buttons=false"
}
}
},
"hostOwnerDecisionRecordHumanRecordOwnerReviewPreparationPackets": {
"title": "Host Owner Decision Record Human Record Owner Review Preparation Packets",
"subtitle": "Human record owner review preparation packets only organize metadata needed by a future human record owner review surface. They do not mark preparation completed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
"packetLabel": "Review preparation packet",
"guardLabel": "Guardrail",
"items": {
"preparationIdentityTrace": {
"title": "Preparation identity trace packet",
"body": "Organizes preparation id, source candidate outcome, version, trace pointer, and candidate checklist link so a future review surface can trace provenance.",
"guard": "prepared=0; review started=0"
},
"preparationOwnerBoundary": {
"title": "Preparation owner boundary packet",
"body": "Organizes human record owner, backup owner, contact channel, responsibility boundary, and open clarifications without treating owner as engaged or decided.",
"guard": "owner decision received=0; review ready=0"
},
"preparationDecisionSummary": {
"title": "Preparation decision summary packet",
"body": "Organizes candidate decision summary, risk acceptance boundary, no-execution statement, and formal record preface while remaining outside a decision record.",
"guard": "decision record created=false; accepted=0"
},
"preparationScopeExpiry": {
"title": "Preparation scope and expiry packet",
"body": "Organizes host, network, service, exclusion, observation intent, expiry, and refresh need so the preparation layer remains read-only visible.",
"guard": "scope preparation only; runtime gate opened=false"
},
"preparationScanLimits": {
"title": "Preparation scan limits packet",
"body": "Organizes observe-only, future active scan, credentialed scan limits, and scan boundaries that still require separate approval.",
"guard": "scan authorized=false; action buttons=false"
},
"preparationCredentialBoundary": {
"title": "Preparation credential boundary packet",
"body": "Organizes credential owner, retention, masking, forbidden collection, and quarantine rules while allowing metadata only.",
"guard": "secret collection=false; raw payload=false"
},
"preparationMaintenanceRollback": {
"title": "Preparation maintenance and rollback packet",
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.",
"guard": "host change=false; Kali update=false"
},
"preparationValidationRuntimeGate": {
"title": "Preparation validation and runtime gate packet",
"body": "Organizes validation evidence pointer, post-check metrics, and independent runtime gate requirement without opening a gate from preparation packet.",
"guard": "runtime gate opened=false; runtime execution=false"
},
"preparationNoExecutionAttestation": {
"title": "Preparation no-execution attestation packet",
"body": "Fixes not authorization, no execution, no approval, and no runtime gate statements so the preparation packet is not mistaken for approval.",
"guard": "not_authorization=true; approval record=false"
}
}
},
"hostOwnerDecisionRecordHumanRecordOwnerReviewPreparationChecklist": {
"title": "Host Owner Decision Record Human Record Owner Review Preparation Checklist",
"subtitle": "Human record owner review preparation checklist only checks whether preparation packets are readable. It does not mark preparation completed, mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
"checkLabel": "Review preparation check",
"guardLabel": "Guardrail",
"items": {
"preparationIdentityTraceReadable": {
"title": "Preparation identity trace readable",
"body": "Checks that preparation id, source candidate outcome, version, trace pointer, and candidate checklist link are traceable.",
"guard": "prepared=0; check passed=0"
},
"preparationOwnerBoundaryReadable": {
"title": "Preparation owner boundary readable",
"body": "Checks that human record owner, backup owner, contact channel, responsibility boundary, and open clarifications are readable without treating the owner as engaged.",
"guard": "owner decision received=0; review ready=0"
},
"preparationDecisionSummaryReadable": {
"title": "Preparation decision summary readable",
"body": "Checks that candidate decision summary, risk acceptance boundary, no-execution statement, and formal record preface are readable while remaining outside a decision record.",
"guard": "decision record created=false; accepted=0"
},
"preparationScopeExpiryCurrent": {
"title": "Preparation scope and expiry current",
"body": "Checks that host, network, service, exclusion, observation intent, expiry, and refresh need remain readable within the preparation layer.",
"guard": "scope check only; runtime gate opened=false"
},
"preparationScanLimitsNotAuthorization": {
"title": "Preparation scan limits not authorization",
"body": "Checks that observe-only, future active scan, and credentialed scan limits are not written as scan authorization.",
"guard": "scan authorized=false; action buttons=false"
},
"preparationCredentialBoundaryMetadataOnly": {
"title": "Preparation credential boundary metadata-only",
"body": "Checks that credential owner, retention, masking, forbidden collection, and quarantine rules remain metadata-only.",
"guard": "secret collection=false; raw payload=false"
},
"preparationMaintenanceRollbackTraceable": {
"title": "Preparation maintenance and rollback traceable",
"body": "Checks that maintenance window, constraints, rollback owner, recovery path, and human contact are traceable.",
"guard": "host change=false; Kali update=false"
},
"preparationValidationRuntimeGateSeparate": {
"title": "Preparation validation and runtime gate separate",
"body": "Checks that validation evidence pointer, post-check metrics, and independent runtime gate requirement remain separate.",
"guard": "runtime gate opened=false; runtime execution=false"
},
"preparationNoExecutionAttestationPresent": {
"title": "Preparation no-execution attestation present",
"body": "Checks that not authorization, no execution, no approval, and no runtime gate statements are visible so the checklist is not mistaken for approval.",
"guard": "not_authorization=true; approval record=false"
}
}
},
"progressHoldMovementGates": {
"title": "Why 58% Is Still Holding",
"subtitle": "S2.50 把 headline 進度的移動門檻直接顯示出來:目前不是沒有推進,而是五個會讓 58% 進入下一輪重估的閘門都還沒有實質 evidence。框架、文件、前端可見性會累積在 86-88% 框架進度,但不會灌水成落地百分比。",
"gateLabel": "Movement gate",
"moveLabel": "When it moves",
"guardLabel": "No inflation rule",
"items": {
"ownerResponseAccepted": {
"title": "Owner response accepted is still 0",
"body": "S4.9-S4.12 still have no owner response received / accepted; S4.9 is request-ready only.",
"move": "The headline can be reviewed after the first redacted owner responses pass S4.9 preflight and the S4.13 rollup.",
"guard": "Do not treat request-ready, templates, preflight, or focus as received / accepted."
},
"redactedPayloadIngested": {
"title": "Redacted payload ingestion is not enabled",
"body": "Evidence refs, redaction examples, quarantine, and preflight exist, but there is no accepted payload ingestion yet.",
"move": "Runtime landing can be reviewed after redacted payloads are approved, pass preflight, and enter read-only ingestion.",
"guard": "No raw payloads, credential plaintext, or doc examples as ingestion."
},
"activeRuntimeGate": {
"title": "Active runtime gate is still 0",
"body": "Kali `/execute`, SSH, host updates, blocking control, repo / refs / workflow actions remain outside an active gate.",
"move": "It moves only after human approval, scope, rollback, post-check metrics, and a separate active runtime gate.",
"guard": "Do not open runtime gates from IwoooS, progress numbers, or checklists."
},
"githubPrimaryReady": {
"title": "GitHub primary ready is still 0",
"body": "GitHub targets, refs truth, workflow / secret name parity, and rollback ADR are still in owner-response / readiness phases.",
"move": "primary_ready_count can become greater than 0 after at least one repo passes target, refs, workflow / secret name, and rollback readiness.",
"guard": "No repo creation, refs sync, primary switch, or candidate as readiness."
},
"awooopReadOnlyLanding": {
"title": "AwoooP landing is not yet production-consumed",
"body": "IwoooS is visible, but the AwoooP main line still needs read-only consumption of rollup, evidence refs, and guard results without execution routing.",
"move": "User-visible progress improves after AwoooP consumes this state read-only and passes guard checks, still without production execution.",
"guard": "Read-only landing is not an action button, approval, runtime execution, or blocking control."
}
}
},
"headlineMovementAcceptanceGate": {
"title": "58% 重估驗收閘門",
"subtitle": "S2.100 把下一次 headline 能不能從 58% 往前推的判定規則固定下來:只有真正收到並驗收脫敏負責人回覆、脫敏匯入、人工 runtime gate、GitHub 主要來源就緒或 AwoooP production landing evidence才會開啟重估目前五個移動訊號仍都是 0 / false。",
"gateLabel": "重估 gate",
"acceptanceLabel": "驗收條件",
"guardLabel": "仍禁止",
"boundaryTitle": "進度重估邊界",
"summary": {
"headline": {
"label": "目前 headline",
"detail": "仍維持 58%,不把框架層堆疊灌水成落地執行。"
},
"signals": {
"label": "移動訊號",
"detail": "五個高層 gate 目前全部未滿足。"
},
"s49Accepted": {
"label": "S4.9 accepted",
"detail": "五個 owner response template 尚未收到可接受 evidence。"
},
"review": {
"label": "重估紀錄",
"detail": "尚未開啟 headline review record。"
}
},
"items": {
"s49OwnerResponseAccepted": {
"title": "S4.9 負責人回覆驗收",
"body": "下一個真正會推動 58% 的 P0 是 Gitea owner attestationpublic-only / local gap、org/user endpoint、110 adjacent scope、repo owner canonical scope、legacy / inaccessible disposition 五項要收到脫敏 evidence。",
"acceptance": "五項都通過 preflight 與 S4.13 validation rollup才可記錄 owner_response_accepted_count > 0。",
"guard": "不代填、不催收、不標記 received / accepted、不建立審批紀錄。"
},
"redactedPayloadAccepted": {
"title": "脫敏 payload 匯入驗收",
"body": "只有 redacted metadata pointer 可以進入只讀收件與驗收;原始 dump、git object、token、cookie、private key 或 credential plaintext 都要隔離。",
"acceptance": "人工批准 ingestion path、preflight 通過、quarantine 結果可追溯後payloads_ingested 才可改變。",
"guard": "不收明文機密、不保存原始載荷、不把文件範例當匯入完成。"
},
"runtimeGateApproved": {
"title": "執行期閘門人工批准",
"body": "Kali `/execute`、SSH、主機更新、掃描、修復、blocking control 與部署都必須另開人工 runtime gate。",
"acceptance": "scope、rollback、maintenance window、post-check metrics 與人工批准都到齊後active_runtime_gate_count 才能大於 0。",
"guard": "IwoooS 沒有執行按鈕;進度看板不能啟動 runtime。"
},
"githubPrimaryEvidenceReady": {
"title": "GitHub 主要來源就緒證據",
"body": "Gitea 轉 GitHub 的長期方向需要 target owner、visibility、refs truth、workflow / secret name parity 與 rollback ADR 都能驗證。",
"acceptance": "至少一批 repo 有完整負責人回覆與 rollback readinessprimary_ready_count 才能從 0 往上。",
"guard": "不建立 repo、不同步 refs、不改 workflow / secret、不切主要來源、不停用 Gitea。"
},
"awooopProductionLandingProof": {
"title": "AwoooP 正式只讀消費證據",
"body": "使用者要有感AwoooP 主線必須能只讀消費 rollup、evidence refs、guard result 與 forbidden actions。",
"acceptance": "有 PR / deployment proof 證明 production 主線只讀顯示,且沒有接 execution router才可視為 landing evidence。",
"guard": "只讀 landing 不是 approval、action button、execution router 或 blocking control。"
},
"nextHeadlineReviewRecord": {
"title": "下一次 headline review record",
"body": "等任一高層 gate 真的有 evidence 後,才建立重估紀錄,說明為何從 58% 調整或為何仍維持。",
"acceptance": "review record 必須引用具體 evidence refs、guard output、風險邊界與禁止動作清單。",
"guard": "不因為新增看板、文件或清單就調整 headline。"
}
}
},
"sourceControlReadiness": {
"title": "GitHub Primary Readiness",
"subtitle": "The long-term Gitea-to-GitHub direction is shown as read-only readiness: candidate repos, owner responses, refs truth, workflow / secret names, and rollback ADR must all be present before primary_ready_count can be reviewed.",
"gateLabel": "Readiness gate",
"guardLabel": "Still forbidden",
"items": {
"candidateRepos": {
"title": "Candidate repo inventory",
"body": "8 candidate repos and 7 in-scope repos are visible for inventory and owner-evidence alignment only.",
"guard": "No GitHub repo creation or visibility changes."
},
"primaryReady": {
"title": "primary_ready_count remains 0",
"body": "No repo has passed target, refs, workflow / secret name, and rollback readiness yet.",
"guard": "No GitHub primary switch and no Gitea disablement."
},
"ownerResponses": {
"title": "Owner responses are still waiting",
"body": "S4.9-S4.12 include 22 templates; received=0 and accepted=0.",
"guard": "Do not treat request-ready as response accepted."
},
"refsTruth": {
"title": "Refs truth is not accepted",
"body": "main / dev truth, release tags, and deprecated refs still need owner decisions.",
"guard": "No refs push, delete, or force push."
},
"workflowSecrets": {
"title": "Workflow / secret names are incomplete",
"body": "Workflow, runner, webhook, and secret-name parity evidence is still missing for 7 in-scope repos.",
"guard": "Collect names and owners only, never secret values."
},
"rollbackAdr": {
"title": "Rollback ADR is not approved",
"body": "Rollback owner, validation window, and trigger details still need human review for 7 in-scope repos.",
"guard": "No cutover dry-run and no primary switch."
}
}
},
"awooopCoverage": {
"title": "AwoooP 資安入口覆蓋狀態",
"subtitle": "把 AwoooP 8 個實際入口目前已接上的 IwoooS / 負責人回覆驗收邊界集中顯示。這只是入口覆蓋,不代表審批、執行、專案庫、分支 / 標籤參照、工作流程 / 機密設定、主要來源切換或 Gitea 停用授權。",
"routeLabel": "入口路徑",
"stageLabel": "完成階段",
"boundaryLabel": "仍維持",
"guardTitle": "覆蓋狀態不會打開的邊界",
"summary": {
"routes": {
"label": "AwoooP 入口",
"detail": "8 個實際頁面已列入資安邊界地圖。"
},
"covered": {
"label": "已可見覆蓋",
"detail": "首頁、工作鏈路、合約、租戶、執行監控、執行詳情、審批佇列與審批決策。"
},
"runtimeGates": {
"label": "執行期閘門",
"detail": "仍為 0入口覆蓋不會開閘門。"
},
"actions": {
"label": "執行按鈕",
"detail": "仍為 0不新增掃描、執行或修復。"
}
},
"items": {
"home": {
"title": "AwoooP 首頁",
"body": "S2.72 顯示負責人回覆驗收總覽,讓首頁可以理解整體資安網進度。",
"boundary": "只讀總覽,不建立審批紀錄或執行期閘門。"
},
"workItems": {
"title": "工作鏈路",
"body": "S2.73 把負責人回覆驗收候選放進工作項語境,方便追蹤但不推動執行。",
"boundary": "只建立可見工作項,不建立平台執行或修復動作。"
},
"contracts": {
"title": "合約儀表板",
"body": "S2.74 顯示資安合約與負責人回覆驗收候選,讓契約來源可追溯。",
"boundary": "不發布合約修訂、不改生命週期、不開主要來源切換。"
},
"approvals": {
"title": "審批佇列",
"body": "S2.75 顯示審批佇列的負責人回覆驗收邊界,避免把可見焦點誤當批准。",
"boundary": "不建立批准紀錄、不標記負責人回覆已收到或已接受。"
},
"tenants": {
"title": "租戶範圍",
"body": "S2.76 顯示租戶如何理解負責人回覆驗收範圍,但不修改租戶政策。",
"boundary": "不改租戶設定、不建立專案庫、不改分支或標籤參照。"
},
"runs": {
"title": "執行監控",
"body": "S2.77 顯示執行監控的負責人回覆驗收邊界,避免把監控可見性誤當執行。",
"boundary": "不建立平台執行、不接執行路由器、不呼叫外部工具。"
},
"runDetail": {
"title": "執行詳情",
"body": "S2.78 在單一執行詳情顯示驗收邊界與來源回覆包,讓檢視時仍保留只讀語義。",
"boundary": "不啟動工具、不補救、不建立執行期閘門。"
},
"approvalDecision": {
"title": "審批決策",
"body": "S2.79 在真正核准 / 拒絕前顯示審批決策與負責人回覆驗收分離。",
"boundary": "核准執行不等於負責人回覆已接受,也不等於資安落地執行。"
}
}
},
"securityConvergenceRoadmap": {
"title": "階段式資安收斂節奏",
"subtitle": "把目前的收斂策略明確寫在 IwoooS初期先做可視化與提醒不直接阻擋等負責人回覆、脫敏證據、人工審查、回滾條件與後驗證都齊全再分階段收緊。",
"movementLabel": "推進條件",
"guardLabel": "仍不會做",
"boundaryTitle": "逐步收緊仍維持的保護線",
"summary": {
"mode": {
"label": "目前節奏",
"value": "先可視",
"detail": "初期只做觀察與提醒,不直接阻擋產品流程。"
},
"coverage": {
"label": "入口覆蓋",
"detail": "AwoooP 8 個實際入口已可見資安邊界。"
},
"accepted": {
"label": "已接受回覆",
"detail": "S4.9-S4.12 仍是 0不能把看板當收件完成。"
},
"runtime": {
"label": "執行期閘門",
"detail": "仍為 0所有執行仍要獨立人工批准。"
}
},
"items": {
"visibilityFirst": {
"title": "先建立可視框架",
"body": "AwoooP 8 個入口已能看到 IwoooS 邊界與目前狀態,讓使用者知道資安網正在形成。",
"movement": "下一步是把覆蓋狀態與負責人回覆缺口保持同步,不急著阻擋。",
"guard": "不把入口覆蓋當成審批、執行、阻擋或落地授權。"
},
"ownerResponse": {
"title": "等待負責人回覆",
"body": "22 個回覆範本仍等待脫敏回覆;這是後續真正收緊前的第一個高層門檻。",
"movement": "收到並通過驗收後,才重新評估下一輪收斂幅度。",
"guard": "不把請求已準備好當成已收到或已接受。"
},
"redactedEvidence": {
"title": "收脫敏證據",
"body": "目前沒有匯入 payload後續只能先收可驗證、可隔離、可回溯的脫敏證據。",
"movement": "schema、遮罩、來源、隔離與拒收規則都通過後才進入下一步。",
"guard": "不收機密明文值、不保存 token value、不直接改外部系統。"
},
"humanDecision": {
"title": "人工審查後再升級",
"body": "資安收斂要經過人工審查與風險分級,避免初期把 LOW / MEDIUM 訊號直接變成阻擋。",
"movement": "人工決策、範圍、維護窗口、回滾與後驗證條件齊全才升級。",
"guard": "不讓單一看板或進度數字自動提高限制。"
},
"runtimeGate": {
"title": "最後才開執行期閘門",
"body": "目前主動執行期閘門仍為 0任何 Kali、SSH、主機更新或修復都還在獨立批准之外。",
"movement": "只有人工批准、範圍、回滾與後驗證完整時,才另開執行期閘門。",
"guard": "不從 IwoooS 前端建立掃描、執行、修復或主機更新動作。"
},
"sourceControlCutover": {
"title": "主要來源切換排最後",
"body": "GitHub 主要來源、Gitea 停用、分支 / 標籤參照與工作流程 / 機密設定仍全部等待負責人證據。",
"movement": "至少一批專案庫完成目標、分支 / 標籤、工作流程 / 機密名稱與回滾就緒後才重估。",
"guard": "不建立專案庫、不改可見性、不同步參照、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseCollectionBoard": {
"title": "下一步人工收件作戰板",
"subtitle": "把真正能推動 58% 的下一步集中顯示S4.9-S4.12 四包負責人回覆都還是 0 已收到 / 0 已接受。本看板只讓人知道要收什麼,不會寄送、建立、接受或執行任何動作。",
"packetLabel": "收件包",
"movementLabel": "收件條件",
"guardLabel": "仍不會做",
"boundaryTitle": "收件作戰板維持的保護線",
"summary": {
"packets": {
"label": "收件包",
"detail": "S4.9-S4.12 四包都已可見,但還沒收到。"
},
"templates": {
"label": "必備回覆",
"detail": "22 個負責人回覆範本仍需人工提供。"
},
"received": {
"label": "已收到",
"detail": "目前為 0不能把可見請求當成回覆。"
},
"accepted": {
"label": "已接受",
"detail": "目前為 0不能把收件作戰板當審批。"
}
},
"items": {
"giteaAttestation": {
"title": "Gitea 清冊負責人證明",
"body": "需要每個範圍內專案庫的負責人、目前用途、是否保留、是否轉 GitHub 與脫敏證據。",
"movement": "五項證明都齊全後,才允許進入負責人回覆驗收。",
"guard": "不建立、不刪除、不停用 Gitea 專案庫,也不改可見性。"
},
"githubTarget": {
"title": "GitHub 目標負責人決策",
"body": "需要確認目標 org / repo、可見性、分支保護、CODEOWNERS、CI 計費與回滾窗口。",
"movement": "七項目標決策都齊全後,才重新評估 GitHub 主要來源路線。",
"guard": "不建立 GitHub repo、不切主要來源、不啟用額外計費流程。"
},
"refsTruth": {
"title": "分支 / 標籤真相回覆",
"body": "需要 main、dev、release tag、deprecated refs 與保留策略的負責人判定。",
"movement": "五項 refs 真相都齊全後,才允許規劃同步或清理方案。",
"guard": "不同步、不刪除、不 force push 任何分支或標籤參照。"
},
"workflowSecretNames": {
"title": "工作流程 / 機密名稱回覆",
"body": "需要 workflow、runner、webhook、secret name parity 與部署責任人的脫敏回覆。",
"movement": "五項名稱與責任範圍齊全後,才允許進入設定差異審查。",
"guard": "不收機密明文值、不修改工作流程、不注入或旋轉 secret。"
}
}
},
"ownerResponseIntakeSafetyBoard": {
"title": "人工回覆安全驗收閘道",
"subtitle": "把收件後怎麼判定可收、補證、隔離或拒收先攤開。現在匯入=0、隔離=0、拒收=0這只是驗收規則可見不會自動匯入、通知、修復或升高限制。",
"laneLabel": "驗收分流",
"ruleLabel": "判定方式",
"guardLabel": "仍不會做",
"boundaryTitle": "驗收閘道維持的保護線",
"summary": {
"rules": {
"label": "安全規則",
"detail": "六條驗收分流先可見,避免收件後臨時判斷。"
},
"ingested": {
"label": "已匯入",
"detail": "目前為 0還沒有任何人工回覆進入正式匯入。"
},
"quarantined": {
"label": "已隔離",
"detail": "目前為 0若含機密明文值才會進隔離。"
},
"rejected": {
"label": "已拒收",
"detail": "目前為 0拒收規則只是先讓邊界透明。"
}
},
"items": {
"redactedEvidenceOnly": {
"title": "只接受脫敏證據",
"body": "人工回覆必須能對照來源、負責人、範圍與遮罩後證據,才能進入驗收。",
"rule": "缺少可驗證脫敏證據時,只能標記補證,不得匯入正式狀態。",
"guard": "不把自由文字、截圖或未遮罩內容當成已接受回覆。"
},
"ownerScopeCompletion": {
"title": "負責人範圍要齊全",
"body": "每包回覆都要有負責人、專案庫或範圍、決策、證據指標與回滾關聯。",
"rule": "範圍不完整時維持等待或補證,不得推動主要來源或收斂升級。",
"guard": "不把單一負責人口頭確認當成全部 S4.9-S4.12 驗收完成。"
},
"secretValueQuarantine": {
"title": "機密明文直接隔離",
"body": "任何權杖、密碼、私鑰、webhook 機密或可重用憑證值都不能進一般收件。",
"rule": "出現機密明文值時只能隔離並要求重提脫敏版本。",
"guard": "不保存、不展示、不複製、不轉送、不旋轉任何機密明文值。"
},
"repoMutationRequest": {
"title": "專案庫動作要求先拒收",
"body": "人工回覆若夾帶建立、刪除、改可見性或轉移專案庫要求,必須與收件驗收分離。",
"rule": "專案庫動作只能另走人工批准與回滾方案,不進收件作戰板。",
"guard": "不建立 GitHub 專案庫、不停用 Gitea、不改專案庫可見性。"
},
"refsMutationRequest": {
"title": "分支 / 標籤動作要求先拒收",
"body": "人工回覆可以描述分支 / 標籤真相,但不能在同一包裡要求同步、刪除或強制推送。",
"rule": "含分支 / 標籤異動要求時先拒收動作部分,只保留脫敏事實供人工審查。",
"guard": "不同步、不刪除、不強制推送任何分支或標籤參照。"
},
"runtimeExecutionRequest": {
"title": "執行要求一律另開閘門",
"body": "任何 Kali、SSH、主機更新、掃描、修復或部署要求都不能混在負責人回覆驗收裡。",
"rule": "執行要求只能另走人工批准、維護窗口、回滾與後驗證流程。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不建立執行期閘門。"
}
}
},
"ownerResponseReviewOutcomeBoard": {
"title": "人工回覆審查結果分流",
"subtitle": "把安全驗收後可能進入的結果先放到 IwoooS維持等待、要求補證、可進人工審查、隔離、拒收、只讀更新、需要人工決策。現在可審=0、已接受=0、執行期閘門=0分流只是讓流程透明不會自動批准或執行。",
"laneLabel": "結果分流",
"resultLabel": "審查結果",
"guardLabel": "仍不會做",
"boundaryTitle": "審查結果分流維持的保護線",
"summary": {
"lanes": {
"label": "結果分流",
"detail": "七條結果分流先可見,避免人工審查後語義混亂。"
},
"ready": {
"label": "可審",
"detail": "目前為 0還沒有任何回覆進入人工審查。"
},
"accepted": {
"label": "已接受",
"detail": "目前為 0分流不等於接受。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0審查結果不會自動開閘門。"
}
},
"items": {
"remainWaiting": {
"title": "維持等待",
"body": "回覆還沒到、來源不明或仍等待負責人確認時,狀態維持等待。",
"result": "只顯示等待原因,不建立審查紀錄、不提高進度。",
"guard": "不把等待狀態當成已收到或已接受。"
},
"needsEvidence": {
"title": "要求補證",
"body": "回覆內容有方向但缺少脫敏證據、範圍、負責人或回滾關聯時,先要求補證。",
"result": "只回到人工補證佇列,不進入主要來源或執行期判定。",
"guard": "不因為有部分內容就推動 GitHub、Gitea、分支 / 標籤或工作流程動作。"
},
"readyForHumanReview": {
"title": "可進人工審查",
"body": "脫敏證據、範圍、負責人與決策欄位都齊全時,才標示可進人工審查。",
"result": "只代表可由人審查,不代表已接受或已批准。",
"guard": "不自動接受、不建立執行期閘門、不改外部系統。"
},
"quarantined": {
"title": "隔離處理",
"body": "含機密明文、來源衝突或不可驗證資料時,結果只能進隔離。",
"result": "隔離結果只保留最小必要中繼資訊與補提方向。",
"guard": "不展示、不保存、不轉送任何機密明文值。"
},
"rejected": {
"title": "拒收",
"body": "回覆要求越權、夾帶執行、夾帶專案庫異動或無法脫敏時,必須拒收。",
"result": "拒收只關閉該回覆輸入,不代表整個資安工作停止。",
"guard": "不把拒收轉成自動修復、刪除、停用或封鎖。"
},
"readonlyUpdate": {
"title": "只讀狀態更新",
"body": "若人工審查只確認事實狀態,可以更新只讀看板與證據參照。",
"result": "只更新已提交文件、快照或顯示狀態。",
"guard": "不改執行期、不改專案庫、不改分支 / 標籤、不改工作流程 / 機密設定。"
},
"humanDecisionRequired": {
"title": "需要人工決策",
"body": "涉及主要來源、回滾、維護窗口、部署或阻擋升級時,必須另走人工決策。",
"result": "只能產生人工決策需求,不產生執行命令。",
"guard": "不切主要來源、不停用 Gitea、不呼叫 Kali、不開 SSH。"
}
}
},
"ownerResponseHumanDecisionQueueBoard": {
"title": "人工決策準備佇列",
"subtitle": "把需要人工決策前必須整理的資料先放到 IwoooS決策包草稿、證據追溯包、審查人指派、回滾窗口候選、執行期閘門分離與主要來源切換分離。現在可決策=0、已批准=0、執行期閘門=0這只是準備佇列不會建立審批紀錄或執行命令。",
"queueLabel": "準備佇列",
"prepLabel": "準備內容",
"guardLabel": "仍不會做",
"boundaryTitle": "人工決策準備佇列維持的保護線",
"summary": {
"queueItems": {
"label": "準備項",
"detail": "六個人工決策前置項目先可見,避免審查結果直接跳到批准。"
},
"ready": {
"label": "可決策",
"detail": "目前為 0還沒有任何回覆整理成可決策包。"
},
"approved": {
"label": "已批准",
"detail": "目前為 0準備佇列不等於人工批准。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0人工決策準備不會開啟執行期。"
}
},
"items": {
"decisionPacketDraft": {
"title": "決策包草稿",
"body": "把審查結果、負責人範圍、脫敏證據與待決策問題整理成草稿。",
"prep": "只產生可讀草稿,不建立正式人工決策紀錄。",
"guard": "不把草稿當批准、不提高進度、不啟動任何動作。"
},
"evidenceTraceBundle": {
"title": "證據追溯包",
"body": "整理來源、快照、證據參照與遮罩狀態,讓審查人能追溯每個判斷。",
"prep": "只引用已提交或脫敏證據,不收原始載荷或機密明文值。",
"guard": "不保存、不展示、不轉送任何機密明文值。"
},
"reviewerAssignment": {
"title": "審查人指派",
"body": "標示哪一類人需要看:專案庫負責人、資安審查人、部署責任人或主要來源負責人。",
"prep": "只顯示需要哪種審查角色,不自動通知或催收。",
"guard": "不建立審批紀錄、不代替人工簽核、不發送外部命令。"
},
"rollbackWindowCandidate": {
"title": "回滾窗口候選",
"body": "若決策會影響主要來源、部署、維護窗口或阻擋升級,先標出回滾窗口需求。",
"prep": "只列出候選窗口與待補證據,等待人工確認。",
"guard": "不安排維護、不部署、不切換主要來源。"
},
"runtimeGateSeparated": {
"title": "執行期閘門分離",
"body": "任何掃描、主機更新、修復、部署或阻擋控制都必須從決策準備中拆出去。",
"prep": "只保留需要另開執行期閘門的標記。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不建立執行期閘門。"
},
"sourceControlCutoverSeparated": {
"title": "主要來源切換分離",
"body": "GitHub 主要來源、Gitea 停用、分支 / 標籤參照或工作流程 / 機密設定都不能由準備佇列直接推進。",
"prep": "只把主要來源相關缺口列入待人工決策清單。",
"guard": "不建立專案庫、不改可見性、不同步參照、不停用 Gitea。"
}
}
},
"ownerResponseDecisionRecordDraftGuardBoard": {
"title": "人工決策紀錄草稿防誤用",
"subtitle": "即使未來開始整理人工決策紀錄,也必須先保護語義:草稿不是正式紀錄,正式紀錄不是執行命令,批准也不能自動推動主機、專案庫或主要來源切換。現在草稿=0、正式紀錄=0、已批准=0、執行期閘門=0。",
"guardItemLabel": "防誤用線",
"draftLabel": "草稿要求",
"guardLabel": "仍不會做",
"boundaryTitle": "人工決策紀錄草稿維持的保護線",
"summary": {
"guards": {
"label": "防誤用線",
"detail": "六條草稿保護線先可見,避免把紀錄草稿當正式批准。"
},
"drafts": {
"label": "草稿",
"detail": "目前為 0還沒有任何正式決策紀錄草稿。"
},
"formalRecords": {
"label": "正式紀錄",
"detail": "目前為 0草稿不等於正式紀錄。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0紀錄草稿不會啟動執行期。"
}
},
"items": {
"recordIdentityDraft": {
"title": "紀錄身分草稿",
"body": "每一份決策紀錄草稿都需要唯一身分、來源階段與對應證據參照,避免口頭決策散落。",
"draft": "只建立草稿身分欄位,不建立正式紀錄。",
"guard": "不把草稿編號當批准編號,也不提高整體進度。"
},
"decisionScopeSnapshot": {
"title": "決策範圍快照",
"body": "草稿必須標出適用專案庫、主機、服務、分支 / 標籤或工作流程範圍。",
"draft": "只引用已提交快照與脫敏證據,不讀取或修改外部系統。",
"guard": "不建立專案庫、不改分支 / 標籤、不改工作流程 / 機密設定。"
},
"reviewerRolePlaceholder": {
"title": "審查角色預留",
"body": "草稿只標示需要哪一類審查角色,讓後續人工簽核能找對人。",
"draft": "只保留角色欄位,不代填姓名、不自動通知、不催收。",
"guard": "不建立審批紀錄、不替人簽核、不產生外部任務。"
},
"evidenceVersionFreeze": {
"title": "證據版本凍結",
"body": "草稿要鎖定當下引用的文件、快照與證據版本,避免決策後證據漂移。",
"draft": "只凍結參照版本,不複製機密、不保存原始載荷。",
"guard": "不展示、不保存、不轉送任何機密明文值。"
},
"approvalNotExecutionBoundary": {
"title": "批准不等於執行",
"body": "即使未來有人工批准,也必須另外拆出執行期、維護窗口、回滾與後驗證。",
"draft": "只把需要另開執行期閘門的欄位標出。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不部署。"
},
"followupRuntimeGatePointer": {
"title": "後續執行期指標",
"body": "若決策牽涉掃描、修復、部署、主要來源切換或阻擋升級,草稿只能留下後續閘門指標。",
"draft": "只標記後續要走哪個人工閘門,不建立執行命令。",
"guard": "不切主要來源、不停用 Gitea、不建立執行期閘門。"
}
}
},
"ownerResponseFormalRecordCandidatePreflightBoard": {
"title": "人工決策正式紀錄候選預檢",
"subtitle": "草稿若要往正式紀錄候選前進,必須先通過七個完整性檢查;候選仍不是正式紀錄、不是人工批准,也不能啟動主機、專案庫、工作流程、主要來源或執行期閘門。現在候選=0、正式紀錄=0、已批准=0、執行期閘門=0。",
"checkItemLabel": "候選預檢",
"preflightLabel": "預檢要求",
"guardLabel": "仍不會做",
"boundaryTitle": "正式紀錄候選維持的保護線",
"summary": {
"checks": {
"label": "預檢項",
"detail": "七項正式紀錄候選檢查先可見,避免草稿直接升格。"
},
"candidates": {
"label": "候選",
"detail": "目前為 0還沒有任何正式紀錄候選。"
},
"formalRecords": {
"label": "正式紀錄",
"detail": "目前為 0候選不等於正式紀錄。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0正式紀錄候選不會啟動執行期。"
}
},
"items": {
"candidateIdentityTrace": {
"title": "候選身分追溯",
"body": "候選必須追溯到原始草稿、收件包、審查結果與證據版本,避免跳過中間狀態。",
"preflight": "只檢查追溯欄位是否齊全,不建立正式紀錄。",
"guard": "不把候選編號當正式紀錄編號或批准編號。"
},
"reviewerIdentityBoundary": {
"title": "審查人身分邊界",
"body": "候選只標記需要哪一類人工審查與簽核角色,不能自動代填或代簽。",
"preflight": "只檢查角色欄位、責任範圍與待補欄位。",
"guard": "不自動通知、不建立審批紀錄、不替任何人批准。"
},
"evidenceVersionChain": {
"title": "證據版本鏈",
"body": "候選要能連回已提交、已脫敏且可查的證據版本,避免引用漂移或口頭資訊。",
"preflight": "只檢查證據參照與版本鏈,不讀取外部系統。",
"guard": "不保存、不展示、不轉送機密明文或原始載荷。"
},
"scopeAndExpiry": {
"title": "範圍與期限",
"body": "正式紀錄候選必須標出適用專案庫、主機、服務、分支 / 標籤、工作流程範圍與有效期限。",
"preflight": "只檢查範圍與期限欄位是否明確。",
"guard": "不建立專案庫、不改可見性、不同步或刪除分支 / 標籤。"
},
"riskRollbackField": {
"title": "風險與回滾欄位",
"body": "候選需要保留風險、維護窗口、回滾負責人與後驗證欄位,避免批准後才補救。",
"preflight": "只檢查欄位存在與待補狀態。",
"guard": "不安排維護窗口、不部署、不建立修復工作。"
},
"runtimeGateSeparation": {
"title": "執行期分離",
"body": "任何掃描、修復、主機更新、部署或阻擋控制仍必須走獨立執行期閘門。",
"preflight": "只標記需要哪一種後續執行期閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不執行修復。"
},
"sourceControlSeparation": {
"title": "主要來源分離",
"body": "GitHub 主要來源切換、Gitea 停用、工作流程 / 機密設定或 refs 動作不能由候選直接推進。",
"preflight": "只標記需要另開主要來源或版本控制人工閘門。",
"guard": "不切 GitHub 主要來源、不停用 Gitea、不改 workflow / secrets。"
}
}
},
"ownerResponseFormalRecordCandidateOutcomeBoard": {
"title": "人工決策正式紀錄候選結果分流",
"subtitle": "正式紀錄候選通過預檢後,仍只能進入只讀結果分流;分流會指出等待、退回草稿、補證、可交人工紀錄負責人、隔離或拒收,但不會自動升格正式紀錄,也不會批准或執行。現在分流=8、可交接=0、已升格=0、執行期閘門=0。",
"laneLabel": "結果分流",
"resultLabel": "分流結果",
"guardLabel": "仍不會做",
"boundaryTitle": "正式紀錄候選分流維持的保護線",
"summary": {
"lanes": {
"label": "分流",
"detail": "八條候選結果分流先可見,避免候選直接升格。"
},
"ready": {
"label": "可交接",
"detail": "目前為 0還沒有候選可交人工紀錄負責人。"
},
"promoted": {
"label": "已升格",
"detail": "目前為 0沒有候選被升格正式紀錄。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0候選分流不會啟動執行期。"
}
},
"items": {
"remainCandidateWaiting": {
"title": "維持候選等待",
"body": "資料尚未足以交人工紀錄負責人時,候選維持等待,不升格也不退回。",
"result": "只更新只讀等待狀態。",
"guard": "不建立正式紀錄、不建立審批紀錄。"
},
"returnToDraft": {
"title": "退回草稿補齊",
"body": "若候選缺少追溯、範圍、角色或版本欄位,先退回草稿層補齊。",
"result": "只標記退回原因與待補欄位。",
"guard": "不刪草稿、不改證據、不提高進度。"
},
"needsEvidenceRefresh": {
"title": "要求證據更新",
"body": "若候選引用的證據版本過期、缺少脫敏證明或與範圍不一致,先要求補證。",
"result": "只列出需要更新的證據參照。",
"guard": "不讀取外部系統、不保存原始載荷。"
},
"needsReviewerClarification": {
"title": "要求審查說明",
"body": "若審查角色、責任範圍或簽核語義不清,候選必須回到人工說明。",
"result": "只標記需要哪一類人工說明。",
"guard": "不自動通知、不代填姓名、不替任何人批准。"
},
"readyForRecordOwner": {
"title": "可交紀錄負責人",
"body": "候選若欄位齊全,可進入人工紀錄負責人交接,但仍不是正式紀錄。",
"result": "只標記可交接,等待人工確認。",
"guard": "不自動升格、不建立正式紀錄、不建立審批紀錄。"
},
"quarantineSensitivePayload": {
"title": "隔離敏感載荷",
"body": "若候選含機密明文、token、cookie、private key 或 exploit payload必須先隔離。",
"result": "只標記隔離原因與來源欄位。",
"guard": "不展示、不保存、不轉送任何機密明文值。"
},
"rejectMutationRequest": {
"title": "拒收變更要求",
"body": "若候選夾帶專案庫、refs、workflow、secrets、主機或部署變更要求先拒收。",
"result": "只標記拒收原因,等待重新提交只讀候選。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets。"
},
"runtimeOrCutoverGateRequired": {
"title": "另開執行或切換閘門",
"body": "若候選需要掃描、修復、主機更新、主要來源切換或 Gitea 停用,必須另開人工閘門。",
"result": "只標記需要哪一種後續閘門。",
"guard": "不呼叫 Kali、不開 SSH、不切 GitHub 主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerHandoffBoard": {
"title": "人工決策正式紀錄負責人交接準備",
"subtitle": "候選若進入可交接狀態,仍只能整理交接包,不能自動指派紀錄負責人、不能建立正式紀錄,也不能批准或執行。現在交接包=7、可交接=0、已指派=0、執行期閘門=0。",
"packetLabel": "交接包",
"handoffLabel": "交接要求",
"guardLabel": "仍不會做",
"boundaryTitle": "正式紀錄負責人交接維持的保護線",
"summary": {
"packets": {
"label": "交接包",
"detail": "七個交接包先可見,避免候選直接變成正式紀錄。"
},
"ready": {
"label": "可交接",
"detail": "目前為 0沒有候選可交給紀錄負責人。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0沒有任何正式紀錄負責人被自動指派。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0交接準備不會啟動執行期。"
}
},
"items": {
"handoffIdentityBundle": {
"title": "身分追溯包",
"body": "交接包需要保留候選、草稿、收件包、審查結果與來源階段的追溯鏈。",
"handoff": "只整理已提交的追溯參照。",
"guard": "不建立正式紀錄、不產生新的審批編號。"
},
"handoffDecisionContext": {
"title": "決策脈絡包",
"body": "交接包要說明候選為何可交接、仍缺哪些人工確認,以及哪些內容不能視為批准。",
"handoff": "只整理背景、限制與待人工確認欄位。",
"guard": "不替人工下決策、不自動批准。"
},
"handoffEvidenceLock": {
"title": "證據鎖定包",
"body": "交接前需要列出已脫敏、已提交、可追溯的證據版本與引用位置。",
"handoff": "只引用證據版本與文件路徑。",
"guard": "不讀取外部系統、不保存原始載荷或機密明文。"
},
"handoffReviewerNotes": {
"title": "審查備註包",
"body": "交接包要保留審查說明、退回理由、補證狀態與未決事項。",
"handoff": "只整理已存在的審查備註摘要。",
"guard": "不自動通知、不代填姓名、不建立外部任務。"
},
"handoffRiskRollback": {
"title": "風險回滾包",
"body": "若未來正式紀錄會影響主機、服務、主要來源或部署節奏,交接包只先列風險與回滾欄位。",
"handoff": "只標出風險、維護窗口、回滾負責人與後驗證欄位。",
"guard": "不安排維護、不部署、不建立修復工作。"
},
"handoffRuntimeGatePointer": {
"title": "執行期閘門指標包",
"body": "任何掃描、修復、主機更新或阻擋控制都必須留在獨立執行期閘門。",
"handoff": "只標記後續可能需要哪一種人工執行期閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不執行修復。"
},
"handoffSourceControlPointer": {
"title": "主要來源指標包",
"body": "GitHub 主要來源切換、Gitea 停用、refs 或 workflow / secrets 動作只能作為後續人工閘門指標。",
"handoff": "只標記版本控制與主要來源相關待決事項。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerHandoffReviewBoard": {
"title": "人工決策正式紀錄負責人交接驗收清單",
"subtitle": "交接包進入人工檢查前,先用七個只讀驗收項確認資料是否足夠;這仍不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在驗收項=7、通過=0、已指派=0、執行期閘門=0。",
"checkLabel": "驗收項",
"reviewLabel": "檢查方式",
"guardLabel": "仍不會做",
"boundaryTitle": "交接驗收清單維持的保護線",
"summary": {
"checks": {
"label": "驗收項",
"detail": "七個驗收項先可見,避免交接包被直接視為可指派。"
},
"passed": {
"label": "通過",
"detail": "目前為 0沒有任何交接驗收被標記通過。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0交接驗收不會啟動執行期。"
}
},
"items": {
"packetCompleteness": {
"title": "交接包完整性",
"body": "檢查七個交接包是否都有來源、摘要、限制、缺口與後續人工確認欄位。",
"review": "只列出缺漏欄位與待補項目。",
"guard": "不補寫正式紀錄、不自動產生批准文字。"
},
"recordOwnerIdentityScope": {
"title": "負責人身分範圍",
"body": "檢查交接包是否說明未來紀錄負責人的角色範圍、責任邊界與可聯絡依據。",
"review": "只確認身分欄位是否足夠人工判讀。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"authorityBoundaryMatch": {
"title": "權責邊界比對",
"body": "檢查交接包是否清楚區分可閱讀、可審查、可批准與可執行四種不同權限。",
"review": "只標記邊界是否清楚,避免審查語義混淆。",
"guard": "不把可審查當成可批准,不把批准當成可執行。"
},
"evidenceVersionConfirm": {
"title": "證據版本確認",
"body": "檢查交接包引用的證據是否已脫敏、可追溯,並標示版本或文件路徑。",
"review": "只確認證據指標是否可追溯。",
"guard": "不讀取機密明文、不保存原始載荷、不抓外部系統。"
},
"reviewerNoteConfirm": {
"title": "審查備註確認",
"body": "檢查退回理由、補證狀態、人工備註與未決事項是否足夠讓下一位審查者接手。",
"review": "只整理既有備註是否完整。",
"guard": "不建立外部任務、不自動通知、不改審查結論。"
},
"mutationRequestReject": {
"title": "變更要求拒收檢查",
"body": "檢查交接包是否夾帶專案庫、refs、workflow、secrets、部署或主機變更要求。",
"review": "只標記需要拒收或重送只讀版本的項目。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets、不部署。"
},
"runtimeCutoverSeparation": {
"title": "執行與切換分離",
"body": "檢查掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用是否被留在獨立人工閘門。",
"review": "只標記後續需要哪一類獨立閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerHandoffReviewOutcomeBoard": {
"title": "人工決策正式紀錄負責人交接驗收結果分流",
"subtitle": "交接驗收後只會落到八條只讀結果分流;這仍不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在分流=8、可進負責人檢查=0、已指派=0、執行期閘門=0。",
"laneLabel": "結果分流",
"resultLabel": "分流結果",
"guardLabel": "仍不會做",
"boundaryTitle": "交接驗收結果分流維持的保護線",
"summary": {
"lanes": {
"label": "分流",
"detail": "八條結果分流先可見,避免驗收結果直接變成指派。"
},
"ready": {
"label": "可進檢查",
"detail": "目前為 0沒有交接包可進紀錄負責人檢查。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0結果分流不會啟動執行期。"
}
},
"items": {
"remainReviewWaiting": {
"title": "維持驗收等待",
"body": "若交接包仍在等待人工檢查,結果只能維持等待狀態。",
"result": "只顯示仍待驗收與缺少哪一類檢查。",
"guard": "不自動通過、不建立正式紀錄、不指派負責人。"
},
"requestPacketCompletion": {
"title": "要求補齊交接包",
"body": "若身分、脈絡、證據、備註、風險或指標包缺漏,必須退回補齊。",
"result": "只列出缺漏交接包與需要補充的欄位。",
"guard": "不代寫補件、不自動批准、不建立外部任務。"
},
"requestOwnerScopeClarification": {
"title": "要求負責人範圍說明",
"body": "若未來紀錄負責人的角色、權責或聯絡依據不清,必須要求人工說明。",
"result": "只標記需要補充哪一類負責人範圍。",
"guard": "不查外部帳號、不代填姓名、不自動指派。"
},
"requestEvidenceRefresh": {
"title": "要求證據版本更新",
"body": "若證據版本、文件路徑、脫敏狀態或引用位置不清,必須回到證據補正。",
"result": "只標記需要更新的證據指標。",
"guard": "不讀取機密明文、不保存原始載荷、不抓外部系統。"
},
"readyForRecordOwnerReview": {
"title": "可進負責人檢查",
"body": "若驗收項都足夠,交接包可以進入人工紀錄負責人檢查,但仍不是指派。",
"result": "只標記可進人工檢查,等待人工確認。",
"guard": "不自動升格、不建立正式紀錄、不建立審批紀錄。"
},
"quarantineSensitivePayload": {
"title": "隔離敏感載荷",
"body": "若交接包或補件夾帶 token、cookie、private key、密碼或 exploit payload必須隔離。",
"result": "只標記隔離原因與來源欄位。",
"guard": "不展示、不保存、不轉送任何機密明文值。"
},
"rejectMutationRequest": {
"title": "拒收變更要求",
"body": "若驗收結果夾帶專案庫、refs、workflow、secrets、部署或主機變更要求先拒收。",
"result": "只標記拒收原因,等待重新提交只讀版本。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets、不部署。"
},
"runtimeOrCutoverGateRequired": {
"title": "另開執行或切換閘門",
"body": "若結果需要掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用,必須另開人工閘門。",
"result": "只標記需要哪一種後續閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerReviewPreparationBoard": {
"title": "人工決策正式紀錄負責人檢查準備包",
"subtitle": "交接驗收結果若可進負責人檢查,仍只能整理人工檢查前需要看的八個準備包;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在準備包=8、可檢查=0、已指派=0、執行期閘門=0。",
"packetLabel": "準備包",
"prepareLabel": "準備方式",
"guardLabel": "仍不會做",
"boundaryTitle": "負責人檢查準備包維持的保護線",
"summary": {
"packets": {
"label": "準備包",
"detail": "八個準備包先可見,避免可進檢查被直接視為指派。"
},
"ready": {
"label": "可檢查",
"detail": "目前為 0沒有交接包可進入負責人檢查。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0準備包不會啟動執行期。"
}
},
"items": {
"reviewIdentityPacket": {
"title": "檢查身分包",
"body": "保留交接驗收結果、候選紀錄、草稿與來源階段的追溯關係。",
"prepare": "只整理既有追溯參照與缺漏欄位。",
"guard": "不建立正式紀錄、不產生新的審批編號。"
},
"handoffOutcomeSnapshot": {
"title": "交接結果快照",
"body": "整理驗收結果分流、可進檢查理由、仍待人工確認與不得升格的限制。",
"prepare": "只整理結果摘要與限制說明。",
"guard": "不把可進檢查升格成已指派或已批准。"
},
"ownerScopePacket": {
"title": "負責人範圍包",
"body": "列出未來紀錄負責人需要確認的角色範圍、責任邊界與聯絡依據。",
"prepare": "只整理需要人工判讀的範圍欄位。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"authorityBoundaryPacket": {
"title": "權責邊界包",
"body": "明確區分可閱讀、可檢查、可審查、可批准與可執行的不同邊界。",
"prepare": "只標記邊界是否足夠清楚。",
"guard": "不把檢查當審批,不把批准當執行。"
},
"evidenceTracePacket": {
"title": "證據追溯包",
"body": "整理已脫敏、可追溯的證據版本、文件路徑、引用位置與補證狀態。",
"prepare": "只引用安全證據指標與文件路徑。",
"guard": "不讀取機密明文、不保存原始載荷、不抓外部系統。"
},
"reviewerNotePacket": {
"title": "審查備註包",
"body": "整理退回理由、補件結果、人工備註、未決事項與下一位檢查者需要看的脈絡。",
"prepare": "只摘要既有備註與未決事項。",
"guard": "不建立外部任務、不自動通知、不改審查結論。"
},
"mutationRejectionPacket": {
"title": "變更拒收包",
"body": "整理專案庫、refs、workflow、secrets、部署或主機變更要求是否已被拒收。",
"prepare": "只標記拒收理由與需要重送只讀版本的項目。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets、不部署。"
},
"runtimeCutoverPointer": {
"title": "執行切換指標包",
"body": "整理掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用是否需要另開人工閘門。",
"prepare": "只標記後續可能需要哪一種獨立閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerReviewChecklistBoard": {
"title": "人工決策正式紀錄負責人檢查清單",
"subtitle": "準備包若進入人工負責人檢查,仍只能逐項確認八個檢查點;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在檢查項=8、通過=0、已指派=0、執行期閘門=0。",
"checkLabel": "檢查項",
"reviewLabel": "檢查方式",
"guardLabel": "仍不會做",
"boundaryTitle": "負責人檢查清單維持的保護線",
"summary": {
"checks": {
"label": "檢查項",
"detail": "八個檢查項先可見,避免準備包被直接視為已通過。"
},
"passed": {
"label": "通過",
"detail": "目前為 0沒有任何負責人檢查被標記通過。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0檢查清單不會啟動執行期。"
}
},
"items": {
"identityTraceCheck": {
"title": "身分追溯檢查",
"body": "確認交接驗收結果、候選紀錄、草稿、準備包與來源階段是否能互相追溯。",
"review": "只標記追溯鏈是否足夠清楚。",
"guard": "不建立正式紀錄、不產生新的審批編號。"
},
"handoffOutcomeCheck": {
"title": "交接結果檢查",
"body": "確認可進檢查理由、仍待人工確認與不得升格的限制是否完整。",
"review": "只確認結果摘要與限制是否可讀。",
"guard": "不把可進檢查升格成已指派或已批准。"
},
"ownerScopeCheck": {
"title": "負責人範圍檢查",
"body": "確認未來紀錄負責人的角色範圍、責任邊界與聯絡依據是否足夠人工判讀。",
"review": "只標記範圍欄位是否足夠。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"authorityBoundaryCheck": {
"title": "權責邊界檢查",
"body": "確認可閱讀、可檢查、可審查、可批准與可執行的邊界是否分離。",
"review": "只標記權責語義是否清楚。",
"guard": "不把檢查當審批,不把批准當執行。"
},
"evidenceTraceCheck": {
"title": "證據追溯檢查",
"body": "確認證據版本、文件路徑、引用位置、脫敏狀態與補證狀態是否足夠。",
"review": "只確認安全證據指標是否可追溯。",
"guard": "不讀取機密明文、不保存原始載荷、不抓外部系統。"
},
"reviewerNoteCheck": {
"title": "審查備註檢查",
"body": "確認退回理由、補件結果、人工備註、未決事項與下一步說明是否完整。",
"review": "只標記備註與未決事項是否足夠。",
"guard": "不建立外部任務、不自動通知、不改審查結論。"
},
"mutationRejectionCheck": {
"title": "變更拒收檢查",
"body": "確認專案庫、refs、workflow、secrets、部署或主機變更要求是否已被拒收或隔離。",
"review": "只標記拒收狀態與需要重送只讀版本的項目。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets、不部署。"
},
"runtimeCutoverSeparationCheck": {
"title": "執行切換分離檢查",
"body": "確認掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用是否留在獨立人工閘門。",
"review": "只標記後續是否需要獨立閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerReviewOutcomeBoard": {
"title": "人工決策正式紀錄負責人檢查結果分流",
"subtitle": "負責人檢查清單後只能進入八條只讀結果分流;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在分流=8、可進人工指派確認=0、已指派=0、執行期閘門=0。",
"laneLabel": "結果分流",
"resultLabel": "分流結果",
"guardLabel": "仍不會做",
"boundaryTitle": "負責人檢查結果分流維持的保護線",
"summary": {
"lanes": {
"label": "分流",
"detail": "八條分流先可見,避免檢查清單被直接視為已決策。"
},
"ready": {
"label": "可進人工指派確認",
"detail": "目前為 0沒有任何檢查結果可進入人工指派確認。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0結果分流不會啟動執行期。"
}
},
"items": {
"remainOwnerReviewWaiting": {
"title": "維持負責人檢查等待",
"body": "當檢查項尚未完整、人工備註不足或證據仍在補正時,維持等待。",
"result": "只標記仍在等待哪一類檢查。",
"guard": "不自動通過、不指派負責人、不建立正式紀錄。"
},
"requestTraceCompletion": {
"title": "要求追溯鏈補齊",
"body": "若交接驗收結果、候選紀錄、草稿、準備包或來源階段無法互相對應,退回補齊。",
"result": "只標記需要補哪一段追溯關係。",
"guard": "不產生審批編號、不改既有紀錄狀態。"
},
"requestOwnerScopeClarification": {
"title": "要求負責人範圍說明",
"body": "若角色範圍、責任邊界、聯絡依據或代理關係不清,要求人工補說明。",
"result": "只標記負責人範圍仍需說明。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"requestAuthorityBoundaryFix": {
"title": "要求權責邊界修正",
"body": "若可閱讀、可檢查、可審查、可批准與可執行的語義混在一起,退回修正。",
"result": "只標記需要修正哪一類權責語義。",
"guard": "不把檢查當批准,不把批准當執行。"
},
"readyForManualOwnerAssignmentReview": {
"title": "可進人工指派確認",
"body": "若八個檢查項都足夠,結果可以進入下一個人工指派確認,但仍不是已指派。",
"result": "只標記可進人工確認,等待人控決策。",
"guard": "不自動指派、不建立正式紀錄、不建立審批紀錄。"
},
"quarantineSensitivePayload": {
"title": "隔離敏感載荷",
"body": "若檢查資料夾帶 token、cookie、private key、密碼、未脫敏截圖或可執行載荷必須隔離。",
"result": "只標記隔離原因與來源欄位。",
"guard": "不展示、不保存、不轉送任何機密明文值。"
},
"rejectMutationRequest": {
"title": "拒收變更要求",
"body": "若結果夾帶專案庫、refs、workflow、secrets、部署或主機變更要求必須拒收。",
"result": "只標記拒收原因,等待重新提交只讀版本。",
"guard": "不建立專案庫、不改 refs、不改 workflow / secrets、不部署。"
},
"runtimeOrPrimaryGateRequired": {
"title": "另開執行或主要來源閘門",
"body": "若後續需要掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用,必須另開人工閘門。",
"result": "只標記後續需要哪一種獨立閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerAssignmentPreparationBoard": {
"title": "人工決策正式紀錄負責人指派確認準備包",
"subtitle": "可進人工指派確認後,先整理八個只讀準備包;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在準備包=8、可確認=0、已指派=0、執行期閘門=0。",
"packetLabel": "準備包",
"preparationLabel": "確認準備",
"guardLabel": "仍不會做",
"boundaryTitle": "指派確認準備包維持的保護線",
"summary": {
"packets": {
"label": "準備包",
"detail": "八個準備包先可見,避免結果分流被直接視為已指派。"
},
"ready": {
"label": "可確認",
"detail": "目前為 0沒有任何準備包可進入人工指派確認。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0準備包不會啟動執行期。"
}
},
"items": {
"assignmentIdentityCandidate": {
"title": "指派身分候選包",
"body": "整理可被人工確認的負責人身分來源、角色名稱與來源證據索引。",
"preparation": "只標記身分候選資料是否可被人審閱讀。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"ownerScopeConfirmation": {
"title": "負責人範圍確認包",
"body": "整理負責人涵蓋的主機、專案、服務、專案庫、工作流程或網站範圍。",
"preparation": "只標記範圍欄位是否足以進人工確認。",
"guard": "不擴大掃描範圍、不把範圍視為授權。"
},
"authorityBoundaryConfirmation": {
"title": "權責邊界確認包",
"body": "整理可閱讀、可檢查、可審查、可批准與可執行的邊界,避免混用。",
"preparation": "只標記邊界語義是否可被人工確認。",
"guard": "不把指派確認當批准,不把批准當執行。"
},
"evidenceTraceConfirmation": {
"title": "證據追溯確認包",
"body": "整理交接驗收、檢查清單、結果分流與來源快照之間的追溯關係。",
"preparation": "只標記追溯鏈是否可讀與是否仍需補齊。",
"guard": "不產生審批編號、不改既有紀錄狀態。"
},
"reviewOutcomeReference": {
"title": "審查結果引用包",
"body": "整理 S2.94 的分流結果、補證要求、隔離或拒收理由,供人工確認引用。",
"preparation": "只引用只讀結果,不把結果變成正式決策。",
"guard": "不自動通過、不建立正式紀錄、不建立審批紀錄。"
},
"backupOwnerNote": {
"title": "代理與備援說明包",
"body": "若負責人需要代理人、備援窗口或跨工作階段接手說明,先以只讀欄位呈現。",
"preparation": "只標記需要補哪一類代理或備援說明。",
"guard": "不自動通知、不建立值班、不改 AwoooP 指派。"
},
"mutationRejectionConfirmation": {
"title": "變更要求拒收確認包",
"body": "確認準備包沒有夾帶專案庫、分支 / 標籤參照、工作流程、機密設定、部署或主機變更要求。",
"preparation": "只標記拒收原因與需要重新提交的欄位。",
"guard": "不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不部署。"
},
"runtimePrimarySeparation": {
"title": "執行與主要來源分離包",
"body": "若後續需要掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用,保留到獨立閘門。",
"preparation": "只標記後續需要哪一種獨立閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerAssignmentChecklistBoard": {
"title": "人工決策正式紀錄負責人指派確認清單",
"subtitle": "指派確認準備包後,仍要逐項檢查八個只讀條件;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在檢查項=8、通過=0、已指派=0、執行期閘門=0。",
"checkLabel": "確認檢查",
"confirmationLabel": "確認條件",
"guardLabel": "仍不會做",
"boundaryTitle": "指派確認清單維持的保護線",
"summary": {
"checks": {
"label": "檢查項",
"detail": "八個確認檢查先可見,避免準備包被直接視為已指派。"
},
"passed": {
"label": "通過",
"detail": "目前為 0沒有任何指派確認檢查被標記通過。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0確認清單不會啟動執行期。"
}
},
"items": {
"assignmentIdentityReadable": {
"title": "指派身分可讀檢查",
"body": "確認負責人身分來源、角色名稱與來源證據索引是否可被人工閱讀。",
"confirmation": "只標記身分欄位是否完整可讀。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"ownerScopeCurrent": {
"title": "負責人範圍有效檢查",
"body": "確認主機、專案、服務、專案庫、工作流程或網站範圍仍是目前可審版本。",
"confirmation": "只標記範圍是否足以進人工確認。",
"guard": "不擴大掃描範圍、不把範圍視為授權。"
},
"authorityBoundaryReadable": {
"title": "權責邊界可讀檢查",
"body": "確認可閱讀、可檢查、可審查、可批准與可執行的邊界沒有混用。",
"confirmation": "只標記邊界語義是否仍需修正。",
"guard": "不把確認當批准,不把批准當執行。"
},
"evidenceTraceReadable": {
"title": "證據追溯可讀檢查",
"body": "確認交接驗收、檢查清單、結果分流、準備包與來源快照可以互相追溯。",
"confirmation": "只標記追溯鏈是否足以供人工閱讀。",
"guard": "不產生審批編號、不改既有紀錄狀態。"
},
"reviewOutcomeLinked": {
"title": "審查結果引用檢查",
"body": "確認 S2.94 分流結果、補證要求、隔離或拒收理由已被安全引用。",
"confirmation": "只確認引用關係,不把引用變成正式決策。",
"guard": "不自動通過、不建立正式紀錄、不建立審批紀錄。"
},
"backupOwnerNoteReadable": {
"title": "代理與備援說明檢查",
"body": "確認代理人、備援窗口或跨工作階段接手說明是否足以被人工理解。",
"confirmation": "只標記代理或備援說明是否仍需補齊。",
"guard": "不自動通知、不建立值班、不改 AwoooP 指派。"
},
"mutationRejectionConfirmed": {
"title": "變更要求拒收檢查",
"body": "確認清單沒有夾帶專案庫、分支 / 標籤參照、工作流程、機密設定、部署或主機變更要求。",
"confirmation": "只標記是否需要拒收並重送只讀版本。",
"guard": "不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不部署。"
},
"runtimePrimarySeparated": {
"title": "執行與主要來源分離檢查",
"body": "確認掃描、修復、主機更新、GitHub 主要來源切換或 Gitea 停用都留在獨立閘門。",
"confirmation": "只標記後續是否需要獨立人工閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerAssignmentOutcomeBoard": {
"title": "人工決策正式紀錄負責人指派確認結果分流",
"subtitle": "指派確認清單後只能進入八條只讀結果分流;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在分流=8、可進人工指派決策=0、已指派=0、執行期閘門=0。",
"laneLabel": "結果分流",
"resultLabel": "分流結果",
"guardLabel": "仍不會做",
"boundaryTitle": "指派確認結果分流維持的保護線",
"summary": {
"lanes": {
"label": "分流",
"detail": "八條只讀結果分流先可見,避免確認清單被直接視為已指派。"
},
"ready": {
"label": "可進決策",
"detail": "目前為 0沒有任何項目可直接進入人工指派決策。"
},
"assigned": {
"label": "已指派",
"detail": "目前為 0仍沒有正式紀錄負責人被指定。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0結果分流不會啟動執行期。"
}
},
"items": {
"remainAssignmentCheckWaiting": {
"title": "維持指派確認等待",
"body": "確認清單尚未完整、尚未人工判讀或仍需等待原始負責人回覆時,維持在等待狀態。",
"result": "只標記仍需等待,不把等待改成通過。",
"guard": "不建立正式紀錄、不指派紀錄負責人、不更新審批狀態。"
},
"requestIdentityClarification": {
"title": "要求身分說明補齊",
"body": "負責人身分、角色、來源或代理說明不足時,只要求補齊可讀說明。",
"result": "只要求補身分欄位,不代填、不查外部帳號。",
"guard": "不自動指定人員、不建立值班、不通知外部服務。"
},
"requestScopeRefresh": {
"title": "要求負責人範圍更新",
"body": "主機、專案、服務、專案庫、網站、工作流程或機密名稱範圍過舊時,要求更新範圍描述。",
"result": "只要求更新可審範圍,不擴大掃描或執行授權。",
"guard": "不掃描、不登入主機、不修改專案庫或工作流程。"
},
"requestAuthorityBoundaryFix": {
"title": "要求權責邊界修正",
"body": "若確認、審查、批准、正式紀錄與執行邊界混用,回到人工修正。",
"result": "只要求修正文案與欄位語義,不提升權限。",
"guard": "不把確認當批准,不把批准當執行。"
},
"readyForManualOwnerAssignmentDecision": {
"title": "可進人工指派決策",
"body": "只有在身分、範圍、權責、證據與拒收檢查都可讀時,才標記可交給人工做下一步指派決策。",
"result": "只表示可被人工判讀,仍不是已指派或已批准。",
"guard": "不自動建立正式紀錄、不產生審批編號、不觸發 runtime gate。"
},
"quarantineSensitivePayload": {
"title": "隔離敏感載荷",
"body": "若回覆夾帶密碼、token、金鑰、credential 明文或不可保存載荷,進入隔離分流。",
"result": "只保留脫敏後 metadata 與隔離理由。",
"guard": "不保存秘密值、不顯示明文、不把隔離內容交給前端。"
},
"rejectMutationRequest": {
"title": "拒收變更要求",
"body": "若回覆要求建立專案庫、改分支 / 標籤參照、改工作流程、改機密設定、部署或主機變更,直接拒收。",
"result": "只標記拒收原因與需要重送只讀版本。",
"guard": "不建立專案庫、不同步 refs、不改工作流程 / 機密設定、不部署。"
},
"runtimeOrPrimaryGateRequired": {
"title": "另開執行或主要來源閘門",
"body": "若後續需要 Kali 掃描、SSH、主機更新、修復、GitHub 主要來源切換或 Gitea 停用,必須另開獨立人工閘門。",
"result": "只標記需要哪一種後續閘門,不在本看板執行。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerAssignmentDecisionPreparationBoard": {
"title": "人工決策正式紀錄負責人指派決策準備包",
"subtitle": "指派確認結果分流後,只能整理八個只讀決策準備包;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在準備包=8、可進決策=0、已決策=0、執行期閘門=0。",
"packetLabel": "決策準備包",
"requirementLabel": "準備要求",
"guardLabel": "仍不會做",
"boundaryTitle": "指派決策準備包維持的保護線",
"summary": {
"packets": {
"label": "準備包",
"detail": "八個只讀準備包先可見,避免結果分流被直接視為已決策。"
},
"ready": {
"label": "可進決策",
"detail": "目前為 0沒有任何指派決策準備包被標記可交付。"
},
"decisions": {
"label": "已決策",
"detail": "目前為 0仍沒有任何正式負責人指派決策。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0準備包不會啟動執行期。"
}
},
"items": {
"outcomeTracePacket": {
"title": "結果分流追溯包",
"body": "整理 S2.97 八條分流的來源、目前分流、退回理由與可讀證據索引。",
"requirement": "只整理結果脈絡,不把分流結果改成決策。",
"guard": "不建立正式紀錄、不更新審批狀態、不標記已接受。"
},
"ownerIdentityPacket": {
"title": "負責人身分包",
"body": "整理候選負責人、代理人、角色名稱、來源證據與仍需補齊的身分欄位。",
"requirement": "只保留人工可讀身分欄位與缺口。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"scopeSnapshotPacket": {
"title": "範圍快照包",
"body": "整理主機、專案、服務、專案庫、網站、工作流程與機密名稱的目前可審範圍。",
"requirement": "只固定當前可審範圍,不擴大掃描或執行授權。",
"guard": "不掃描、不登入主機、不修改專案庫或工作流程。"
},
"authorityBoundaryPacket": {
"title": "權責邊界包",
"body": "整理確認、審查、指派、正式紀錄、批准與執行各自的邊界。",
"requirement": "只讓人工知道下一步需要哪一種角色判讀。",
"guard": "不把確認當批准,不把批准當執行。"
},
"evidenceReviewPacket": {
"title": "證據審查包",
"body": "整理交接、檢查、結果分流與準備包之間的證據鏈與版本標記。",
"requirement": "只準備可讀證據索引,不寫入正式決策紀錄。",
"guard": "不產生審批編號、不建立正式紀錄、不更改原始 evidence。"
},
"quarantineAndExceptionPacket": {
"title": "隔離與例外包",
"body": "整理敏感載荷隔離、缺欄、例外、退回與補證原因,保留脫敏 metadata。",
"requirement": "只顯示隔離原因與可讀 metadata。",
"guard": "不保存秘密值、不顯示明文、不把隔離內容交給前端。"
},
"mutationRejectionPacket": {
"title": "變更拒收包",
"body": "整理專案庫、分支 / 標籤參照、工作流程、機密設定、部署或主機變更要求的拒收理由。",
"requirement": "只標記拒收原因與需要重送的只讀版本。",
"guard": "不建立專案庫、不同步 refs、不改工作流程 / 機密設定、不部署。"
},
"runtimePrimaryGatePacket": {
"title": "執行與主要來源閘門包",
"body": "整理後續若要 Kali、SSH、主機更新、修復、GitHub 主要來源切換或 Gitea 停用時需要另開的人工閘門。",
"requirement": "只標記後續閘門類型,不在本看板執行。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"ownerResponseFormalRecordOwnerAssignmentDecisionChecklistBoard": {
"title": "人工決策正式紀錄負責人指派決策檢查清單",
"subtitle": "指派決策準備包後,仍要逐項檢查八個只讀條件;這不是紀錄負責人指派、正式紀錄、人工批准或執行授權。現在檢查項=8、通過=0、已決策=0、執行期閘門=0。",
"checkLabel": "決策檢查",
"confirmationLabel": "確認條件",
"guardLabel": "仍不會做",
"boundaryTitle": "指派決策檢查清單維持的保護線",
"summary": {
"checks": {
"label": "檢查項",
"detail": "八個只讀檢查先可見,避免準備包被直接視為已決策。"
},
"passed": {
"label": "通過",
"detail": "目前為 0沒有任何指派決策檢查被標記通過。"
},
"decisions": {
"label": "已決策",
"detail": "目前為 0仍沒有任何正式負責人指派決策。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前為 0檢查清單不會啟動執行期。"
}
},
"items": {
"decisionTraceReadable": {
"title": "決策追溯可讀檢查",
"body": "確認結果分流、準備包、退回理由與證據索引是否能被人工完整追溯。",
"confirmation": "只標記追溯鏈是否足以供人工閱讀。",
"guard": "不建立正式紀錄、不更新審批狀態、不標記已接受。"
},
"ownerIdentityConfirmable": {
"title": "負責人身分可確認檢查",
"body": "確認候選負責人、代理人、角色名稱、來源證據與缺口欄位是否可人工判讀。",
"confirmation": "只標記身分欄位是否可確認。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"scopeSnapshotCurrent": {
"title": "範圍快照有效檢查",
"body": "確認主機、專案、服務、專案庫、網站、工作流程與機密名稱範圍仍是目前可審版本。",
"confirmation": "只標記範圍快照是否足以進人工判讀。",
"guard": "不掃描、不登入主機、不修改專案庫或工作流程。"
},
"authorityBoundaryChecked": {
"title": "權責邊界已檢查",
"body": "確認確認、審查、指派、正式紀錄、批准與執行沒有被混用。",
"confirmation": "只標記邊界是否仍需人工修正。",
"guard": "不把確認當批准,不把批准當執行。"
},
"evidenceChainReadable": {
"title": "證據鏈可讀檢查",
"body": "確認交接、檢查、結果分流、準備包與後續人工決策可以互相追溯。",
"confirmation": "只標記證據鏈是否完整可讀。",
"guard": "不產生審批編號、不建立正式紀錄、不更改原始 evidence。"
},
"quarantineExceptionChecked": {
"title": "隔離與例外已檢查",
"body": "確認敏感載荷、缺欄、例外、退回與補證原因已用脫敏 metadata 呈現。",
"confirmation": "只標記隔離原因與例外欄位是否可讀。",
"guard": "不保存秘密值、不顯示明文、不把隔離內容交給前端。"
},
"mutationRejectionChecked": {
"title": "變更拒收已檢查",
"body": "確認沒有夾帶專案庫、分支 / 標籤參照、工作流程、機密設定、部署或主機變更要求。",
"confirmation": "只標記是否需要拒收並重送只讀版本。",
"guard": "不建立專案庫、不同步 refs、不改工作流程 / 機密設定、不部署。"
},
"runtimePrimarySeparated": {
"title": "執行與主要來源分離檢查",
"body": "確認 Kali、SSH、主機更新、修復、GitHub 主要來源切換或 Gitea 停用都留在獨立閘門。",
"confirmation": "只標記後續是否需要獨立人工閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不切主要來源、不停用 Gitea。"
}
}
},
"awooopReadOnlyLandingReadiness": {
"title": "AwoooP Read-Only Landing Readiness",
"subtitle": "S2.51 turns the AwoooP main-line read-only consumption path for IwoooS / security mirror state into an intake readiness board. This is landing readiness, not production_landing_enabled, and it does not connect an execution router.",
"readinessLabel": "Read-only intake",
"requirementLabel": "Intake requirement",
"guardLabel": "Still locked",
"items": {
"rollupSnapshotReadable": {
"title": "Rollup snapshots are readable",
"body": "`security-mirror-status-rollup.snapshot.json` and `iwooos-posture-projection.snapshot.json` can serve as the main read-only sources for AwoooP.",
"requirement": "AwoooP consumes committed snapshots and guard output only, without calling Kali, Gitea, GitHub, or runtime APIs directly.",
"guard": "production_landing_enabled=false; execution router linked=false"
},
"evidenceRefsReadable": {
"title": "Evidence refs are traceable",
"body": "IwoooS already lists evidence refs for security rollout, owner response validation, Kali status, rollup, and projection state.",
"requirement": "AwoooP landing may show evidence refs and status summaries only; it must not store raw payloads, credential plaintext, or token values.",
"guard": "payloads_ingested=false; secret value collection=false"
},
"guardChecksKnown": {
"title": "Guard checks are known",
"body": "`security-mirror-progress-guard.py` and `source-control-owner-response-guard.py` are the required read-only preflight checks.",
"requirement": "AwoooP main-line intake must preserve progress, owner response, runtime flag, action button, and forbidden output checks.",
"guard": "Do not skip guards; do not treat guard pass as runtime approval."
},
"routeGroupsKnown": {
"title": "Mirror route groups are known",
"body": "`security_mirror_route_v1` already defines read-only destinations for Operator Console, runtime state, channel event, audit evidence, and approval queue.",
"requirement": "AwoooP may display and classify by route group only; it must not add scan, execute, repair, repo, refs, or deploy actions.",
"guard": "action_buttons_allowed=false; runtime_execution_authorized=false"
},
"forbiddenOutputsLocked": {
"title": "Forbidden outputs stay locked",
"body": "IwoooS / rollup explicitly forbids action buttons, runtime gates, GitHub primary switching, or production execution from landing readiness.",
"requirement": "AwoooP intake must preserve the forbidden output list and keep write, execution, switch, and secret-value collection paths closed.",
"guard": "Do not treat landing readiness as production consumption."
},
"productionHandoffPending": {
"title": "Production handoff is still pending",
"body": "This is only the AwoooP read-only landing intake preparation; it does not prove the AwoooP production main line consumes the state yet.",
"requirement": "A later PR / deployment evidence must prove AwoooP displays rollup, evidence refs, and guard results read-only.",
"guard": "progress_change_applied=false; headline percent delta=0"
}
}
},
"progressAcceleration": {
"title": "Progress Acceleration And Real Unlock Points",
"subtitle": "Progress is moving, but the 58% headline only gets reassessed when owner responses, runtime gates, GitHub primary readiness, or AwoooP production landing produce real evidence. This board makes the next visible unlock points explicit.",
"laneLabel": "Acceleration lane",
"unlockLabel": "Unlock signal",
"guardLabel": "Low-friction boundary remains",
"items": {
"ownerResponses": {
"title": "Converge owner responses first",
"body": "S4.9-S4.12 owner responses for Gitea, GitHub targets, refs truth, and workflow / secret names are the main reason the headline is holding at 58%.",
"unlock": "The headline can be reassessed only after the first accepted redacted owner responses arrive.",
"guard": "Redacted evidence only; no repo creation, refs sync, workflow mutation, or secret value collection."
},
"redactedIngestion": {
"title": "Connect redacted evidence ingestion",
"body": "Security findings, Kali observe signals, and owner evidence need to enter the read-only intake plane as redacted metadata before runtime work.",
"unlock": "Runtime landing gets a real signal only after the redacted payload ingestion adapter is approved and passes preflight.",
"guard": "No raw payload, no credential plaintext, and no active scan."
},
"runtimeGate": {
"title": "Runtime gates stay separately approved",
"body": "Future scanning, repair, host update, or blocking controls must not auto-advance from frontend status.",
"unlock": "Runtime landing can be reassessed only after S3 / S3.4 has human approval, rollback, post-check metrics, and an active runtime gate.",
"guard": "active runtime gate=0; action button=false; Kali /execute remains a block candidate."
},
"githubReadiness": {
"title": "Split GitHub primary readiness blockers",
"body": "The long-term GitHub direction is agreed, but targets, refs, workflow / secret names, and rollback ADR still need full verification.",
"unlock": "primary_ready_count can move only after owner responses, refs truth, workflow parity, and rollback ADR are verifiable.",
"guard": "No primary switch, no force push, no refs deletion, and no unapproved target repo creation."
},
"awooopLanding": {
"title": "Make AwoooP / IwoooS visible in the main flow",
"body": "One reason progress feels slow is that security work still looks like backend contracts; the next steps, blockers, prohibitions, and unlock signals need to be visible in-product.",
"unlock": "Once AwoooP consumes the rollup and IwoooS board read-only, users can see the real blockers directly.",
"guard": "Read-only landing only; visible status is not authorization and does not add execution buttons."
},
"cadenceCompression": {
"title": "Move future cadence in batches",
"body": "S2.38-S2.45 split many checklist layers, making progress feel fragmented. Next work should favor P0 owner responses and AwoooP landing over endlessly adding small checklist layers.",
"unlock": "Similar framework details should be batched in future reports; only high-level gate changes move the headline.",
"guard": "Faster cadence does not loosen safety; runtime and source-control cutover still need human gates."
}
}
},
"ownerResponseNextActionFocus": {
"title": "Owner Response Next-Action Focus",
"subtitle": "S2.47 makes the owner-response work that can actually move the 58% headline explicit: collect S4.9 Gitea owner attestation first, then GitHub targets, refs truth, and workflow / secret names. This is display-only: no chasing, autofill, or received marking.",
"focusLabel": "Next focus",
"nextLabel": "Evidence to inspect",
"guardLabel": "Still forbidden",
"items": {
"giteaOwnerAttestation": {
"title": "Collect S4.9 Gitea owner attestation first",
"body": "Confirm Gitea coverage, public-only / local gaps, org/user endpoint, 110 adjacent source, canonical owner, and legacy disposition.",
"next": "Owner must answer the 5 redacted evidence refs in GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.",
"guard": "received=0; accepted=0; no token value storage, Gitea writes, refs sync, or primary switch."
},
"githubTargetOwnerDecision": {
"title": "Handle S4.10 GitHub target decisions next",
"body": "Confirm each GitHub target owner, visibility, canonical disposition, and not_found_or_private handling.",
"next": "After S4.9 is accepted, collect the 7 target responses from GITHUB-TARGET-OWNER-DECISION-RESPONSE.",
"guard": "No GitHub repo creation, visibility change, refs sync, or target response as primary approval."
},
"refsTruthOwnerResponse": {
"title": "Resolve S4.11 refs truth after that",
"body": "Clarify main/dev truth, deprecated drift, release tags, and GitHub-only refs so migration does not treat stale refs as truth.",
"next": "Repo owners must decide the 141 ref review items per repo / per ref.",
"guard": "No fetch, push, refs deletion, force push, or history rewrite."
},
"workflowSecretOwnerResponse": {
"title": "Complete S4.12 workflow / secret names last",
"body": "Fill webhook, runner, deploy key, branch protection / CODEOWNERS, and repository secret name parity gaps.",
"next": "Collect names, owners, and redacted parity evidence only so GitHub readiness has verifiable gaps.",
"guard": "No secret value collection, workflow mutation, runner enablement, or write token use."
}
}
},
"s49OwnerResponseRequestTemplates": {
"title": "S4.9 Owner Response Five Templates",
"subtitle": "S2.49 surfaces the five S4.9 templates the owner must answer one by one. This is only a request-ready list: the request is not sent, there is no chasing or autofill, no received / accepted marking, and no template is treated as Gitea inventory or GitHub migration approval.",
"templateLabel": "Template",
"ownerActionLabel": "Owner response",
"guardLabel": "Still forbidden",
"items": {
"publicOnlyVsLocalGiteaGap": {
"title": "Public-only / local Gitea gap",
"body": "Decide whether `wooo/clawbot-v5` and `wooo/wooo-aiops` belong in the current inventory / migration scope.",
"ownerAction": "Reply per repo with in scope, out of scope, legacy archived, external system, inaccessible, or needs more evidence, plus redacted evidence refs.",
"guard": "request_ready_not_sent; received=0; accepted=0; no Gitea writes, repo creation, or refs sync."
},
"orgUserEndpointIdentity": {
"title": "Gitea `wooo` org/user endpoint",
"body": "Clarify whether `wooo` in Gitea should be inventoried as a user, an org, or both, without treating endpoint 404 as absence.",
"ownerAction": "Reply with canonical endpoint identity, verification method, and follow-up owner.",
"guard": "No admin API calls, token use, or endpoint decision as inventory completed."
},
"internal110AdjacentScope": {
"title": "110 adjacent source scope",
"body": "Decide whether `bitan-pharmacy`, `root/momo-pro-system`, `tsenyang-website`, and `wooo/wooo-infra-config` belong in this scope.",
"ownerAction": "Classify each as in scope / out of scope / legacy / external / inaccessible, with redacted source evidence.",
"guard": "No private repo content reads, archive imports, or automatic migration inclusion."
},
"repoOwnerCanonicalScope": {
"title": "Repo owner / canonical / GitHub target",
"body": "Assign owner, canonical source, GitHub target candidate, and visibility review owner for in-scope repos.",
"ownerAction": "Reply with owner role/team, canonical source, GitHub target candidate, visibility review owner, and rationale.",
"guard": "No GitHub repo creation, visibility change, primary switch, or target candidate as approval."
},
"legacyOrInaccessibleDisposition": {
"title": "Legacy / inaccessible disposition",
"body": "Record disposition, rationale, and follow-up owner for legacy, inaccessible, or external repos.",
"ownerAction": "Mark archive, exclude, follow-up evidence, or external owner, with redacted trace.",
"guard": "No deletion, disabling, or repo archival; disposition is human classification, not execution."
}
}
},
"s49OwnerResponseDispatchFlow": {
"title": "S4.9 負責人回覆送件鏈路摘要",
"subtitle": "S2.106 把 S4.9 從工作單、封套、送件前檢查、結果分流、請求草稿到人工送件閘門整理成一條專業只讀鏈路。這是給使用者與 AwoooP 平行 Session 判讀目前卡點的摘要,不提供送出、批准、執行或主要來源切換入口。",
"stepLabel": "步驟",
"boundaryTitle": "送件鏈路邊界",
"boundaryIntro": "以下鍵值固定這條鏈路仍是只讀可視化,不是 request sent、稽核事件、人工批准或執行授權。",
"summary": {
"steps": {
"label": "鏈路步驟",
"detail": "六段只讀流程可供掃描。"
},
"current": {
"label": "目前焦點",
"detail": "停在送件請求草稿,不開送件。"
},
"sent": {
"label": "已送出",
"detail": "目前仍是 0不通知負責人。"
},
"accepted": {
"label": "已接受",
"detail": "目前仍是 0不推動 headline。"
}
},
"items": {
"workOrder": {
"title": "人工收件工作單",
"body": "五個 S4.9 收件項已可讀,但仍只是人工要填什麼的工作界面。"
},
"envelope": {
"title": "回覆封套欄位",
"body": "六個必填欄位仍是空白封套,不代表 owner 已提交。"
},
"preflight": {
"title": "送件前檢查",
"body": "六個檢查項目前通過數為 0不可升成可送件。"
},
"outcome": {
"title": "結果分流",
"body": "七條分流只說明補欄、修正、隔離、拒收或等待方向。"
},
"requestDraft": {
"title": "送件請求草稿",
"body": "送件文字、對象、脫敏證據與禁止變更條款仍待人工整理。"
},
"manualDispatchGate": {
"title": "人工送件閘門",
"body": "送件閘門尚未開啟,沒有按鈕、通知或稽核事件。"
}
}
},
"securityComplianceFrontStage": {
"title": "前台安全合規整合判定",
"subtitle": "S2.107 的專業判定是保留 `/security-compliance`,並把它改成 IwoooS 的前台友善入口。使用者仍可從熟悉的安全合規頁看到安全監控與合規統計,但資安網總覽、進度與執行邊界統一由 IwoooS 說明。",
"decisionLabel": "判定",
"boundaryTitle": "前台入口邊界",
"boundaryIntro": "以下鍵值固定:這是導覽與資訊架構整合,不是 runtime 授權、審批、掃描、修復、部署或 GitHub primary 切換。",
"summary": {
"route": {
"label": "前台路由",
"detail": "保留既有安全合規入口,避免連結失效。"
},
"decision": {
"label": "專業建議",
"detail": "整合到 IwoooS不移除。"
},
"removed": {
"label": "是否移除",
"detail": "不移除,改成橋接入口。"
},
"runtime": {
"label": "Runtime 控制",
"detail": "維持 0不新增執行控制。"
}
},
"items": {
"routePreserved": {
"title": "保留安全合規頁",
"body": "`/security-compliance` 保留 SecurityPanel 與 CompliancePanel 頁籤,讓前台使用者不用改變既有入口。"
},
"frontStageBridge": {
"title": "橋接到 IwoooS",
"body": "安全合規頁增加 IwoooS 前台說明與只讀導流IwoooS 作為資安網總覽與姿態來源。"
},
"singleSecurityNarrative": {
"title": "收斂資安敘事",
"body": "原本分散在安全、合規、治理、授權、告警與 Code Review 的內容,統一由 IwoooS 顯示整體邊界。"
},
"runtimeControls": {
"title": "不新增執行控制",
"body": "本階段只有可視化與資訊架構整理,不新增掃描、修復、批准、部署或 blocking control。"
}
}
},
"frontstageEntryRoles": {
"title": "前台資安入口角色分流",
"subtitle": "S2.108 把前台會看到的資安入口拆成清楚角色IwoooS 看總覽,安全合規給熟悉入口,安全 / 合規保留原始資料頁AwoooP 審批顯示人控等待。這只降低使用者困惑,不新增執行控制。",
"routeLabel": "路由",
"boundaryTitle": "入口分流邊界",
"boundaryIntro": "以下鍵值固定這是前台導覽與理解成本收斂不是掃描、修復、批准、部署、GitHub 主要來源切換或任何執行期入口。",
"summary": {
"entries": {
"label": "入口數",
"detail": "五個入口各有角色,不互相取代。"
},
"primary": {
"label": "總覽來源",
"detail": "資安網總覽與邊界以 IwoooS 為準。"
},
"familiar": {
"label": "熟悉入口",
"detail": "安全合規保留給前台使用者。"
},
"execution": {
"label": "執行入口",
"detail": "維持 0不從前台入口執行。"
}
},
"items": {
"iwooosOverview": {
"title": "IwoooS 資安總覽",
"body": "閱讀整體進度、Kali 主機、開發主機、原始碼版本來源、負責人回覆與執行期閘門邊界。"
},
"securityComplianceHub": {
"title": "安全合規前台入口",
"body": "保留既有安全監控與合規統計頁籤,讓使用者不用改變既有操作路徑。"
},
"securityMonitor": {
"title": "安全事件監控",
"body": "查看錯誤與議題類安全訊號,仍只保留原資料來源與只讀橋接。"
},
"complianceStats": {
"title": "合規統計",
"body": "查看事件摘要、處置劇本與自動修復統計,不把合規統計升成批准。"
},
"awooopApprovals": {
"title": "AwoooP 人控等待",
"body": "查看負責人回覆與審批等待狀態;這仍不是資安執行期閘門或執行入口。"
}
}
},
"lowFrictionRollout": {
"title": "低摩擦分階段收斂主控",
"subtitle": "S2.111 把安全合規頁的低摩擦收斂節奏同步回 IwoooS 主入口:目前先觀測與盤點,補齊證據後才進人工審查;只有明確批准後才開執行期閘門,最後再逐步收嚴。",
"phaseLabel": "階段",
"boundaryTitle": "分階段收斂邊界",
"boundaryIntro": "以下鍵值固定:這是 IwoooS 主入口的策略可視化,不是掃描、修復、批准、部署、主要來源切換或任何執行期入口。",
"summary": {
"phases": {
"label": "階段數",
"detail": "五段策略保持低摩擦。"
},
"current": {
"label": "目前階段",
"detail": "停在觀測優先,不阻擋流程。"
},
"runtime": {
"label": "執行期開閘",
"detail": "目前仍是 0等待批准。"
},
"enforcement": {
"label": "強制收嚴",
"detail": "目前仍是 0不一口氣鎖流程。"
}
},
"items": {
"observe": {
"title": "觀測與盤點",
"body": "整理 Kali、開發主機、專案、網站、監控與工具姿態不阻擋使用者流程。"
},
"evidence": {
"title": "補齊證據",
"body": "收斂脫敏證據、版本來源、負責人回覆與 AwoooP 只讀消費證明。"
},
"humanReview": {
"title": "人工審查",
"body": "由負責人確認例外、風險接受、修復順序與是否進入執行期閘門。"
},
"runtimeGate": {
"title": "批准後開閘",
"body": "只有明確批准後才允許掃描、修復、部署或主機變更的執行期流程。"
},
"tightening": {
"title": "逐步收嚴",
"body": "依證據與影響範圍分批提高管控,不一次把整個產品流程鎖死。"
}
}
},
"lowFrictionNextActions": {
"title": "低摩擦下一步行動邊界",
"subtitle": "S2.112 把 IwoooS 主入口的下一步拆成可做、準備與禁止:目前只能推只讀盤點、脫敏證據包與人工審查準備,掃描、主機變更、部署、來源切換仍要等明確批准與執行期閘門。",
"boundaryTitle": "下一步行動邊界",
"boundaryIntro": "以下鍵值固定:這是下一步行動的前台說明與防誤用邊界,不是掃描、修復、批准、部署、主機變更或版本來源操作入口。",
"summary": {
"allowed": {
"label": "可做項",
"detail": "只讀盤點與脫敏證據可以繼續。"
},
"prep": {
"label": "準備項",
"detail": "人工審查資料可整理,不等於批准。"
},
"blocked": {
"label": "禁止項",
"detail": "掃描、主機變更、部署與來源操作仍關閉。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前仍是 0沒有執行授權。"
}
},
"items": {
"observeInventory": {
"title": "只讀盤點與姿態整理",
"body": "可以繼續整理 Kali、開發主機、專案、網站、監控與工具的現況描述。",
"gate": "不可啟動掃描、登入主機或修改設定。"
},
"evidencePacket": {
"title": "脫敏證據包",
"body": "可以整理版本來源、負責人回覆、快照與 guard 結果的脫敏參照。",
"gate": "不可收集機密明文、token value 或未脫敏 payload。"
},
"humanReviewPrep": {
"title": "人工審查準備",
"body": "可以把例外、風險接受、修復順序與候選 gate 整理成人工審查材料。",
"gate": "不可把準備材料視為批准紀錄或執行期閘門。"
},
"runtimeClosed": {
"title": "執行期仍關閉",
"body": "掃描、修復、部署、SSH、主機更新、主要來源切換與 Gitea 停用都仍禁止。",
"gate": "只有明確批准與後續 runtime gate 開啟後才可能進入執行。"
}
}
},
"progressMovementSignals": {
"title": "58% 進度移動訊號驗收條",
"subtitle": "S2.113 把真正會讓整體資安網 headline 往前的訊號拉到 IwoooS負責人回覆、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒與 AwoooP 落地證據目前都還是 0 或 false所以進度維持 58%。",
"boundaryTitle": "進度移動驗收邊界",
"boundaryIntro": "以下鍵值固定:這是 headline 移動條件的只讀驗收條,不是進度灌水、批准、掃描、修復、部署、主機變更或版本來源操作入口。",
"summary": {
"headline": {
"label": "目前進度",
"detail": "仍維持 58%,不把框架細節灌水。"
},
"signals": {
"label": "移動訊號",
"detail": "五個訊號都要有可驗收證據。"
},
"passed": {
"label": "已通過",
"detail": "目前 0還沒有 headline 移動證據。"
},
"runtime": {
"label": "執行期閘門",
"detail": "目前 0沒有執行授權。"
}
},
"items": {
"ownerResponse": {
"title": "負責人回覆接受",
"body": "S4.9 至少要有可追溯、已脫敏且通過驗收的 owner response才可能觸發 headline review。"
},
"redactedEvidence": {
"title": "脫敏證據匯入",
"body": "只接受 metadata 與脫敏參照;未脫敏 payload、機密明文與 token value 仍要隔離。"
},
"runtimeGate": {
"title": "執行期閘門開啟",
"body": "只有人工批准與後續 runtime gate 開啟後,才可能進入掃描、修復或主機變更。"
},
"sourceControl": {
"title": "GitHub 主要來源就緒",
"body": "需要 target、refs truth、workflow / secret 名稱與 rollback readiness 都有 owner evidence。"
},
"awooopLanding": {
"title": "AwoooP 落地證據",
"body": "AwoooP 需能只讀消費 snapshot、guard 與 evidence refs且不新增執行按鈕。"
}
}
},
"concreteSecurityWorkMap": {
"title": "目前具體工作地圖",
"subtitle": "S2.123 回應「很難理解有哪些具體工作」:把目前資安網拆成六條實體工作流。已完成的是前台可視化與只讀框架;真正會推動 58% 的下一步仍是 S4.9 負責人回覆被收到、脫敏並接受。",
"workLabel": "工作",
"boundaryTitle": "具體工作邊界",
"boundaryIntro": "以下鍵值固定:這張圖只是把具體工作流講清楚,不是 runtime 授權、Kali 掃描、主機變更、repo/refs/workflow/secret 操作、GitHub primary 切換或 Gitea 停用。",
"summary": {
"streams": {
"label": "工作流",
"detail": "六條把抽象資安網翻成具體工作。"
},
"visible": {
"label": "前台可見",
"detail": "六條都有可視化框架,不代表已執行。"
},
"realGate": {
"label": "下一真門檻",
"detail": "S4.9 owner response accepted 才會讓 58% 有機會移動。"
},
"runtime": {
"label": "執行授權",
"detail": "目前仍是 0沒有掃描、修復或部署。"
}
},
"items": {
"frontstageVisibility": {
"title": "前台資安入口與使用者可視化",
"body": "已把 IwoooS、既有安全/合規頁、AwoooP 首頁/工作鏈路/審批/合約/租戶/執行監控接成只讀資安視圖。",
"evidence": "具體產出:使用者現在能從前台看見 58%、GitHub readiness、owner response、host coverage 與 runtime gate 0。"
},
"hostScopeInventory": {
"title": "主機與範圍盤點框架",
"body": "已把 Kali 192.168.0.112、開發主機 192.168.0.168、192.168.0.111 放入 host coverage、action gate 與 evidence readiness。",
"evidence": "具體產出:看得到主機納管範圍與禁止動作;尚未 SSH、更新主機、掃描或變更設定。"
},
"sourceControlMigration": {
"title": "GitHub / Gitea 版本來源遷移準備",
"body": "已建立 GitHub primary readiness、rollback ADR、refs truth、workflow/secret 名稱盤點與 owner response 驗收框架。",
"evidence": "具體產出:知道哪些 repo、refs、workflow/secret 要 owner 回覆;尚未建立 repo、同步 refs、切 primary 或停用 Gitea。"
},
"ownerEvidenceIntake": {
"title": "S4.9 負責人回覆與脫敏證據收件",
"body": "已把第一個能推動 58% 的路徑拆成工作單、封套欄位、送件前檢查、送件鏈路與第一解鎖證據包。",
"evidence": "具體產出:下一步很明確,是收到並驗收可追溯的 S4.9 owner response目前 received/accepted 仍是 0。"
},
"reviewerHumanFlow": {
"title": "reviewer / 人工審查流程",
"body": "已把證據包預檢、補件路徑、補件送審前檢查、結果分流、reviewer 指派準備、指派前檢查與結果分流串起來。",
"evidence": "具體產出:人工 reviewer 未來知道看什麼、退回什麼、隔離什麼;目前 queue/candidate/assigned 仍是 0。"
},
"runtimeExecutionGate": {
"title": "runtime 掃描、修復、部署與主機變更",
"body": "已把所有執行動作放在人工批准與後續 runtime gate 之後,不讓初期框架把資安限制拉太高。",
"evidence": "具體產出:目前 active_runtime_gate_count=0scan/deploy/host change/source-control mutation 全部仍禁止。"
}
}
},
"concreteSecurityDeliveryChecklist": {
"title": "目前具體交付清單",
"subtitle": "S2.124 把六條具體工作流再拆成可追蹤交付項目:每一項都標明已交付內容、下一步需要的證據,以及目前仍被禁止的動作。這是只讀交付清單,不是批准、掃描、修復、部署或主機操作入口。",
"deliverableLabel": "交付",
"deliveredLabel": "已交付",
"nextLabel": "下一步",
"blockedLabel": "未開放",
"boundaryTitle": "交付清單邊界",
"boundaryIntro": "以下鍵值固定交付清單只說明目前實際產出與下一個證據門檻owner response、reviewer queue、runtime gate、Kali 執行、GitHub primary 切換與 Gitea 停用仍全部未開。",
"summary": {
"items": {
"label": "交付項目",
"detail": "六項對應六條具體工作流。"
},
"framework": {
"label": "目前型態",
"detail": "只讀框架與證據欄位,不是執行。"
},
"blocked": {
"label": "下一門檻",
"detail": "先等 S4.9 owner response 脫敏證據。"
},
"runtime": {
"label": "runtime",
"detail": "目前仍是 0沒有掃描或部署。"
}
},
"items": {
"visibilitySurface": {
"title": "IwoooS 前台可見工作台",
"delivered": "已把 IwoooS、既有安全/合規頁與 AwoooP 多個入口串成同一套只讀資安視圖。",
"next": "持續把資安狀態改成使用者看得懂的工作項目與證據狀態。",
"blocked": "不可新增執行按鈕,也不可把前台視圖當成批准紀錄。"
},
"hostScopeEvidence": {
"title": "主機範圍與證據欄位",
"delivered": "已把 Kali 192.168.0.112、開發主機 192.168.0.168、192.168.0.111 納入只讀 host coverage 與 action gate。",
"next": "等待脫敏主機證據、範圍確認與負責人回覆進入收件流程。",
"blocked": "不可 SSH、更新主機、掃描、調整設定或收未脫敏主機資料。"
},
"sourceControlEvidence": {
"title": "GitHub / Gitea 遷移證據",
"delivered": "已建立 GitHub primary readiness、rollback ADR、refs truth、workflow/secret 名稱與 owner response 驗收框架。",
"next": "等待 GitHub target owner、refs truth、workflow/secret 名稱與 Gitea attestation 的脫敏 owner response。",
"blocked": "不可建立 repo、同步 refs、修改 workflow/secret、切 GitHub primary 或停用 Gitea。"
},
"s49OwnerPacket": {
"title": "S4.9 第一解鎖證據包",
"delivered": "已定義工作單、封套欄位、送件前檢查、送件結果分流、送件鏈路與第一解鎖證據包。",
"next": "收到可追溯、已脫敏且可預檢的 S4.9 owner response。",
"blocked": "不可收 raw payload、機密明文、token value 或把草稿當成已收到。"
},
"reviewerPreparation": {
"title": "人工 reviewer 準備序列",
"delivered": "已把預檢、補件路徑、補件送審前檢查、結果分流、reviewer 指派準備、指派前檢查與結果分流串成只讀序列。",
"next": "等 owner evidence 被接受後,才討論是否開 reviewer queue 與建立 reviewer candidate。",
"blocked": "不可開 queue、建立 candidate、指派 reviewer 或建立稽核事件。"
},
"runtimeGate": {
"title": "runtime 開閘條件",
"delivered": "已把掃描、修復、部署、主機變更與 Kali 執行放在後續人工批准與 runtime gate 之後。",
"next": "需要明確人工批准、scope、rollback、disable 條件與 active runtime gate。",
"blocked": "不可 scan、deploy、host change、Kali execution、source-control mutation 或生產部署。"
}
}
},
"concreteSecurityBlockerResolution": {
"title": "目前阻塞與解除條件",
"subtitle": "S2.125 把 58% 無法前進的原因拆成六個阻塞點。每個阻塞點都標明為什麼卡住,以及要用哪種脫敏證據或人工 gate 才能解除;這仍是只讀狀態,不是批准或執行入口。",
"blockerLabel": "阻塞",
"whyLabel": "卡住原因",
"unlockLabel": "解除條件",
"boundaryTitle": "阻塞解除邊界",
"boundaryIntro": "以下鍵值固定:阻塞解除圖只說明為什麼 headline 仍是 58%,不會自動收件、開 reviewer queue、啟動 Kali、改主機、同步 refs、切 GitHub primary 或停用 Gitea。",
"summary": {
"blockers": {
"label": "阻塞點",
"detail": "六個阻塞共同讓 headline 暫停。"
},
"resolved": {
"label": "已解除",
"detail": "目前 0還沒有可驗收解除證據。"
},
"first": {
"label": "第一解除",
"detail": "先從 S4.9 owner response 開始。"
},
"runtime": {
"label": "runtime gate",
"detail": "目前 0不會執行掃描或部署。"
}
},
"items": {
"ownerResponseMissing": {
"title": "S4.9 owner response 尚未收到",
"why": "沒有可追溯負責人回覆,就不能把下一步視為有效進度證據。",
"unlock": "收到已脫敏、含 owner role / decision / scope / reason / follow-up owner 的 S4.9 回覆。"
},
"redactedEvidenceMissing": {
"title": "脫敏證據參照尚未成立",
"why": "未脫敏 payload、機密明文與 token value 都不能進入前台或台帳。",
"unlock": "只收 metadata、evidence refs、脫敏聲明與預檢軌跡並通過收件預檢。"
},
"reviewerQueueClosed": {
"title": "reviewer queue 仍關閉",
"why": "證據未被接受前,不應建立 reviewer candidate 或指派 reviewer。",
"unlock": "owner evidence accepted 後,再由人工決定是否開 queue、建立 candidate 與指派 reviewer。"
},
"sourceControlNotReady": {
"title": "GitHub primary readiness 未成立",
"why": "GitHub target owner、refs truth、workflow/secret 名稱與 rollback readiness 還沒有 owner evidence。",
"unlock": "四類版本來源證據都收到、脫敏、預檢並接受後,才可進入 primary readiness review。"
},
"hostEvidencePending": {
"title": "主機證據仍待收件",
"why": "Kali 與開發主機雖已納入範圍,但沒有被授權執行 live 掃描或主機調校。",
"unlock": "收到脫敏主機範圍、owner 回覆、變更風險與 rollback 條件後,才討論 runtime gate。"
},
"runtimeGateClosed": {
"title": "runtime gate 未開",
"why": "目前所有 scan、repair、deploy、host change、Kali execution 都被擋在人工批准之後。",
"unlock": "需要明確人工批准、scope、rollback、disable 條件與 active runtime gate 才能執行。"
}
}
},
"threeAxisProductProgress": {
"title": "三軸進度與全產品套用範圍",
"subtitle": "S2.126 回應「是否也套用在所有專案產品」:所有專案產品都套用同一套三軸進度,但第一階段只套只讀治理與可視化,不自動套 runtime enforcement。這讓框架進度、整體加權進度與落地執行進度分開顯示不再只看到 58%。",
"scopeLabel": "範圍",
"currentLabel": "目前套用",
"nextLabel": "下一步",
"boundaryLabel": "邊界",
"boundaryTitle": "三軸與全產品邊界",
"boundaryIntro": "以下鍵值固定:全產品先套三軸進度、只讀資安投影與證據欄位;不會因此自動掃描、修復、部署、改主機、同步 refs、切 GitHub primary 或停用 Gitea。",
"summary": {
"headline": {
"label": "整體加權",
"detail": "保守維持 58%,等真證據才移動。"
},
"framework": {
"label": "框架建置",
"detail": "可視化、契約、guard、文件已推到 86-88%。"
},
"runtime": {
"label": "落地執行",
"detail": "仍是 35-40%runtime gate 仍未開。"
},
"products": {
"label": "產品套用",
"detail": "所有產品先套只讀治理,不套強制執行。"
}
},
"items": {
"awoooiCore": {
"title": "AWOOOI / IwoooS / AwoooP 核心產品",
"current": "已套用三軸進度、IwoooS 可視化、AwoooP 只讀鏡像與 guard。",
"next": "繼續把 owner evidence、reviewer、runtime gate 變成可追蹤欄位。",
"boundary": "不得把核心產品的可視化當成批准或執行。"
},
"websites": {
"title": "所有前台網站與公開產品頁",
"current": "可套用安全狀態摘要、低摩擦說明、合規 / 風險可視化與繁中文案規範。",
"next": "先接只讀資安摘要,不放掃描、修復、部署或主機操作按鈕。",
"boundary": "不得讓公開頁面暴露內網 IP、敏感證據、secret value 或 raw payload。"
},
"sourceControl": {
"title": "GitHub / Gitea 所有專案庫",
"current": "可套用 GitHub primary readiness、refs truth、workflow / secret 名稱與 rollback readiness 欄位。",
"next": "等待 owner response 與脫敏證據後,再評估每個 repo 的 primary readiness。",
"boundary": "不得自動建立 repo、同步 refs、修改 workflow / secret、切 primary 或停用 Gitea。"
},
"hosts": {
"title": "Kali 與開發主機",
"current": "可套用 host coverage、action gate、evidence readiness 與三軸進度。",
"next": "等待人工批准與主機範圍證據後,才討論 live scan 或調校。",
"boundary": "不得自動 SSH、更新主機、掃描、變更設定或收未脫敏資料。"
},
"toolsMonitoring": {
"title": "監控、工具與自動化流程",
"current": "可套用只讀狀態、阻塞解除條件、evidence refs 與人工 gate 顯示。",
"next": "先讓工具輸出 metadata-only evidence再接 reviewer 與 runtime gate。",
"boundary": "不得讓工具自動觸發修復、部署、secret 收集或外部付費變更。"
},
"futureProducts": {
"title": "未來新增專案與產品",
"current": "預設繼承三軸進度、繁中可視化、只讀 governance 與低摩擦收斂節奏。",
"next": "新產品先接框架與證據欄位,再依 owner evidence 分階段收嚴。",
"boundary": "不得讓新產品一建立就套高強度限制或 runtime enforcement。"
}
}
},
"productRolloutWaveLedger": {
"title": "全產品分階段套用台帳",
"subtitle": "S2.127 把「所有專案產品都套用」轉成六個 rollout wave先套只讀可視化與證據欄位再依 owner evidence、人工審查與 runtime gate 分段收嚴。這仍是產品套用台帳,不是掃描、修復、部署或主機操作入口。",
"waveLabel": "波次",
"allowedLabel": "目前可做",
"beforeRuntimeLabel": "進 runtime 前",
"forbiddenLabel": "仍禁止",
"boundaryTitle": "套用台帳邊界",
"boundaryIntro": "以下鍵值固定:全產品 rollout 目前停在 read-only visibility waveruntime wave、enforcement wave、owner accepted 與 active runtime gate 全部仍是 0。",
"summary": {
"waves": {
"label": "套用波次",
"detail": "六個波次覆蓋核心產品、網站、版本來源、主機、工具與未來產品。"
},
"current": {
"label": "目前波次",
"detail": "只讀可視化與證據欄位先行。"
},
"runtime": {
"label": "runtime 波次",
"detail": "目前 0不會掃描、修復或部署。"
},
"nextGate": {
"label": "下一門檻",
"detail": "第一個 runtime 候選仍是 S4.9 accepted。"
}
},
"items": {
"coreProduct": {
"title": "核心產品波次",
"allowed": "AWOOOI、IwoooS、AwoooP 先維持同一份三軸進度與只讀 guard。",
"beforeRuntime": "需要 owner evidence accepted、reviewer queue 人工開啟與 active runtime gate。",
"forbidden": "不得從核心產品頁直接批准、執行、掃描或部署。"
},
"publicSurfaces": {
"title": "公開網站波次",
"allowed": "前台網站可顯示資安摘要、合規狀態、風險分流與繁中文案。",
"beforeRuntime": "需要公開內容脫敏審查、敏感欄位封鎖與人工內容 owner 接受。",
"forbidden": "不得暴露內網 IP、secret value、raw payload、掃描結果原文或主機細節。"
},
"sourceControl": {
"title": "版本來源波次",
"allowed": "GitHub / Gitea 專案庫只顯示 target、refs truth、workflow / secret 名稱與 rollback readiness。",
"beforeRuntime": "需要逐 repo owner response、refs truth accepted、workflow / secret 名稱驗收與 rollback ADR approval。",
"forbidden": "不得建立 repo、改可見性、同步 / 刪除 / 強推 refs、修改 workflow / secret 或切 primary。"
},
"hostCoverage": {
"title": "主機覆蓋波次",
"allowed": "Kali、192.168.0.168、192.168.0.111 只顯示 coverage、action gate 與 evidence readiness。",
"beforeRuntime": "需要明確主機 scope、maintenance window、credential handling、rollback 與人工 runtime gate。",
"forbidden": "不得自動 SSH、更新主機、掃描、調校、收未脫敏資料或執行 Kali /execute。"
},
"monitoringTools": {
"title": "監控工具波次",
"allowed": "監控、告警、Code Review、工具台只顯示 metadata-only evidence 與阻塞解除條件。",
"beforeRuntime": "需要工具輸出通過 redaction / retention / reviewer checks且 owner 接受後才接 runtime gate。",
"forbidden": "不得由工具自動觸發修復、部署、付費 provider 變更、secret 收集或外部送出。"
},
"futureTemplate": {
"title": "未來產品模板波次",
"allowed": "新專案預設繼承三軸進度、繁中 UI、只讀 governance、false runtime flags。",
"beforeRuntime": "需要產品 owner、資料分級、scope、rollback、disable 條件與逐階段審查。",
"forbidden": "不得讓新產品一建立就套 blocking enforcement、host action、source-control mutation 或 production deploy。"
}
}
},
"productRolloutAcceptanceGates": {
"title": "全產品 rollout 波次驗收門檻",
"subtitle": "S2.128 把 S2.127 的六個產品波次再補上驗收門檻每個波次都要先通過只讀證據、owner evidence、脫敏審查、版本來源證明、主機安全窗口與 rollback / disable 條件,才可能被列入後續 runtime 候選。這仍是驗收門檻可視化,不是批准或執行。",
"gateLabel": "門檻",
"requiredEvidenceLabel": "需要證據",
"acceptanceSignalLabel": "驗收訊號",
"stillClosedLabel": "仍關閉",
"boundaryTitle": "波次驗收邊界",
"boundaryIntro": "以下鍵值固定:全產品 rollout 目前只做到 read-only acceptance通過門檻、owner accepted、runtime wave、enforcement wave 與 active runtime gate 全部仍是 0。",
"summary": {
"gateCount": {
"label": "驗收門檻",
"detail": "六個門檻覆蓋可視證據、owner、脫敏、版本、主機與回復。"
},
"passed": {
"label": "已通過",
"detail": "目前 0不把台帳完成當驗收通過。"
},
"ownerEvidence": {
"label": "第一證據",
"detail": "第一個可前進訊號仍是 S4.9 owner evidence accepted。"
},
"runtime": {
"label": "runtime 波次",
"detail": "目前 0尚未開掃描、修復、部署或主機操作。"
}
},
"items": {
"visibilityEvidence": {
"title": "只讀可視證據完整",
"requiredEvidence": "每個產品波次都要能顯示範圍、目前狀態、下一門檻與禁止動作。",
"acceptanceSignal": "使用者能從 IwoooS 看懂該產品目前停在哪個只讀波次。",
"stillClosed": "不因可視化完成就啟用 blocking enforcement 或 action button。"
},
"ownerEvidence": {
"title": "負責人證據已收件並接受",
"requiredEvidence": "需要產品 owner、範圍、資料分級、風險說明與脫敏 evidence pointer。",
"acceptanceSignal": "owner response received / accepted 計數由人工驗收後才可移動。",
"stillClosed": "目前 received=0、accepted=0不得視為任何產品已批准。"
},
"redactionReview": {
"title": "脫敏與公開呈現通過",
"requiredEvidence": "公開頁、AwoooP、IwoooS 與工具台只能保留 metadata、摘要與 false flags。",
"acceptanceSignal": "raw payload、secret value、內網細節與掃描原文都被拒收或遮罩。",
"stillClosed": "不得收機密明文、raw payload、未脫敏截圖或可直接攻擊的細節。"
},
"sourceControlProof": {
"title": "版本來源證明齊備",
"requiredEvidence": "GitHub / Gitea target、refs truth、workflow / secret 名稱、rollback readiness 都要逐 repo 可追溯。",
"acceptanceSignal": "refs truth accepted、workflow / secret 名稱驗收與 rollback ADR 皆由人工確認。",
"stillClosed": "不得建立 repo、改可見性、同步 refs、改 workflow / secret、切 primary 或停用 Gitea。"
},
"hostSafetyWindow": {
"title": "主機安全窗口與 rollback 可用",
"requiredEvidence": "Kali、192.168.0.168、192.168.0.111 需要 scope、maintenance window、credential handling 與 rollback owner。",
"acceptanceSignal": "主機 owner 明確接受後,才可建立後續 runtime gate 候選。",
"stillClosed": "目前不得 SSH、掃描、更新主機、調校設定或執行 Kali /execute。"
},
"rollbackDisable": {
"title": "回復與停用條件可操作",
"requiredEvidence": "每個波次都要有 disable 條件、rollback owner、驗證方式與停止條件。",
"acceptanceSignal": "人工審查確認失敗時能回到只讀狀態,且不留下半套 enforcement。",
"stillClosed": "不得在沒有回復條件前啟用 production deploy、blocking control 或 source-control mutation。"
}
}
},
"productRolloutAcceptanceOutcomes": {
"title": "全產品 rollout 驗收結果分流",
"subtitle": "S2.129 把 S2.128 的驗收門檻往後補成七條結果分流:維持只讀、退回補證、隔離敏感、版本待證、主機暫停、待人工審與 runtime 未開。這讓所有產品的後續狀態可以被理解,但仍不建立 reviewer candidate、runtime gate 或任何執行動作。",
"laneLabel": "分流",
"whyLabel": "判定原因",
"nextLabel": "下一步",
"blockedLabel": "仍禁止",
"boundaryTitle": "結果分流邊界",
"boundaryIntro": "以下鍵值固定:目前結果分流只做 read-only outcome routingreturned、quarantined、human review candidate、runtime candidate、owner accepted 與 active runtime gate 全部仍是 0。",
"summary": {
"outcomes": {
"label": "結果分流",
"detail": "七條分流覆蓋只讀、補證、隔離、版本、主機、人工審與 runtime。"
},
"accepted": {
"label": "已接受",
"detail": "目前 0不把結果分流當驗收通過。"
},
"quarantine": {
"label": "隔離件",
"detail": "目前 0若有敏感內容只會進隔離說明。"
},
"runtime": {
"label": "runtime 候選",
"detail": "目前 0不建立執行期閘門。"
}
},
"items": {
"keepReadOnly": {
"title": "維持只讀分流",
"why": "證據不足或尚未進人工驗收時,產品波次維持可視化與證據欄位。",
"next": "持續顯示範圍、門檻、false flags 與下一個 owner evidence。",
"blocked": "不得因此啟用 blocking enforcement、action button、掃描或部署。"
},
"returnEvidence": {
"title": "退回補證分流",
"why": "owner 回覆、範圍、資料分級、rollback 或 disable 條件缺漏。",
"next": "退回對應產品 owner 補 metadata-only evidence pointer。",
"blocked": "不得用口頭說明、截圖原文、raw payload 或 secret value 補證。"
},
"quarantineSensitive": {
"title": "敏感內容隔離分流",
"why": "若 evidence 含機密明文、內網細節、掃描原文或未脫敏 payload只能隔離。",
"next": "保留隔離原因與脫敏要求,等待重新提交安全摘要。",
"blocked": "不得在公開頁、AwoooP、IwoooS 或工具台顯示敏感原文。"
},
"sourceControlHold": {
"title": "版本來源待證分流",
"why": "GitHub / Gitea target、refs truth、workflow / secret 名稱或 rollback readiness 尚未通過。",
"next": "回到逐 repo owner response、refs truth 與 rollback ADR 驗收。",
"blocked": "不得建立 repo、同步 refs、改 workflow / secret、切 primary 或停用 Gitea。"
},
"hostSafetyHold": {
"title": "主機安全暫停分流",
"why": "Kali、192.168.0.168、192.168.0.111 尚缺 scope、maintenance window、credential handling 或 rollback owner。",
"next": "等待主機 owner 明確接受後,才可列入後續 runtime gate 候選。",
"blocked": "不得 SSH、更新主機、掃描、調校或執行 Kali /execute。"
},
"humanReviewCandidate": {
"title": "人工審查候選分流",
"why": "只有所有必要 evidence 都脫敏且可追溯時,才可能成為人工審查候選。",
"next": "由 reviewer queue 人工開啟後,才可進下一階段審查。",
"blocked": "目前 candidate=0、queue=false不得自動指派 reviewer 或建立稽核事件。"
},
"runtimeDenied": {
"title": "runtime 未開分流",
"why": "即使某些資訊已可見,只要 active runtime gate 為 0就不能執行。",
"next": "等待 owner accepted、人工審查、rollback / disable 可用與 runtime gate 明確批准。",
"blocked": "不得掃描、修復、部署、主機變更、版本來源操作或正式環境變更。"
}
}
},
"firstProgressUnlockPath": {
"title": "第一個進度解鎖路徑",
"subtitle": "S2.114 把 58% 下一個真正能往前的路徑收斂到 S4.9 負責人回覆:先收到可追溯回覆,再補齊脫敏證據參照,通過收件預檢與審查接受後,才可能成為 headline review 候選。",
"stepLabel": "步驟",
"boundaryTitle": "第一解鎖路徑邊界",
"boundaryIntro": "以下鍵值固定:這是 S4.9 第一解鎖路徑的只讀收斂,不是送件完成、回覆已收到、批准、掃描、修復、部署或執行期入口。",
"summary": {
"focus": {
"label": "目前焦點",
"detail": "S4.9 是第一個可能推動 58% 的收件路徑。"
},
"steps": {
"label": "解鎖步驟",
"detail": "五步都需要證據,不跳步。"
},
"accepted": {
"label": "已接受",
"detail": "目前 0還不能觸發 headline review。"
},
"headline": {
"label": "進度審查",
"detail": "目前未開,只能等待證據。"
}
},
"items": {
"ownerResponseScope": {
"title": "收到負責人回覆",
"body": "先確認 S4.9 owner role、decision、reason、scope 與 follow-up owner 都可追溯。"
},
"redactedEvidencePointer": {
"title": "補齊脫敏證據參照",
"body": "只收 metadata 與 evidence refs不收機密明文、token value 或未脫敏 payload。"
},
"intakePreflight": {
"title": "通過收件預檢",
"body": "檢查欄位完整、範圍一致、敏感內容隔離與禁止變更條款都成立。"
},
"reviewAcceptance": {
"title": "審查接受",
"body": "人工 reviewer 接受後,才可把 S4.9 視為有效 movement signal。"
},
"headlineReviewCandidate": {
"title": "成為進度審查候選",
"body": "只有 accepted evidence 出現後,才可能進入 headline review目前仍未授權。"
}
}
},
"firstUnlockEvidencePacket": {
"title": "第一解鎖證據包",
"subtitle": "S2.115 把 S4.9 要讓 58% 真正前進所需的證據收斂成五個欄位:負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要。這裡只顯示要補什麼不收 raw payload、不收機密明文、不開 headline review。",
"slotLabel": "欄位",
"boundaryTitle": "證據包收件邊界",
"boundaryIntro": "以下鍵值固定:這是第一解鎖證據包的只讀欄位定義,不是送件、收件、驗收通過、審批、掃描、修復、部署或執行期入口。",
"summary": {
"slots": {
"label": "證據欄位",
"detail": "五個欄位缺一不可。"
},
"filled": {
"label": "已補齊",
"detail": "目前仍是 0不把定義當證據。"
},
"accepted": {
"label": "已接受",
"detail": "目前仍是 0不能觸發進度審查。"
},
"payload": {
"label": "敏感 payload",
"detail": "raw payload、token value 與機密明文都禁止收件。"
}
},
"items": {
"ownerDecisionMetadata": {
"title": "負責人判定 metadata",
"body": "需要 owner role、decision、reason、follow-up owner 與判定時間;不接受口頭同意。"
},
"scopeEvidenceRefs": {
"title": "範圍與來源參照",
"body": "需要對應 S4.9 範圍、Gitea / GitHub 來源脈絡與可追溯 evidence refs。"
},
"redactionAttestation": {
"title": "脫敏聲明",
"body": "需要明確標示只含 metadata 與 evidence pointerraw payload 與機密值已隔離。"
},
"preflightTrace": {
"title": "收件預檢軌跡",
"body": "需要欄位完整、範圍一致、敏感內容隔離與禁止變更條款的預檢結果。"
},
"reviewAcceptanceSummary": {
"title": "審查接受摘要",
"body": "人工 reviewer 接受後才可形成 movement signal目前仍未接受、未授權。"
}
}
},
"firstUnlockEvidencePacketPreflightOutcomes": {
"title": "第一解鎖證據包預檢分流",
"subtitle": "S2.116 把第一解鎖證據包進來後的結果分成六條只讀分流:可進審查、補 owner metadata、補範圍參照、隔離 raw payload、拒收機密值、等待 reviewer。這裡只說明預檢結果不把任何分流當成已接受或授權。",
"laneLabel": "分流",
"boundaryTitle": "預檢分流邊界",
"boundaryIntro": "以下鍵值固定這是第一解鎖證據包的預檢結果分流不是證據已補齊、審查已接受、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"lanes": {
"label": "結果分流",
"detail": "六條分流讓補證、隔離與拒收不混在一起。"
},
"ready": {
"label": "可進審查",
"detail": "目前仍是 0沒有可審查證據包。"
},
"quarantine": {
"label": "已隔離",
"detail": "目前仍是 0若有 raw payload 才會隔離。"
},
"accepted": {
"label": "已接受",
"detail": "目前仍是 0不能推動 headline。"
}
},
"items": {
"readyForReview": {
"title": "可進人工審查",
"body": "五個欄位完整、只有 metadata 與脫敏參照時,才可進 reviewer queue目前仍是 0。"
},
"needsOwnerMetadata": {
"title": "要求補 owner metadata",
"body": "缺 owner role、decision、reason、follow-up owner 或判定時間時,只能退回補欄。"
},
"needsScopeRefs": {
"title": "要求補範圍參照",
"body": "缺 S4.9 範圍、來源脈絡或 evidence refs 時,不能進審查。"
},
"quarantineRawPayload": {
"title": "隔離 raw payload",
"body": "任何未脫敏 payload、截圖原文或高風險輸出都要隔離不進一般審查。"
},
"rejectSecretValue": {
"title": "拒收機密明文值",
"body": "token value、登入口令、私鑰或其他機密明文值直接拒收不保留在前端或 snapshot。"
},
"waitingReviewer": {
"title": "等待 reviewer 接受",
"body": "預檢可通過也不代表 accepted仍需人工 reviewer 接受後才可能形成 movement signal。"
}
}
},
"firstUnlockEvidencePacketSupplementPath": {
"title": "第一解鎖證據包補件路徑",
"subtitle": "S2.117 把第一解鎖證據包未通過預檢時的補件方式拆成五步:補 owner metadata、補範圍參照、補脫敏聲明、補預檢軌跡、等待 reviewer queue。這裡只顯示補件路徑不送出 request、不接受證據、不開 headline review。",
"stepLabel": "補件步驟",
"boundaryTitle": "補件路徑邊界",
"boundaryIntro": "以下鍵值固定這是第一解鎖證據包的補件說明不是送件、收件、審查接受、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"steps": {
"label": "補件步驟",
"detail": "五步只說明缺口,不代表已補齊。"
},
"ready": {
"label": "可送審",
"detail": "目前仍是 0沒有可送審補件。"
},
"submitted": {
"label": "已送出",
"detail": "目前仍是 0不把路徑當 request sent。"
},
"accepted": {
"label": "已接受",
"detail": "目前仍是 0headline 不提高。"
}
},
"items": {
"ownerMetadataPatch": {
"title": "補 owner metadata",
"body": "補齊 owner role、decision、reason、follow-up owner 與判定時間;缺一項就不能進審查。"
},
"scopeRefsPatch": {
"title": "補範圍與來源參照",
"body": "補上 S4.9 scope、Gitea / GitHub 來源脈絡與 evidence refs避免範圍漂移。"
},
"redactionPatch": {
"title": "補脫敏聲明",
"body": "只允許 metadata 與 evidence pointerraw payload、token value、私鑰與登入口令仍不可收。"
},
"preflightTracePatch": {
"title": "補預檢軌跡",
"body": "補上欄位完整、範圍一致、敏感內容隔離與禁止變更條款的檢查結果。"
},
"reviewerQueuePatch": {
"title": "等待 reviewer queue",
"body": "補件就緒也只是進入人工 reviewer queueaccepted 前不得成為 movement signal。"
}
}
},
"firstUnlockEvidencePacketSupplementPreReview": {
"title": "第一解鎖證據包補件送審前檢查",
"subtitle": "S2.118 把補件要進 reviewer queue 前的檢查拆成六項owner metadata 完整、範圍參照可追溯、脫敏聲明成立、預檢軌跡附上、禁止變更條款維持、reviewer queue 未開。這裡只顯示送審前檢查,不代表補件已送出或已接受。",
"checkLabel": "檢查",
"boundaryTitle": "送審前檢查邊界",
"boundaryIntro": "以下鍵值固定這是補件送審前檢查不是送件、收件、審查接受、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"checks": {
"label": "檢查項",
"detail": "六項都只是送審前條件。"
},
"passed": {
"label": "已通過",
"detail": "目前仍是 0不把檢查表當通過。"
},
"ready": {
"label": "可送審",
"detail": "目前仍是 0reviewer queue 未開。"
},
"queue": {
"label": "審查佇列",
"detail": "目前 false沒有送審入口。"
}
},
"items": {
"ownerMetadataComplete": {
"title": "owner metadata 完整",
"body": "確認 owner role、decision、reason、follow-up owner 與判定時間都存在且可追溯。"
},
"scopeRefsTraceable": {
"title": "範圍參照可追溯",
"body": "確認 S4.9 scope、來源脈絡與 evidence refs 一致,不把其他專案或其他主機混入。"
},
"redactionAttested": {
"title": "脫敏聲明成立",
"body": "確認只含 metadata 與 evidence pointerraw payload、token value、私鑰與登入口令都未進入收件。"
},
"preflightTraceAttached": {
"title": "預檢軌跡附上",
"body": "確認欄位完整、範圍一致、敏感內容隔離與禁止變更條款都有檢查結果。"
},
"noMutationClauseHeld": {
"title": "禁止變更條款維持",
"body": "確認補件不會觸發 repo、refs、workflow、secret、Kali、SSH、部署或主機變更。"
},
"reviewerQueueReady": {
"title": "reviewer queue 未開",
"body": "即使前五項都補齊,也要等人工 reviewer queue 開啟;目前仍是 false。"
}
}
},
"firstUnlockEvidencePacketSupplementPreReviewOutcomes": {
"title": "第一解鎖證據包補件送審結果分流",
"subtitle": "S2.119 把補件送審前檢查後可能出現的結果拆成六條只讀分流:可排入 reviewer queue、退回補件、隔離敏感材料、拒收變更要求、維持佇列未開、等待 reviewer 指派。這裡只顯示結果分流,不代表 queue 已開、補件已送出或審查已接受。",
"outcomeLabel": "結果",
"boundaryTitle": "結果分流邊界",
"boundaryIntro": "以下鍵值固定這是補件送審前檢查後的只讀結果分流不是送件、收件、審查接受、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"lanes": {
"label": "結果分流",
"detail": "六條分流讓可排隊、退回、隔離與拒收不混在一起。"
},
"ready": {
"label": "可排隊",
"detail": "目前仍是 0reviewer queue 未開。"
},
"returned": {
"label": "退回補件",
"detail": "目前仍是 0沒有已退回項。"
},
"assigned": {
"label": "已指派",
"detail": "目前仍是 0沒有 reviewer 指派。"
}
},
"items": {
"readyForReviewerQueue": {
"title": "可排入 reviewer queue",
"body": "六項檢查都通過且 queue 開啟時,才可排入 reviewer queue目前仍是 0。"
},
"returnToSupplement": {
"title": "退回補件",
"body": "owner metadata、scope refs、脫敏聲明或預檢軌跡不足時只能退回補件。"
},
"quarantineSensitiveMaterial": {
"title": "隔離敏感材料",
"body": "raw payload、token value、私鑰、登入口令或未脫敏輸出都要隔離不進一般審查。"
},
"rejectMutationRequest": {
"title": "拒收變更要求",
"body": "任何要求 repo、refs、workflow、secret、Kali、SSH、部署或主機變更的內容直接拒收。"
},
"keepQueueClosed": {
"title": "維持佇列未開",
"body": "沒有人工 reviewer queue 開啟前,即使補件完整也不能進入審查流程。"
},
"waitReviewerAssignment": {
"title": "等待 reviewer 指派",
"body": "queue 開啟後仍需人工 reviewer 指派;未指派前不形成 accepted evidence。"
}
}
},
"firstUnlockEvidencePacketReviewerAssignmentPreparation": {
"title": "第一解鎖證據包 reviewer 指派準備包",
"subtitle": "S2.120 把補件結果分流之後,若未來要進人工 reviewer 指派前需要整理的六個準備包前台化佇列狀態凍結、reviewer 角色邊界、範圍包、證據索引、衝突揭露、指派稽核草稿。這裡只顯示準備包,不代表 reviewer candidate 已成立、queue 已開或 reviewer 已指派。",
"packetLabel": "準備包",
"boundaryTitle": "指派準備邊界",
"boundaryIntro": "以下鍵值固定:這是 reviewer 指派前的只讀準備包,不是開 queue、指派 reviewer、接受補件、建立稽核事件、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"packets": {
"label": "準備包",
"detail": "六個準備包讓指派前資料不混成授權。"
},
"ready": {
"label": "可指派",
"detail": "目前仍是 0沒有可指派狀態。"
},
"candidates": {
"label": "候選 reviewer",
"detail": "目前仍是 0沒有候選 reviewer。"
},
"assigned": {
"label": "已指派",
"detail": "目前仍是 0沒有 reviewer 指派。"
}
},
"items": {
"queueStatusFreeze": {
"title": "佇列狀態凍結",
"body": "把 queue_open=false、ready_for_queue_count=0 與 request_sent=false 固定在同一個準備包,避免被誤讀成已開佇列。"
},
"reviewerRoleBoundary": {
"title": "reviewer 角色邊界",
"body": "只描述未來人工 reviewer 需要檢查的責任邊界,不建立 reviewer candidate 或 reviewer assignment。"
},
"scopePacket": {
"title": "範圍包",
"body": "整理 S4.9 scope、來源脈絡與 evidence refs 的對照,仍不能把其他主機或其他專案混入。"
},
"evidencePointerIndex": {
"title": "證據索引",
"body": "只索引 metadata 與 evidence pointerraw payload、token value、私鑰與登入口令仍不得進入準備包。"
},
"conflictDisclosure": {
"title": "衝突揭露",
"body": "標示 source、scope、owner 或禁止變更條款的衝突,衝突未釐清前不能進 reviewer 指派。"
},
"assignmentAuditDraft": {
"title": "指派稽核草稿",
"body": "只準備未來可留痕的 metadata shape目前 assignment_audit_event_emitted 仍是 0。"
}
}
},
"firstUnlockEvidencePacketReviewerAssignmentPreflight": {
"title": "第一解鎖證據包 reviewer 指派前檢查",
"subtitle": "S2.121 把 reviewer 指派準備包之後的六項檢查前台化:佇列仍關閉、角色邊界可追溯、範圍包可追溯、證據索引已脫敏、衝突揭露已釐清、稽核草稿只含 metadata。這裡只顯示指派前檢查不代表 reviewer candidate 已成立、queue 已開或 reviewer 已指派。",
"checkLabel": "檢查",
"boundaryTitle": "指派前檢查邊界",
"boundaryIntro": "以下鍵值固定:這是 reviewer 指派前的只讀檢查,不是開 queue、建立 reviewer candidate、指派 reviewer、接受補件、建立稽核事件、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"checks": {
"label": "檢查項",
"detail": "六項都只是指派前核對條件。"
},
"passed": {
"label": "已通過",
"detail": "目前仍是 0不把清單當通過。"
},
"ready": {
"label": "可指派",
"detail": "目前仍是 0queue 仍關閉。"
},
"assigned": {
"label": "已指派",
"detail": "目前仍是 0沒有 reviewer 指派。"
}
},
"items": {
"queueStillClosed": {
"title": "佇列仍關閉",
"body": "確認 queue_open=false、ready_for_queue_count=0、request_sent=false避免檢查清單被當成已開 queue。"
},
"roleBoundaryTraceable": {
"title": "角色邊界可追溯",
"body": "確認 reviewer 只負責人工審查與建議不具備部署、掃描、repo、refs、workflow 或 secret 操作權。"
},
"scopePacketTraceable": {
"title": "範圍包可追溯",
"body": "確認 S4.9 scope、來源脈絡與 evidence refs 都能對照,且沒有混入其他主機或其他專案。"
},
"evidenceIndexRedacted": {
"title": "證據索引已脫敏",
"body": "確認只保留 metadata 與 evidence pointerraw payload、token value、私鑰與登入口令仍不可收。"
},
"conflictDisclosureClear": {
"title": "衝突揭露已釐清",
"body": "source、scope、owner 或禁止變更條款有衝突時,必須停在待釐清,不得進 reviewer 指派。"
},
"auditDraftMetadataOnly": {
"title": "稽核草稿只含 metadata",
"body": "確認未來稽核事件只會保留 metadata shape目前 audit_event_emitted 仍是 0。"
}
}
},
"firstUnlockEvidencePacketReviewerAssignmentPreflightOutcome": {
"title": "第一解鎖證據包 reviewer 指派前檢查結果分流",
"subtitle": "S2.122 把 reviewer 指派前檢查後的六條結果分流前台化:維持佇列關閉、退回角色邊界、退回範圍包、隔離未脫敏證據、暫停衝突揭露、保留 metadata-only 稽核草稿。這裡只顯示分流,不代表 reviewer candidate 已成立、queue 已開或 reviewer 已指派。",
"outcomeLabel": "結果",
"boundaryTitle": "指派前結果分流邊界",
"boundaryIntro": "以下鍵值固定:這是 reviewer 指派前檢查後的只讀結果分流,不是建立 reviewer candidate、開 queue、指派 reviewer、接受補件、建立稽核事件、headline review、掃描、修復、部署或執行期入口。",
"summary": {
"outcomes": {
"label": "分流",
"detail": "六條只讀結果讓後續處理不混成授權。"
},
"candidates": {
"label": "候選 reviewer",
"detail": "目前仍是 0沒有 reviewer candidate。"
},
"assigned": {
"label": "已指派",
"detail": "目前仍是 0沒有 reviewer 指派。"
},
"audit": {
"label": "稽核事件",
"detail": "目前仍是 0沒有建立稽核事件。"
}
},
"items": {
"keepQueueClosed": {
"title": "維持佇列關閉",
"body": "只要 passed_count=0 或 ready_count=0就維持 queue_open=false不進 reviewer candidate。"
},
"returnRoleBoundary": {
"title": "退回角色邊界",
"body": "reviewer 權責不清時退回補齊仍不得賦予部署、掃描、repo、refs、workflow 或 secret 操作權。"
},
"returnScopePacket": {
"title": "退回範圍包",
"body": "scope、source 或 evidence refs 不可追溯時退回補件,避免混入其他主機或其他專案。"
},
"quarantineEvidenceIndex": {
"title": "隔離未脫敏證據",
"body": "若出現 raw payload、token value、私鑰或登入口令必須隔離並不得進 reviewer 指派。"
},
"holdConflictDisclosure": {
"title": "暫停衝突揭露",
"body": "source、scope、owner 或禁止變更條款衝突未釐清前,停在 conflict hold不建立 candidate。"
},
"keepAuditDraftMetadataOnly": {
"title": "保留 metadata 稽核草稿",
"body": "只保留未來稽核事件的 metadata shape目前 audit_event_emitted 仍是 0。"
}
}
},
"s49OwnerResponseWorkOrder": {
"title": "S4.9 Owner Response 人工收件工作單",
"subtitle": "S2.101 把第一個真正能推動 58% 的 S4.9 回覆收件格式放到 IwoooS每項都要包含 owner role/team、decision、decision reason、受影響 scope、脫敏 evidence refs 與 follow-up owner。這裡只是人工收件工作單不送出 request、不收件、不標記 received / accepted。",
"itemLabel": "收件項目",
"requiredFieldsLabel": "必填欄位",
"acceptanceLabel": "驗收方式",
"guardLabel": "仍禁止",
"boundaryTitle": "S4.9 收件邊界",
"summary": {
"items": {
"label": "工作項",
"detail": "五個 S4.9 owner response 項目仍全部未收。"
},
"fields": {
"label": "每項必填",
"detail": "六個欄位缺一不可,避免口頭同意被誤收。"
},
"received": {
"label": "已收到",
"detail": "目前仍是 0不把工作單當回覆。"
},
"accepted": {
"label": "已接受",
"detail": "目前仍是 0五項通過前不得 accepted。"
}
},
"items": {
"scopeGapResponse": {
"title": "Public-only / local gap 回覆",
"body": "請 owner 判定 public-only 與 local Gitea 差異是否納入本輪 inventory / migration scope。",
"requiredFields": "owner role/team、decision、decision reason、affected scope、redacted evidence refs、follow-up owner。",
"acceptance": "decision 必須落在 in scope、out of scope、legacy archived、external system、inaccessible 或 needs more evidence。",
"guard": "不建立 repo、不讀私有內容、不同步 refs、不把差異判定當 migration approval。"
},
"endpointIdentityResponse": {
"title": "Gitea `wooo` endpoint 身分回覆",
"body": "請 owner 判定 `wooo` 應以 user、org 或雙重來源盤點,避免把 endpoint 404 誤讀成不存在。",
"requiredFields": "owner role/team、canonical endpoint identity、decision reason、affected endpoint、redacted evidence refs、follow-up owner。",
"acceptance": "必須能追溯到已知 endpoint evidence且不得含 token、cookie、private URL credential 或 admin API payload。",
"guard": "不呼叫 Gitea admin API、不使用 token、不把 endpoint 身分當 inventory completed。"
},
"adjacentSourceResponse": {
"title": "110 adjacent source scope 回覆",
"body": "請 owner 判定 `bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config` 是否納入本輪 scope。",
"requiredFields": "owner role/team、per-source decision、decision reason、affected source、redacted evidence refs、follow-up owner。",
"acceptance": "逐項標示 in scope、out of scope、legacy、external、inaccessible 或 needs more evidence並保留脫敏 trace。",
"guard": "不讀取私有 repo 內容、不匯入 archive、不把 110 adjacent source 自動納入 migration。"
},
"canonicalOwnerResponse": {
"title": "Repo owner / canonical scope 回覆",
"body": "請 owner 為 in-scope repo 指定 canonical source、GitHub target candidate、visibility review owner 與理由。",
"requiredFields": "owner role/team、canonical source、GitHub target candidate、visibility review owner、redacted evidence refs、follow-up owner。",
"acceptance": "target candidate 只能作為 readiness evidence需後續 S4.10 / S4.11 / S4.12 驗收後才可進 primary review。",
"guard": "不建立 GitHub repo、不改 visibility、不切 primary、不把 target candidate 當 approval。"
},
"legacyDispositionResponse": {
"title": "Legacy / inaccessible disposition 回覆",
"body": "請 owner 對 legacy、inaccessible 或 external repo 留下 disposition、理由與後續負責人。",
"requiredFields": "owner role/team、disposition、decision reason、affected repo/source、redacted evidence refs、follow-up owner。",
"acceptance": "disposition 只能是 archive candidate、exclude、follow-up evidence、external owner 或 needs more evidence。",
"guard": "不刪除、不停用、不封存 repodisposition 只是人工分類,不是執行命令。"
}
}
},
"s49OwnerResponseEnvelope": {
"title": "S4.9 負責人回覆封套欄位",
"subtitle": "S2.102 把 S4.9 負責人回覆的六個必填欄位做成只讀回覆封套矩陣。這讓負責人可以照同一格式回覆,也讓審查者能逐欄驗收;目前仍是空白封套,不提交、不收件、不建立稽核事件。",
"fieldLabel": "封套欄位",
"formatLabel": "建議格式",
"guardLabel": "仍禁止",
"boundaryTitle": "回覆封套邊界",
"summary": {
"fields": {
"label": "欄位",
"detail": "六個欄位缺一不可。"
},
"filled": {
"label": "已填",
"detail": "目前仍是 0不把封套當回覆。"
},
"submitted": {
"label": "已提交",
"detail": "目前仍是 0不送出請求。"
},
"accepted": {
"label": "已接受",
"detail": "目前仍是 0不開進度重估。"
}
},
"items": {
"ownerRoleTeam": {
"title": "負責人角色 / 團隊",
"body": "標示這筆 S4.9 回覆由哪個角色、團隊或負責人代表提供。",
"format": "使用角色 / 團隊名稱與可追溯責任範圍,不填個人密碼、權杖或私人聯絡資訊。",
"guard": "不把負責人欄位當審批人、不自動指派權責。"
},
"decision": {
"title": "判定 / 處置",
"body": "標示這筆回覆的判定結果,例如納入範圍、排除範圍、既有封存、外部系統、無法存取或需要更多證據。",
"format": "只能使用該收件項允許值,避免自由文字被誤讀成遷移批准。",
"guard": "不把同意、可進行或看起來沒問題升級成主要來源切換。"
},
"decisionReason": {
"title": "判定理由",
"body": "說明判定理由,讓審查者能追溯為什麼該專案庫、端點或範圍被納入、排除或要求補證。",
"format": "使用短句與證據參照對應,不貼原始日誌、私有網址憑證或機密片段。",
"guard": "不把理由欄當正式 ADR、不把口頭理由當審批紀錄。"
},
"affectedScope": {
"title": "受影響範圍",
"body": "列出受影響專案庫、端點、來源或範圍,讓 S4.13 驗收彙整能對應到正確收件項。",
"format": "使用專案庫 / 端點 / 來源名稱或脫敏識別碼,不貼封存檔、資料庫傾印或 Git 物件包。",
"guard": "不讀取私有內容、不匯入來源、不自動擴大遷移範圍。"
},
"redactedEvidenceRefs": {
"title": "脫敏證據參照",
"body": "引用已脫敏的文件、快照、中繼資料指標或審查者可追溯的證據參照。",
"format": "只接受脫敏參照權杖、機密、cookie、session、私鑰、憑證明文必須隔離。",
"guard": "不保存機密明文、不把證據參照當載荷匯入。"
},
"followupOwner": {
"title": "後續負責人",
"body": "指定若需要補證、隔離、拒收或後續 S4.10-S4.12 判定時的負責人。",
"format": "使用角色 / 團隊 / 工作窗口,不含私人機密與一次性憑證。",
"guard": "不把後續負責人當批准者、不開執行期閘門。"
}
}
},
"s49OwnerResponseEnvelopePreflight": {
"title": "S4.9 負責人回覆封套送件前檢查",
"subtitle": "S2.103 把回覆封套送出前的六個檢查點做成只讀看板。它只協助負責人與審查者確認欄位、判定、證據、範圍、變更要求與後續負責人是否可讀;目前通過=0、可送件=0不送出、不收件、不建立稽核事件。",
"checkLabel": "送件前檢查",
"failureLabel": "不通過時",
"guardLabel": "仍禁止",
"boundaryTitle": "送件前檢查邊界",
"summary": {
"checks": {
"label": "檢查項",
"detail": "六個檢查缺一不可。"
},
"passed": {
"label": "通過",
"detail": "目前仍是 0不把封套當可送件。"
},
"ready": {
"label": "可送件",
"detail": "目前仍是 0不開收件。"
},
"submitted": {
"label": "已提交",
"detail": "目前仍是 0不送出請求。"
}
},
"items": {
"fieldCompleteness": {
"title": "六欄完整檢查",
"body": "確認負責人角色 / 團隊、判定 / 處置、判定理由、受影響範圍、脫敏證據參照、後續負責人六欄都存在。",
"failure": "缺欄時只能要求補齊,不得標記可送件。",
"guard": "不接受口頭同意、不用缺欄封套建立審批紀錄。"
},
"allowedDisposition": {
"title": "判定值允許檢查",
"body": "確認判定落在該收件項允許值內,避免自由文字被誤讀成遷移或主要來源批准。",
"failure": "判定值不明確時只能要求負責人修正。",
"guard": "不把同意、可進行、看起來沒問題升級成執行授權。"
},
"redactedEvidence": {
"title": "脫敏證據檢查",
"body": "確認證據只引用脫敏文件、快照或中繼資料指標沒有機密明文、權杖、私鑰、cookie 或 session。",
"failure": "出現敏感載荷時只能隔離,不得匯入或轉送。",
"guard": "不保存機密明文、不把證據參照當載荷匯入。"
},
"scopeTraceability": {
"title": "範圍追溯檢查",
"body": "確認受影響專案庫、端點、來源或範圍能對應到 S4.9 五個人工收件項之一。",
"failure": "範圍無法對應時只能要求補證或修正範圍。",
"guard": "不讀取私有內容、不匯入來源、不自動擴大遷移範圍。"
},
"mutationRequestRejected": {
"title": "變更要求拒收檢查",
"body": "確認回覆封套沒有夾帶建立專案庫、改可見性、同步分支、修改工作流程或收集機密值的要求。",
"failure": "夾帶變更要求時只能拒收或拆到獨立人工閘門。",
"guard": "不從封套觸發 GitHub、Gitea、分支 / 標籤參照、工作流程、機密設定或執行器動作。"
},
"followupOwnerTrace": {
"title": "後續負責人追溯檢查",
"body": "確認補證、隔離、拒收或後續 S4.10-S4.12 判定都有可追溯角色或團隊。",
"failure": "沒有後續負責人時只能維持等待,不得進入接受。",
"guard": "不把後續負責人當批准者、不開執行期閘門。"
}
}
},
"s49OwnerResponseEnvelopePreflightOutcome": {
"title": "S4.9 負責人回覆封套送件前結果分流",
"subtitle": "S2.104 把送件前檢查後的七種結果做成只讀分流。它只說明封套不通過時要補欄、修正判定、隔離敏感證據、修正範圍、拒收變更要求或維持等待;目前可進收件=0不送出、不收件、不接受。",
"laneLabel": "結果分流",
"nextLabel": "下一步",
"guardLabel": "仍禁止",
"boundaryTitle": "結果分流邊界",
"summary": {
"lanes": {
"label": "分流",
"detail": "七條分流只供人工判讀。"
},
"ready": {
"label": "可進收件",
"detail": "目前仍是 0不開收件。"
},
"quarantined": {
"label": "已隔離",
"detail": "目前仍是 0不保存敏感載荷。"
},
"rejected": {
"label": "已拒收",
"detail": "目前仍是 0不建立拒收紀錄。"
}
},
"items": {
"keepEnvelopeWaiting": {
"title": "維持封套等待",
"body": "封套尚未通過送件前檢查時,保持等待狀態,避免被誤認成已送出或已收到。",
"next": "回到封套欄位與送件前檢查,不建立任何收件事件。",
"guard": "不把等待狀態當進度增加、不開人工批准。"
},
"requestFieldCompletion": {
"title": "要求補齊欄位",
"body": "六欄任一缺漏時,要求補齊負責人角色 / 團隊、判定、理由、範圍、脫敏證據或後續負責人。",
"next": "只回到補欄,不標記可進收件。",
"guard": "不接受口頭補充、不用缺欄封套建立審批紀錄。"
},
"requestDispositionCorrection": {
"title": "要求修正判定",
"body": "判定值不在允許範圍或語意模糊時,要求負責人改成可驗收的明確判定。",
"next": "只要求修正判定,不推進主要來源或遷移判定。",
"guard": "不把同意、可進行或看起來沒問題當執行授權。"
},
"quarantineSensitiveEvidence": {
"title": "隔離敏感證據",
"body": "若封套含機密明文、權杖、私鑰、cookie、session 或私有憑證,必須先隔離。",
"next": "只進隔離與脫敏補證,不匯入原始載荷。",
"guard": "不保存機密明文、不轉送敏感載荷。"
},
"requestScopeCorrection": {
"title": "要求修正範圍",
"body": "受影響專案庫、端點、來源或範圍無法對應 S4.9 收件項時,要求補證或修正。",
"next": "只回到範圍補正,不自動擴大遷移範圍。",
"guard": "不讀取私有內容、不匯入來源。"
},
"rejectMutationRequest": {
"title": "拒收變更要求",
"body": "封套夾帶建立專案庫、改可見性、同步分支、修改工作流程或收集機密值時,直接分流為拒收。",
"next": "只記為需另開人工閘門的變更要求,不在封套內處理。",
"guard": "不從封套觸發 GitHub、Gitea、分支 / 標籤參照、工作流程、機密設定或執行器動作。"
},
"keepFollowupOwnerWaiting": {
"title": "維持後續負責人等待",
"body": "補證、隔離、拒收或後續 S4.10-S4.12 判定沒有可追溯角色或團隊時,維持等待。",
"next": "只要求補上後續負責人,不進入接受。",
"guard": "不把後續負責人當批准者、不開執行期閘門。"
}
}
},
"s49OwnerResponseRequestDraft": {
"title": "S4.9 負責人回覆送件請求草稿",
"subtitle": "S2.105 把送件請求拆成只讀草稿,讓封套、預檢與結果分流之後仍有明確的防誤送邊界。這裡只顯示送件前要整理的草稿項,不寄送 request、不通知負責人、不建立稽核事件、不標記收到或接受。",
"draftLabel": "草稿項",
"gapLabel": "目前缺口",
"guardLabel": "仍禁止",
"boundaryTitle": "送件草稿邊界",
"summary": {
"drafts": {
"label": "草稿項",
"detail": "六個草稿項只供人工整理。"
},
"ready": {
"label": "可送件",
"detail": "目前仍是 0不開送件。"
},
"sent": {
"label": "已送出",
"detail": "目前仍是 0不通知負責人。"
},
"emitted": {
"label": "稽核事件",
"detail": "目前仍是 0不寫入事件。"
}
},
"items": {
"scopeMappingDraft": {
"title": "收件範圍對應草稿",
"body": "把 S4.9 五個人工收件項對應到封套範圍,確認每筆請求只問已定義的清冊、端點、鄰近來源、標準負責人或 legacy disposition 問題。",
"gap": "尚未有可送出的範圍對應,不建立 request。",
"guard": "不自動擴大專案庫範圍、不把範圍草稿當 owner response。"
},
"ownerRecipientDraft": {
"title": "負責人收件對象草稿",
"body": "只列出需要人工確認的角色、團隊或後續負責人欄位,不推定個人信箱、帳號或權限。",
"gap": "收件對象尚未確認,不寄送通知。",
"guard": "不抓取私有通訊錄、不自動標記 owner 已通知。"
},
"redactedEvidenceDraft": {
"title": "脫敏證據參照草稿",
"body": "只允許引用脫敏快照、文件路徑或 metadata 指標,避免把 token、私鑰、cookie、session 或原始 inventory payload 放進請求。",
"gap": "尚未有可接受的脫敏證據包,不進收件。",
"guard": "不保存機密明文、不轉送敏感載荷。"
},
"noMutationClauseDraft": {
"title": "禁止變更條款草稿",
"body": "送件文字必須明確說明這不是建立專案庫、改可見性、同步分支、修改 workflow、收集 secret value 或切換主要來源的要求。",
"gap": "禁止變更條款未經人工確認前,不可送件。",
"guard": "不把 request 草稿變成 GitHub、Gitea、分支 / 標籤參照、工作流程或機密設定動作。"
},
"auditTemplateDraft": {
"title": "稽核事件範本草稿",
"body": "預先標出未來若人工送件時需要留下的事件欄位,但目前仍是 template only沒有 event id、沒有 emitted timestamp。",
"gap": "稽核事件仍未發出,不能作為已送件證據。",
"guard": "不寫入 production audit、不把範本當正式紀錄。"
},
"manualDispatchGateDraft": {
"title": "人工送件閘門草稿",
"body": "把送件前最後一道人工確認獨立出來:只有確認收件範圍、對象、脫敏證據、禁止變更條款與稽核範本後,才可另行批准送件。",
"gap": "人工送件閘門未開request_sent 仍為 false。",
"guard": "不提供送出按鈕、不代替負責人回覆、不開執行期閘門。"
}
}
},
"s49OwnerResponsePreflight": {
"title": "S4.9 Owner Response Intake Preflight",
"subtitle": "S2.48 surfaces the 6 S4.9 intake preflight checks in IwoooS: known attestation item, complete fields, allowed decision, redacted evidence, no execution request, and no accepted state until all five items are covered. This is preflight display only: no request send, received marking, or audit event creation.",
"checkLabel": "Preflight",
"failureLabel": "If it fails",
"guardLabel": "Still forbidden",
"items": {
"knownAttestationItem": {
"title": "Match a known S4.7 item",
"body": "The owner response must map to public-only / local gap, org/user endpoint, 110 adjacent source, canonical owner, or legacy disposition.",
"failure": "Unclear mapping can only request owner correction.",
"guard": "Do not treat vague text as coverage attestation or auto-map it to an item."
},
"requiredOwnerFields": {
"title": "Required owner fields complete",
"body": "Each response needs owner role/team, decision, decision reason, affected scope, evidence refs, and followup owner.",
"failure": "Missing fields can only request more evidence.",
"guard": "No verbal OK and no approval record from incomplete responses."
},
"allowedDecision": {
"title": "Decision is allowed",
"body": "The decision must fit the acceptable decisions for the matching template so free text is not misread as authorization.",
"failure": "Invalid decisions request owner correction.",
"guard": "Do not upgrade OK / looks fine language into migration or primary approval."
},
"redactedEvidenceOnly": {
"title": "Redacted evidence refs only",
"body": "Evidence may only point to repo docs, snapshots, or redacted metadata pointers; no tokens, secrets, cookies, sessions, private keys, or private URL credentials.",
"failure": "Sensitive payloads go to quarantine.",
"guard": "No raw secret storage, DB dump import, git object pack, or repo archive collection."
},
"noExecutionRequest": {
"title": "No execution request",
"body": "Responses must not request Gitea/GitHub writes, repo creation, visibility changes, refs sync/delete/force-push, workflow/secret/runner changes, scans, or runtime actions.",
"failure": "Embedded execution asks are rejected.",
"guard": "No Gitea writes, GitHub repo creation, refs sync, or runtime gate opening."
},
"allFiveItemsBeforeAccepted": {
"title": "All five items before Accepted",
"body": "S4.9 cannot be accepted until all five response templates have acceptable owner responses.",
"failure": "Partial responses remain waiting or request more evidence.",
"guard": "Visible preflight is not request sent, received, accepted, or audit emitted."
}
}
},
"awooopCrossSessionHandoff": {
"title": "AwoooP Cross-Session Handoff",
"subtitle": "S2.52 freezes the current PR, branch, progress semantics, required guards, forbidden actions, and next coordination gate as read-only handoff packets so another AwoooP Session can continue without treating the handoff as production landing or execution authorization.",
"packetLabel": "Handoff packet",
"handoffLabel": "Handoff note",
"guardLabel": "Still locked",
"items": {
"branchAndPrAnchor": {
"title": "PR / branch anchor",
"body": "PR #117 and codex/security-supply-chain-contracts-20260512 are the current read-only sync anchors.",
"handoff": "The other Session should confirm the same PR, branch, and latest commit, then read LOGBOOK and the rollup ledger.",
"guard": "Do not merge, deploy, switch primary, or mutate refs from the handoff."
},
"progressSemantics": {
"title": "Progress semantics",
"body": "headline 仍是 58%framework 86-88%runtime / ingestion / GitHub primary / AwoooP production landing 35-40%。",
"handoff": "New UI, docs, and snapshots stay in the framework_detail ledger unless owner response, runtime gate, GitHub primary, or production landing evidence exists.",
"guard": "Do not treat framework detail, readiness, handoff, or guard pass as headline delta."
},
"requiredGuardCommands": {
"title": "Required guards",
"body": "Run security-mirror-progress-guard.py and source-control-owner-response-guard.py before taking over.",
"handoff": "Continue read-only projection only after both guards pass; if either fails, fix the contract or snapshot first.",
"guard": "Do not skip guards; do not treat guard pass as runtime approval."
},
"forbiddenRuntimeActions": {
"title": "Runtime forbidden actions",
"body": "Kali /execute, SSH, host update, active scan, credentialed scan, blocking control, repo / refs / workflow actions remain unauthorized.",
"handoff": "The other Session may only add read-only evidence, UI projection, docs, snapshots, and guards.",
"guard": "runtime_execution_authorized=false; action_buttons_allowed=false"
},
"awooopReadOnlyInputs": {
"title": "AwoooP read-only inputs",
"body": "AwoooP may consume the rollup snapshot, IwoooS projection, owner response validation rollup, Kali status, and rollout policy.",
"handoff": "Main-line AwoooP intake may display only state, evidence refs, route groups, and forbidden actions.",
"guard": "Do not store raw payloads, credential plaintext, token values, or execution payloads."
},
"nextCoordinationGate": {
"title": "Next coordination gate",
"body": "The next high-level gates that can move the headline remain owner response accepted, redacted payload ingestion, active runtime gate, GitHub primary ready, or AwoooP production landing.",
"handoff": "If the other Session advances production landing, it must provide read-only consumption evidence and deployment proof.",
"guard": "Do not treat handoff packets as production consumption."
}
}
}
},
"tickets": {
"title": "Tickets",
"subtitle": "Incident ticket tracking",
"loading": "Loading...",
"id": "Ticket ID",
"title_col": "Title",
"status": "Status",
"priority": "Priority",
"createdAt": "Created At",
"error": "Load failed",
"noTickets": "No tickets"
},
"users": {
"title": "Audit Log",
"subtitle": "K8s operation execution records",
"loading": "Loading...",
"totalExecutions": "Total Executions",
"successCount": "Success",
"failureCount": "Failures",
"successRate": "Success Rate",
"avgDuration": "Avg Duration",
"recentOps": "Recent Operations",
"operation": "Operation Type",
"namespace": "Namespace",
"result": "Result",
"time": "Time",
"error": "Load failed",
"noUsers": "No audit records",
"name": "Name",
"role": "Role",
"status": "Status"
},
"emptyState": {
"noData": "--",
"comingSoon": "Integration pending"
},
"drift": {
"title": "Config Drift Detection",
"subtitle": "GitOps Guardian — Detects drift between K8s actual state and Git YAML",
"scan": "Scan Now",
"scanning": "Scanning...",
"loading": "Loading...",
"noReports": "No drift reports yet",
"noReportsHint": "CronJob scans hourly automatically, or click \"Scan Now\" to trigger manually",
"noDrift": "No Drift",
"reportId": "Report ID",
"scannedAt": "Scanned At",
"namespace": "Namespace",
"triggeredBy": "Triggered By",
"highCount": "High",
"mediumCount": "Medium",
"infoCount": "Info",
"status": "Status",
"driftLevel": {
"high": "High",
"medium": "Medium",
"info": "Info"
},
"interpretation": "Nemotron Intent Analysis",
"noInterpretation": "No analysis needed (no drift)",
"rollback": "Rollback to Git",
"adopt": "Adopt Change",
"rollbackConfirm": "Rollback this resource to Git state?",
"adoptConfirm": "Adopt this change and update Git?",
"pending": "Pending",
"resolved": "Resolved",
"ignored": "Ignored"
},
"neuralCommand": {
"title": "Neural Command Center",
"subtitle": "SSH_COMMAND Chain of Command · OpenClaw 🦞 × NemoTron ⚡",
"lastRefresh": "Updated {time}",
"refresh": "Refresh",
"preFlightAudit": "Pre-Flight Audit",
"liveCommand": "Live Command",
"statsHistory": "Stats & History",
"nuclearApproval": "Nuclear Approval",
"preFlightTitle": "SSH_COMMAND Architecture Security Audit",
"preFlightSubtitle": "WHITELIST updated to production standard",
"progress": "Progress",
"riskLevel": "Risk Level",
"riskLow": "Low",
"auditStatus": "Audit Status",
"passed": "Passed",
"pending": "Pending",
"passBannerTitle": "Pre-Flight Passed — Architecture meets security standards",
"passBannerDesc": "8/8 checks passed · Shell Injection protection enabled · known_hosts mounted",
"statusFixed": "Fixed",
"statusPending": "Pending",
"featureToggles": "Feature Toggle Status",
"approvedPlaybooks": "Approved Playbooks",
"highQuality": "High Quality",
"totalExecutions": "Total Executions",
"successRate": "Success Rate",
"checkA1Label": "Key Check (known_hosts)",
"checkA1Desc": "K8s Secret mounted at /etc/repair-ssh/known_hosts",
"checkA2Label": "Whitelist (ConfigMap)",
"checkA2Desc": "Hardcoded Whitelist → K8s ConfigMap",
"checkA3Label": "Command Injection Filter",
"checkA3Desc": "Block ; | && $() · Max 512 chars",
"checkB1Label": "Audit Log",
"checkB1Desc": "Missing AuditLog → PostgreSQL write",
"checkB2Label": "Langfuse Trace",
"checkB2Desc": "SSH Trace Missing → Decision tracing added",
"checkC1Label": "Idempotency Lock (Redis)",
"checkC1Desc": "repair_lock prevents duplicate execution",
"checkC2Label": "Feedback Loop",
"checkC2Desc": "Success Rate Update → RAG confidence self-updates",
"checkC3Label": "Execution Path (.188)",
"checkC3Desc": "ansible:// forced to .188 control node",
"agentRoleOC": "Diagnosis & RAG Matching",
"agentRoleNemo": "Decision & Execution",
"todayMatches": "Today's Matches",
"ragConf": "RAG Conf",
"execSuccess": "Exec Success",
"avgDuration": "Avg Duration",
"pendingApproval": "Pending",
"alertRadar": "Alert Radar",
"chainTitle": "Neural Transmission Path",
"nodeDone": "Done",
"nodeActive": "Running",
"nodeWaiting": "Waiting",
"execStream": "Execution Stream",
"waitingApproval": "Awaiting commander approval",
"kpiSuccessRate": "Overall Success Rate",
"kpiTotalExec": "Total Executions",
"kpiPlaybooks": "Playbooks",
"kpiAvgDuration": "Avg Repair Time",
"kpiPendingAppr": "Pending Approvals",
"trendUp": "↑ {n}% this week",
"trendDown": "↓ {n}s this week",
"schemeBreakdown": "Execution Path Breakdown",
"playbookRanking": "Playbook Performance Ranking",
"thName": "Name",
"thType": "Type",
"thRate": "Success Rate",
"thCount": "Count",
"historyTimeline": "Repair History Timeline",
"ago": "ago",
"approvalTitle": "Host Layer Command — Commander Authorization Required",
"diagnosis": "Diagnosis",
"recommendation": "Recommendation",
"execPathDetails": "Execution Path Details",
"uriScheme": "URI Scheme",
"controlNode": "Control Node",
"targetHost": "Target Host",
"playbookPath": "Playbook",
"repairLock": "Idempotency Lock",
"riskMediumDesc": "Operation cannot be immediately reverted, but backup protection exists",
"confirmExec": "Hold 5s to Confirm Execution",
"rejectApproval": "Reject — Transfer to Manual",
"approvalGranted": "Authorization Granted",
"approvalGrantedDesc": "NemoTron is executing ansible-playbook...",
"approvalRejected": "Authorization Rejected",
"approvalRejectedDesc": "Transferred to manual handling",
"noHistory": "No repair history yet",
"noActiveAlerts": "No active alerts",
"noPlaybooks": "No playbook records yet",
"noApprovals": "No pending approvals",
"noApprovalsDesc": "All authorization requests have been processed",
"chainAlert": "Alert Triggered",
"chainRAG": "🦞 OpenClaw RAG Diagnosis",
"chainDecide": "⚡ NemoTron Decision",
"chainExec": "Executor Routing",
"chainIdleSub": "Waiting for new alerts...",
"backToList": "Back to List",
"approvalError": "Operation failed",
"processing": "Processing...",
"blastRadius": "Blast Radius",
"affectedPods": "Affected Pods",
"estimatedDowntime": "Est. Downtime",
"relatedServices": "Related Services",
"dataImpact": "Data Impact",
"dryRunChecks": "Dry-Run Checks",
"approvalQueueCount": "{count} pending approvals",
"dispositionBreakdown": "Disposition Breakdown",
"dispositionAuto": "Auto Repair",
"dispositionHuman": "Human Approved",
"dispositionManual": "Manual Resolved",
"dispositionCold": "Cold Start Trust",
"autoRateLabel": "Automation Rate"
},
"alertOpLogs": {
"title": "Alert Operation Logs",
"subtitle": "alert_operation_log · Full event stream",
"refresh": "Refresh",
"totalEvents24h": "24h Total Events",
"allEventTypes": "All Event Types",
"incidentIdFilter": "Filter by Incident ID...",
"totalCount": "{count} total",
"colTime": "Time",
"colEventType": "Event Type",
"colIncident": "Incident",
"colActor": "Actor",
"colDetail": "Detail",
"colResult": "Result",
"loading": "Loading...",
"noRecords": "No records",
"loadError": "Failed to load, please retry",
"pageInfo": "Page {page} / {total}",
"prevPage": "Previous",
"nextPage": "Next",
"eventAlertReceived": "Alert Received",
"eventTelegramSent": "TG Notified",
"eventUserAction": "User Action",
"eventAutoRepairTriggered": "Auto Repair",
"eventExecutionStarted": "Execution Started",
"eventExecutionCompleted": "Execution Completed",
"eventTelegramResultSent": "TG Result",
"eventResolved": "Resolved",
"eventSilenced": "Silenced",
"eventEscalated": "Escalated",
"eventGuardrailBlocked": "Guardrail Blocked",
"eventPreFlightPassed": "Pre-flight Passed",
"eventPreFlightFailed": "Pre-flight Failed",
"eventBackupTriggered": "Backup Triggered",
"eventBackupCompleted": "Backup Completed",
"eventBackupFailed": "Backup Failed",
"eventApprovalEscalated": "Approval Escalated",
"eventChangeApplied": "Change Applied"
},
"commandPalette": {
"placeholder": "Search commands, pages or events...",
"noResults": "No results found",
"hint": "↑↓ Navigate Enter Select Esc Close",
"groupNav": "Navigation",
"groupActions": "Quick Actions",
"groupRecent": "Recent Events",
"actionOpenTerminal": "Open Omni-Terminal",
"actionGoHome": "Go to Command Center",
"actionGoObservability": "Go to Observability",
"actionGoAutomation": "Go to Automation",
"actionGoOperations": "Go to Operations",
"actionGoSecurity": "Go to Security & Compliance",
"actionGoIwooos": "Go to IwoooS",
"actionGoKnowledge": "Go to Knowledge Hall",
"actionGoSettings": "Go to Settings",
"actionGoTerminal": "Go to Terminal",
"actionGoApprovals": "Go to Authorizations"
},
"aiopsTimeline": {
"title": "AIOps Full Timeline",
"subtitle": "Alert → Investigation → Decision → Execution → Verification → Learning",
"mockBadge": "MOCK MODE",
"stages": {
"alert": "Alert Triggered",
"diagnose": "Investigation",
"decide": "AI Decision",
"execute": "Auto Execute",
"verify": "Verification",
"learn": "Learning Update"
},
"status": {
"success": "Success",
"running": "Running",
"failed": "Failed",
"skipped": "Skipped",
"pending": "Pending"
},
"filters": {
"incident_id": "Incident ID",
"incident_id_placeholder": "Search incident ID...",
"time_range": "Time Range",
"status_filter": "Status Filter",
"incident_count": "{count} incidents",
"timeRange": {
"1h": "1H",
"6h": "6H",
"24h": "24H",
"7d": "7D"
},
"statusFilter": {
"all": "All",
"success": "Success",
"failed": "Failed",
"running": "Running"
}
},
"incident": {
"started_at": "Started At",
"resolved_at": "Resolved At",
"duration": "Duration",
"in_progress": "In Progress",
"severity": "Severity",
"stages_summary": "{success} success / {total} stages",
"expand_all": "Expand All",
"collapse_all": "Collapse All"
},
"stage": {
"toggle_details": "Toggle {stage} details"
},
"evidence": {
"dimensions": "8D Dimensions",
"anomalyCount": "{count}/{total} anomaly dimensions",
"noData": "N/A"
},
"stageDetails": {
"alert": {
"name": "Alert Name",
"rule": "Rule",
"value": "Current Value",
"labels": "Labels"
},
"diagnose": {
"investigator": "Investigator",
"tools_used": "MCP Tools",
"hypothesis": "Root Cause Hypothesis",
"evidence": "8D Evidence"
},
"decide": {
"engine": "Decision Engine",
"fusion": "Fusion Method",
"confidence": "Confidence",
"confidenceThreshold": "Threshold {value}%",
"auto_execute": "Auto Execute",
"auto_yes": "Yes",
"auto_no": "No (requires approval)",
"playbook": "Playbook",
"decision": "Decision Command",
"reasoning": "Reasoning",
"alternates": "Alternate Decisions"
},
"execute": {
"command": "Command",
"target": "Target",
"executor": "Executor",
"duration": "Duration",
"stdout": "Output",
"exit_code": "Exit Code"
},
"verify": {
"verifier": "Verifier",
"outcome": "Outcome",
"checks": "Checks",
"trust_delta": "Trust Delta",
"notes": "Notes"
},
"learn": {
"playbook": "Playbook",
"trust_update": "Trust Update",
"km_entry": "Knowledge Base Entry",
"summary": "Learning Summary"
}
},
"loading": "Loading timeline data...",
"empty": {
"title": "No incidents found",
"subtitle": "No AIOps incidents match the current filters"
},
"error": {
"title": "Failed to load data",
"retry": "Retry"
}
},
"governance": {
"title": "AI Governance",
"complianceBadge": {
"label": "AI Governance",
"loading": "Loading...",
"score": "Overall Compliance",
"target": "Target ≥ 95%"
},
"tabs": {
"slo": "SLO Dashboard",
"events": "Governance Events",
"queue": "AI Queue"
},
"comingSoon": "This tab is coming soon",
"slo": {
"kpi": {
"autonomy_rate": "Autonomy Rate",
"decision_accuracy": "Decision Accuracy",
"confidence_calibration": "Confidence Calibration",
"km_growth_rate": "KM Growth Rate",
"mcp_call_diversity": "MCP Call Diversity",
"auto_execute_success_rate": "Auto Execute Success",
"human_override_rate": "Human Override Rate",
"verifier_false_neg_rate": "Verifier False Negative",
"current": "Current",
"target": "Target",
"sparkline": "7-day trend",
"loading": "Loading...",
"error": "Failed to load",
"noData": "No data",
"sampleCount": "Samples {count}",
"window": "Window {window}",
"state": {
"ok": "OK",
"warning": "Below target",
"violated": "Hard red line",
"skipped_low_volume": "Low sample wait",
"no_data": "No data",
"error": "Query failed",
"partial": "Partially evaluable"
},
"reason": {
"none": "None",
"denominator_below_minimum_events": "Denominator events too low",
"prometheus_nan_or_inf": "Prometheus has no valid denominator yet",
"prometheus_empty_result_metric_not_emitted": "Prometheus has not returned the metric yet",
"unknown": "Reason pending"
}
},
"chart": {
"title": "30-day Violation Timeline",
"xAxisLabel": "Date",
"yAxisLabel": "Count",
"loading": "Loading chart...",
"error": "Chart failed to load",
"empty": "No violations in the last 30 days",
"tooltip": "Violations"
},
"compliance": {
"title": "Overall Compliance",
"target": "Target ≥ 95%"
},
"coverage": {
"title": "Verification Coverage",
"subtitle": "Auto-repair executions and verifier writeback in the last {window}",
"totalAuto": "Auto repairs",
"verifiedAuto": "Verified",
"unverifiedAuto": "Unverified",
"coverageRate": "Coverage",
"successRate": "Success verification",
"lastVerified": "Last verified execution",
"reasonLabel": "Reason",
"failureBreakdown": "Non-success Verification Classes",
"recentFindings": "Recent Non-success Verification",
"remediationQueue": "Remediation Work Queue",
"queueSummary": "Total {total}; AI-ready {ready}; human {human}",
"dryRunButton": "Dry run",
"dryRunLoading": "Running",
"dryRunResult": "{mode}; preview {result}; tools {tools}",
"dryRunHistoryRecorded": "History recorded",
"dryRunHistorySummary": "History {count}x; last {time}; {route}",
"dryRunBlocked": "Dry run blocked",
"dryRunError": "Dry run failed",
"state": {
"ok": "OK",
"warning": "Needs tracking",
"violated": "Hard red line",
"skipped_low_volume": "Waiting for samples",
"no_data": "No data",
"error": "Query failed"
},
"reason": {
"none": "None",
"no_auto_repair_executions_24h": "No auto-repair executions in the last 24h",
"verification_backlog_present": "Some auto repairs are missing verification results",
"non_success_verification_present": "degraded / failed / timeout verification exists",
"postgresql_query_error": "PostgreSQL query failed"
},
"failureClass": {
"unsupported_action_scheme": "PlayBook action misses supported executor",
"verifier_missing_promql": "Verifier missing PromQL query",
"verifier_target_missing_pod": "Verifier missing pod target",
"auto_repair_execution_failed": "Auto repair execution failed",
"verification_failed": "Verification failed",
"verification_timeout": "Verification timed out",
"verification_degraded": "Verification degraded",
"unknown": "Pending classification"
},
"nextStep": {
"normalize_playbook_executor": "Fix PlayBook executor",
"add_verifier_query_template": "Add verifier query template",
"map_verifier_target": "Map verifier target",
"review_auto_repair_execution": "Inspect auto repair record",
"escalate_verification_failure": "Escalate verification failure",
"review_degraded_verification": "Review degraded evidence"
},
"remediationStatus": {
"ready_for_replay": "Ready for replay",
"ready_for_reverify": "Ready to reverify",
"needs_target_mapping": "Needs target mapping",
"needs_playbook_ticket": "Needs ticket",
"manual_review": "Manual review",
"unknown": "Pending classification"
},
"remediationAction": {
"replay_with_supported_executor": "Replay with supported executor",
"reverify_with_promql_template": "Reverify with PromQL template",
"map_target_and_reverify": "Map target and reverify",
"create_playbook_ticket": "Create PlayBook ticket",
"escalate_verification_failure": "Escalate verification failure",
"inspect_degraded_evidence": "Inspect degraded evidence"
}
}
},
"events": {
"filter": {
"eventType": "Event Type",
"dateRange": "Date Range",
"status": "Status",
"severity": "Severity",
"clearAll": "Clear All",
"allStatuses": "All Statuses",
"resolved": "Resolved",
"unresolved": "Unresolved",
"allSeverities": "All Severities",
"critical": "Critical",
"warning": "Warning",
"info": "Info",
"placeholder": "Select event types...",
"from": "From",
"to": "To"
},
"column": {
"eventType": "Event Type",
"triggeredAt": "Triggered At",
"status": "Status",
"impact": "Impact Summary",
"actions": "Actions"
},
"detail": {
"rawData": "Raw Data",
"remediation": "Remediation",
"dispatch": "Dispatch Log",
"noRemediation": "No remediation available",
"noDispatch": "No dispatch records"
},
"eventType": {
"slo_breach": "SLO Breach",
"accuracy_drop": "Accuracy Drop",
"km_stall": "KM Stall",
"mcp_failure": "MCP Failure",
"trust_degradation": "Trust Degradation",
"unknown": "Unknown"
},
"status": {
"resolved": "Resolved",
"unresolved": "Unresolved"
},
"severity": {
"critical": "Critical",
"warning": "Warning",
"info": "Info"
},
"emptyState": "No governance events",
"emptyStateHint": "System is operating normally",
"errorState": "Failed to load events",
"retry": "Retry",
"page": "Page",
"of": "of",
"prevPage": "Previous",
"nextPage": "Next",
"perPage": "20 per page ·",
"expand": "Expand details",
"collapse": "Collapse details"
},
"queue": {
"status": {
"connected": "Live updates",
"disconnected": "Offline mode",
"connecting": "Connecting..."
},
"column": {
"eventType": "Event Type",
"createdAt": "Created At",
"proposedAction": "Proposed Action",
"playbookTrust": "Playbook Trust",
"dispatchStatus": "Status"
},
"action": {
"approve": "Approve",
"reject": "Reject",
"approveTitle": "Approve this action",
"rejectTitle": "Reject this action"
},
"history": {
"title": "History",
"succeeded": "Succeeded",
"failed": "Failed",
"empty": "No history records"
},
"emptyState": {
"noTable": "Dispatch table not yet built",
"noTableHint": "Track D dispatch table is initializing",
"noPending": "No pending items",
"noPendingHint": "AI system is operating normally"
},
"sse": {
"label": "Live Updates",
"connected": "Connected",
"disconnected": "Disconnected"
},
"pendingSection": "Pending",
"loading": "Loading queue...",
"error": "Failed to load queue",
"retry": "Retry"
}
},
"awooop": {
"home": {
"eyebrow": "AI Automation Control Plane",
"title": "AwoooP Governance Overview",
"subtitle": "Unifies tenants, contracts, runs, approvals, and channel state into one operator surface so the AI flywheel and governance plane do not drift apart.",
"refresh": "Refresh",
"snapshotStatus": "Snapshot Status",
"lastUpdated": "Last Updated",
"migrationMode": "Migration Mode",
"migrationValue": "mirror / shadow",
"ready": "In Sync",
"loading": "Loading",
"degraded": "Degraded",
"securityMirror": {
"title": "IwoooS Security Mirror",
"subtitle": "AwoooP home displays IwoooS / security mirror state as a read-only candidate so operators can understand security mesh progress and boundaries. This is not production_landing_enabled and does not connect an execution router.",
"badge": "Read-only candidate",
"openIwooos": "Open IwoooS",
"checkpointsTitle": "Intake Checks",
"boundaryLabel": "Safety Boundary",
"boundaryTitle": "Still in the low-friction framework phase",
"boundaryDetail": "This panel displays committed snapshot and guard semantics only. It does not call Kali, GitHub, Gitea, or runtime APIs, and it does not provide scan, execute, repair, deploy, primary switch, or refs actions.",
"metrics": {
"headline": {
"label": "Overall Security Mesh",
"detail": "The headline still waits for owner response, redacted ingestion, runtime gate, GitHub primary, or AwoooP production landing evidence."
},
"framework": {
"label": "Framework Maturity",
"detail": "Governance, docs, schemas, read-only evidence, and IwoooS projection are close to complete."
},
"runtime": {
"label": "Runtime Landing",
"detail": "Runtime ingestion, GitHub primary, and AwoooP production landing still require later evidence."
},
"activeGates": {
"label": "Active Runtime Gates",
"detail": "Currently 0; any host or blocking control still needs separate approval."
}
},
"checkpoints": {
"iwooosProjection": {
"title": "IwoooS projection is readable",
"detail": "AwoooP displays only IwoooS posture, progress, evidence refs, and forbidden actions."
},
"rollupGuard": {
"title": "Guard semantics match",
"detail": "Before handoff, keep security-mirror-progress-guard.py and source-control-owner-response-guard.py green."
},
"ownerResponse": {
"title": "Owner response still waiting",
"detail": "S4.9 through S4.12 received / accepted remain 0; display state is not completed validation."
},
"productionLanding": {
"title": "Production landing is not complete",
"detail": "AwoooP main line still needs deployment proof and read-only consumption evidence before headline review."
}
}
},
"githubPrimaryReadiness": {
"title": "GitHub Primary Readiness",
"subtitle": "AwoooP home mirrors the source-control readiness gap for moving from Gitea to GitHub. It is framework-phase visibility only: no repo creation, refs mutation, secret value collection, or primary switch.",
"badge": "Read-only summary",
"openIwooos": "Open IwoooS",
"readinessRefsTitle": "Readiness Evidence Refs",
"boundaryLabel": "GitHub Primary Boundary",
"boundaryTitle": "Primary switch is still blocked",
"boundaryDetail": "This summary only displays committed snapshots and owner response gaps. It is not GitHub primary approval, repo creation authorization, refs mutation, secret collection, Gitea disablement, or runtime execution.",
"metrics": {
"candidateRepos": {
"label": "Candidate Repos",
"detail": "S2.63 has identified 8 candidate repos. This does not authorize GitHub repo creation."
},
"inScopeRepos": {
"label": "In-scope Repos",
"detail": "7 repos are in the primary readiness scope and still wait for owner response."
},
"primaryReady": {
"label": "Primary Ready",
"detail": "The ready count remains 0; do not switch GitHub primary or disable Gitea."
},
"ownerResponses": {
"label": "Owner Responses",
"detail": "22 response templates remain 0 received / 0 accepted."
},
"workflowInventory": {
"label": "Workflow Inventory",
"detail": "Workflow / secret name inventory is still incomplete for 7 repos."
}
},
"readinessRefs": {
"primaryReadiness": "The GitHub primary readiness gate remains a candidate and must not trigger repo creation or visibility changes.",
"ownerValidation": "The owner response validation rollup shows all four response packets still waiting for human reply and acceptance.",
"rollbackAdr": "The rollback ADR has no owner-approved dry-run yet, so GitHub cannot become primary.",
"workflowInventory": "Workflow / secret name inventory collects names and routing only; it does not collect secret values or change GitHub secrets."
}
},
"ownerResponseValidation": {
"title": "Owner Response Validation Rollup",
"subtitle": "AwoooP home shows the S4.9-S4.12 owner response packets, intake, validation, and audit checks in one read-only board. received / accepted / rejected all remain 0, so this is not approval or execution authorization.",
"badge": "Read-only validation",
"openIwooos": "Open IwoooS",
"packetsTitle": "Four Waiting Response Packets",
"validationTitle": "Validation And Audit Checks",
"boundaryLabel": "Validation Boundary",
"boundaryTitle": "Still waiting for owner evidence",
"boundaryDetail": "This rollup only displays source_control_owner_response_validation_rollup_v1. It must not be treated as owner response received, owner response accepted, GitHub primary approval, repo / refs / workflow / secret authorization, or runtime execution.",
"fields": {
"templates": "Templates",
"received": "Received",
"accepted": "Accepted",
"rejected": "Rejected"
},
"metrics": {
"packets": {
"label": "Response Packets",
"detail": "S4.9-S4.12 are all still waiting for owner responses."
},
"templates": {
"label": "Response Templates",
"detail": "22 templates are questions for owners, not sent requests."
},
"received": {
"label": "Received",
"detail": "Still 0; visibility is not receipt completion."
},
"accepted": {
"label": "Accepted",
"detail": "Still 0; GitHub primary and runtime gates remain blocked."
},
"rejected": {
"label": "Rejected",
"detail": "Still 0; raw payload or secret values must be quarantined."
}
},
"packets": {
"giteaInventory": {
"title": "Gitea Inventory Owner Attestation",
"detail": "Collect public-only / local gap, org / user endpoint, 110 adjacent scope, canonical owner, and legacy disposition."
},
"githubTarget": {
"title": "GitHub Target Owner Decision",
"detail": "Confirm target, visibility, and canonical owner per repo; do not create repos or change visibility."
},
"refTruth": {
"title": "Refs Truth Owner Response",
"detail": "Confirm main / dev truth, deprecated drift, release tags, and GitHub-only refs; do not sync, delete, or force push refs."
},
"workflowSecret": {
"title": "Workflow / Secret Name Owner Response",
"detail": "Collect workflow, runner, deploy key, branch protection, secret names, and owner metadata only; never collect secret values."
}
},
"checks": {
"crossPacket": {
"label": "Cross-Packet Checks",
"detail": "10 cross-packet checks only validate consistency."
},
"evidenceRouting": {
"label": "Evidence Routing",
"detail": "6 routing rules only route to more evidence, quarantine, or read-only updates."
},
"displaySections": {
"label": "Display Sections",
"detail": "8 sections define AwoooP read-only display order."
},
"stateTransitions": {
"label": "State Transitions",
"detail": "7 rules define review semantics only; no execution."
},
"reviewerChecklist": {
"label": "Reviewer Checklist",
"detail": "9 checklist items guide human review."
},
"reviewerOutcomes": {
"label": "Reviewer Outcomes",
"detail": "7 lanes only route to more evidence, quarantine, rejection, or later gates."
}
}
},
"quality": {
"title": "Automation Quality",
"subtitle": "Whether recent alerts actually reached AI auto-repair, verification, and learning writeback in the last 24 hours.",
"claimReady": "Full Loop Claim Ready",
"claimBlocked": "Full Loop Claim Blocked",
"claimReadyDetail": "Every alert completed the verified loop",
"claimBlockedDetail": "Some alerts still lack execution, verification, or learning records",
"unavailable": "Unavailable",
"loadFailed": "Unable to load the automation quality summary. Check Operator permissions and the truth-chain API.",
"empty": "No alert quality data is available yet.",
"yes": "Yes",
"no": "No",
"metrics": {
"evaluated": "Evaluated Alerts",
"evaluatedDetail": "Same quality gate applied",
"verified": "Verified Auto-Repairs",
"verifiedDetail": "Requires auto-repair plus verification",
"averageScore": "Average Score",
"averageScoreDetail": "0 to 100 process completeness",
"claim": "Production Claim",
"claimReadyDetail": "Every alert completed the verified loop",
"claimBlockedDetail": "Some alerts still lack execution, verification, or learning records"
},
"scoreBuckets": "Score Buckets",
"scoreBucketsDetail": "{total} evaluated alerts",
"green": "Green",
"yellow": "Yellow",
"red": "Red",
"verdictTitle": "Verdict Distribution",
"gateFailureTitle": "Top Gaps",
"scoreRange": "min {min} / max {max} / avg {avg}",
"verdicts": {
"autoRepairedVerified": "Auto-Repaired and Verified",
"executionUnverified": "Executed but Unverified",
"executionFailed": "Execution Failed",
"manualRequiredNoAction": "Manual Required: NO_ACTION",
"approvalRequired": "Waiting for Approval",
"observedNotExecuted": "Observed but Not Executed",
"receivedOnly": "Received Only"
},
"gates": {
"sourcePersisted": "Source Persisted",
"outboundRecorded": "Outbound Recorded",
"evidenceCollected": "Evidence Collected",
"mcpGatewayObserved": "MCP Gateway",
"approvalState": "Approval State",
"executionRecorded": "Execution Recorded",
"autoRepairRecorded": "Auto-Repair Recorded",
"verificationRecorded": "Verification Recorded",
"learningRecorded": "Learning Writeback",
"timelineRecorded": "Timeline Recorded"
},
"gateStatuses": {
"failed": "Failed",
"missing": "Missing"
}
},
"metrics": {
"tenants": "Tenants",
"tenantsDetail": "{active} active, {shadow} in shadow",
"runs": "Operator Runs",
"runsDetail": "Run state is the single view into async work",
"approvals": "Pending Approvals",
"approvalsDetail": "Every high-risk action must stop at the human gate",
"contracts": "Contracts",
"contractsDetail": "Project / Agent / Policy contract publish state"
},
"disposition": {
"title": "Disposition Semantics",
"diagnosis": {
"title": "Read-only Diagnosis",
"signal": "AI collected evidence",
"owner": "Owner: AI summarizes, SRE judges",
"route": "Route: Run monitor / incident detail"
},
"approval": {
"title": "Human Gate",
"signal": "High-risk approval pending",
"owner": "Owner: SRE approve / reject",
"route": "Route: Approval queue"
},
"execute": {
"title": "Auto Execution",
"signal": "Low-risk closure path",
"owner": "Owner: MCP Gateway executes and audits",
"route": "Route: Run State / Audit"
},
"manual": {
"title": "Manual Escalation",
"signal": "AI cannot safely repair",
"owner": "Owner: war room takes over",
"route": "Route: AwoooI SRE war room"
}
},
"lanes": {
"title": "Flywheel Lanes",
"live": "Live",
"mirror": "Mirror",
"providerName": "Provider Order",
"providerDetail": "GCP-A Ollama -> GCP-B Ollama -> 111 Ollama -> OpenClaw/Nemo -> Gemini",
"mcpName": "MCP Gateway",
"mcpDetail": "MCP Gateway stays in mirror / wrap mode before audit and redaction are proven as the only execution gate",
"channelName": "Channel Hub",
"channelDetail": "Telegram / LINE / Slack enter Channel Event first, then message ownership moves gradually",
"approvalName": "Approval Plane",
"approvalDetail": "Run state and Approval plane share one approval meaning"
},
"next": {
"title": "Next Actions",
"item1": "Review run monitor and provider fallback",
"item2": "Handle pending high-risk approvals",
"item3": "Review contract lifecycle",
"item4": "Open the AwoooP work map"
}
},
"tenants": {
"securityTenantScopeCandidate": {
"title": "IwoooS Tenant Security Scope Read-only Candidate",
"subtitle": "Tenant management only displays the protection scope for the AWOOOI first tenant and the IwoooS security mirror. This is not a migration mode change and does not modify tenant policy.",
"badge": "Tenant scope",
"scopeRefsTitle": "Read-only scope refs",
"boundaryLabel": "Tenant Boundary",
"boundaryTitle": "No tenant settings are changeable here",
"boundaryDetail": "This panel does not change migration mode, modify tenant policy, write to the platform tenants API, call GitHub / Gitea / Kali, or add scan, execute, deploy, primary switch, or refs actions.",
"openIwooos": "Open IwoooS",
"metrics": {
"primaryTenant": "Primary Tenant",
"primaryTenantDetail": "AWOOOI is the first runtime tenant in AwoooP. This only displays scope and does not change settings.",
"securityEntry": "Security Entry",
"securityEntryDetail": "IwoooS remains the read-only Information Security entrypoint and posture mirror.",
"hostCoverage": "Host coverage",
"hostCoverageDetail": "Kali 112, Dev 168, and Dev 111 are in observe-only view.",
"policyMutations": "Tenant policy changes",
"policyMutationsDetail": "Currently 0. Do not change policy before owner response and a runtime gate."
},
"scopeRefs": {
"awoooiTenant": "Under the AwoooP platform identity, AWOOOI remains the first tenant / runtime host, not a synonym for the whole platform.",
"iwooosMirror": "IwoooS displays security mirror posture, progress, evidence refs, and forbidden actions.",
"hostCoverage": "The three named hosts are included only for security visibility and evidence readiness; no SSH, updates, credentialed scans, or blocking controls are performed.",
"ownerResponse": "S4.9-S4.12 owner response received / accepted remain 0. Tenant scope display is not approval."
}
},
"githubTenantReadinessScope": {
"title": "GitHub Primary Readiness Tenant Scope",
"subtitle": "Tenant management mirrors the source-control owner scope gap between the AWOOOI first tenant and the Gitea-to-GitHub path. This is not tenant policy, repo creation, or primary switch authorization.",
"badge": "Read-only scope",
"openIwooos": "Open IwoooS",
"scopeRefsTitle": "Owner Scope Refs",
"boundaryLabel": "Tenant / GitHub Boundary",
"boundaryTitle": "Tenant scope still waits for owner response",
"boundaryDetail": "This panel only displays the relation between tenant scope and source-control readiness. It does not change tenant migration mode, modify tenant policy, create GitHub repos, mutate refs, collect secret values, switch primary, or disable Gitea.",
"metrics": {
"candidateRepos": {
"label": "Candidate Repos",
"detail": "8 candidate repos are scope visibility only and do not authorize GitHub repo creation."
},
"inScopeRepos": {
"label": "In-scope Repos",
"detail": "7 repos still require owner scope decision and source-control response."
},
"ownerResponses": {
"label": "Owner Responses",
"detail": "22 response templates remain 0 received / 0 accepted."
},
"tenantScopeChanges": {
"label": "Tenant Scope Changes",
"detail": "Currently 0. Readiness display must not change tenant policy or migration mode."
}
},
"scopeRefs": {
"tenantSourceScope": "The AWOOOI first tenant only maps to source-control readiness scope; it does not mean the whole platform or GitHub primary is accepted.",
"giteaInventoryOwner": "S4.9 still waits for Gitea inventory owner attestation. Repo scope must not be filled as accepted before coverage is accepted.",
"githubTargetOwner": "S4.10 still waits for GitHub target owner decision. Do not create repos or change visibility before the target owner accepts.",
"workflowSecretOwner": "S4.12 only waits for workflow / secret name owner response. Secret values must not be collected and GitHub secrets must not be changed."
}
},
"ownerResponseValidationScope": {
"title": "Owner Response Validation Tenant Scope",
"subtitle": "Tenant management mirrors that the AWOOOI first tenant is still waiting for the S4.13 validation rollup and S4.9-S4.12 source response packets. This is not tenant policy, repo, refs, workflow / secret, or runtime authorization.",
"badge": "Read-only validation scope",
"openIwooos": "Open IwoooS",
"scopeRefsTitle": "Tenant Validation Refs",
"boundaryLabel": "Tenant Validation Boundary",
"boundaryTitle": "No tenant policy changes can be applied here",
"boundaryDetail": "This panel only displays four packets, 22 response templates, received / accepted / rejected still at 0, and the validation scope understandable by the AWOOOI first tenant. It does not modify tenant policy, create repos, mutate refs, modify workflows / secrets, collect secret values, switch primary, or open runtime gates.",
"metrics": {
"packets": "Response Packets",
"packetsDetail": "S4.9-S4.12 four packets still wait for owner response.",
"templates": "Response Templates",
"templatesDetail": "22 templates only describe future intake format. They do not mean sent, received, or accepted.",
"received": "Received",
"receivedDetail": "Still 0. Tenant scope visibility must not rewrite intake state.",
"accepted": "Accepted",
"acceptedDetail": "Still 0. It can change only after redacted evidence passes validation.",
"tenantPolicyChanges": "Tenant Policy Changes",
"tenantPolicyChangesDetail": "Still 0. Tenant policy and migration mode must not change before validation.",
"displaySections": "Display Sections",
"displaySectionsDetail": "8 display sections explain how tenants should understand validation flow and boundaries."
},
"scopeRefs": {
"validationRollup": {
"title": "S4.13 Validation Rollup",
"detail": "Fixes four packets, cross-packet validation, evidence routing, reviewer checklist, and result lanes without creating tenant policy changes."
},
"giteaAttestation": {
"title": "S4.9 Gitea Inventory Owner Attestation",
"detail": "5 templates still wait for owner response. The tenant can only see the next intake focus."
},
"githubTarget": {
"title": "S4.10 GitHub Target Owner Decision",
"detail": "7 target owner / visibility / standard responses remain unaccepted. Repos must not be created automatically."
},
"refsTruth": {
"title": "S4.11 Ref Truth Owner Response",
"detail": "5 truth decision groups still wait for redacted responses. Refs must not be synced, deleted, or force-pushed."
},
"workflowSecret": {
"title": "S4.12 Workflow / Secret Name Owner Response",
"detail": "5 name and redacted evidence groups still wait for response. Only name inventory is allowed, not secret values."
}
}
}
},
"runs": {
"securityRunStateCandidate": {
"title": "IwoooS Run State Read-only Candidate",
"subtitle": "Run Monitor only shows how the security mirror can be understood from the AwoooP Run view. This is not run_created and does not connect an execution router.",
"badge": "Run State candidate",
"runRefsTitle": "Read-only run refs",
"boundaryLabel": "Run Boundary",
"boundaryTitle": "No security Run is executable here",
"boundaryDetail": "This panel does not create a platform run, connect an execution router, call GitHub / Gitea / Kali, or add scan, execute, repair, deploy, primary switch, or refs actions.",
"openIwooos": "Open IwoooS",
"metrics": {
"visibility": "Run visibility",
"visibilityValue": "read-only",
"visibilityDetail": "Projects the security mirror into Run Monitor language only. It does not create a real runtime run.",
"runtimeRuns": "Security runs",
"runtimeRunsDetail": "Currently 0. S2.58 is display-candidate only and does not create a run record.",
"activeGates": "Active runtime gates",
"activeGatesDetail": "Still 0. Runtime gates need separate approval, rollback, and post-check evidence.",
"ownerResponse": "Owner accepted",
"ownerResponseDetail": "S4.9-S4.12 owner response accepted remains 0. Run display is not completed intake."
},
"runRefs": {
"mirrorRunState": "AwoooP Run Monitor can understand the security mirror, but only as a read-only candidate.",
"readOnlyDryRun": "If future dry-run evidence appears, it must still preserve read-only and human-gate semantics.",
"ownerResponse": "Owner response received / accepted remain 0, so any further Run movement waits for human intake.",
"activeGates": "Active runtime gates remain 0. Do not open gates or create action buttons from Run Monitor."
}
},
"githubRunReadinessBoundary": {
"title": "GitHub Primary Readiness Run Boundary",
"subtitle": "Run Monitor mirrors that GitHub primary readiness still cannot create a security run. This is not platform run, execution router, repo creation, or primary switch authorization.",
"badge": "Run boundary",
"openIwooos": "Open IwoooS",
"runRefsTitle": "GitHub Readiness Run Refs",
"boundaryLabel": "GitHub / Run Boundary",
"boundaryTitle": "No GitHub primary run is executable",
"boundaryDetail": "This panel only projects source-control readiness into Run Monitor language. It does not create platform runs, connect an execution router, create GitHub repos, mutate refs, change workflows / secrets, collect secret values, switch primary, or disable Gitea.",
"metrics": {
"candidateRepos": {
"label": "Candidate Repos",
"detail": "8 candidate repos are readiness visibility only and do not create GitHub repo creation runs."
},
"inScopeRepos": {
"label": "In-scope Repos",
"detail": "7 repos still wait for owner response. Run Monitor must not open tasks for them."
},
"securityRuns": {
"label": "GitHub Security Runs",
"detail": "Currently 0. Readiness visibility is not platform run creation."
},
"ownerResponses": {
"label": "Owner Responses",
"detail": "22 response templates remain 0 received / 0 accepted."
},
"workflowInventory": {
"label": "Workflow Inventory",
"detail": "Workflow / secret name inventory is still incomplete for 7 repos."
}
},
"runRefs": {
"primaryReadiness": "The primary readiness gate still reports ready=0 and cannot become a GitHub primary run.",
"ownerValidation": "The owner response validation rollup is still 0/22 and must not be autofilled as accepted by Run Monitor.",
"workflowInventory": "Workflow / secret name inventory only collects names and routing. It does not collect secret values or modify GitHub secrets.",
"rollbackAdr": "The rollback ADR has no owner-approved dry-run, so no primary switch run can start."
}
},
"ownerResponseValidationRunBoundary": {
"title": "Owner Response Validation Run Boundary",
"subtitle": "Run Monitor mirrors that the S4.13 validation rollup and S4.9-S4.12 four source response packets are read-only. This is not platform run, execution router, approval record, repo, refs, workflow / secret, or runtime authorization.",
"badge": "Read-only run boundary",
"openIwooos": "Open IwoooS",
"runRefsTitle": "Run Validation Refs",
"boundaryLabel": "Validation / Run Boundary",
"boundaryTitle": "No owner response validation run is executable",
"boundaryDetail": "This panel only displays four packets, 22 response templates, received / accepted / rejected still at 0, and the validation boundary understandable by Run Monitor. It does not create platform runs, connect an execution router, create approval records, create repos, mutate refs, modify workflows / secrets, collect secret values, switch primary, or open runtime gates.",
"metrics": {
"packets": "Response Packets",
"packetsDetail": "S4.9-S4.12 four packets still wait for owner response.",
"templates": "Response Templates",
"templatesDetail": "22 templates only describe future intake format. They do not mean sent, received, or accepted.",
"received": "Received",
"receivedDetail": "Still 0. Run Monitor visibility must not rewrite intake state.",
"accepted": "Accepted",
"acceptedDetail": "Still 0. It can change only after redacted evidence passes validation.",
"securityRuns": "Security Runs",
"securityRunsDetail": "Still 0. Validation boundary visibility is not platform run creation.",
"displaySections": "Display Sections",
"displaySectionsDetail": "8 display sections explain how Run Monitor should understand validation flow and boundaries."
},
"runRefs": {
"validationRollup": {
"title": "S4.13 Validation Rollup",
"detail": "Fixes four packets, cross-packet validation, evidence routing, reviewer checklist, and result lanes without creating platform runs."
},
"giteaAttestation": {
"title": "S4.9 Gitea Inventory Owner Attestation",
"detail": "5 templates still wait for owner response. Run Monitor can only see the next intake focus."
},
"githubTarget": {
"title": "S4.10 GitHub Target Owner Decision",
"detail": "7 target owner / visibility / standard responses remain unaccepted. Repos or run records must not be created automatically."
},
"refsTruth": {
"title": "S4.11 Ref Truth Owner Response",
"detail": "5 truth decision groups still wait for redacted responses. Refs must not be synced, deleted, or force-pushed."
},
"workflowSecret": {
"title": "S4.12 Workflow / Secret Name Owner Response",
"detail": "5 name and redacted evidence groups still wait for response. Only name inventory is allowed, not secret values."
}
}
}
},
"contracts": {
"securityContractCandidate": {
"title": "IwoooS Security Contract Read-only Candidate",
"subtitle": "The contract dashboard only shows the schema, snapshot, and guard semantics that IwoooS / security mirror currently depends on. This is not contract publishing and does not trigger a runtime gate.",
"badge": "Contract candidate",
"contractRefsTitle": "Read-only contract refs",
"boundaryLabel": "Contract Boundary",
"boundaryTitle": "No security contract is publishable here",
"boundaryDetail": "This panel does not publish contract revisions, change contract lifecycle, write to the platform contracts API, call GitHub / Gitea / Kali, or add scan, execute, deploy, primary switch, or refs actions.",
"openIwooos": "Open IwoooS",
"metrics": {
"totalContracts": "Total contracts",
"totalContractsDetail": "Security mirror currently rolls up 36 primary contracts.",
"readyForMirror": "Ready for mirror",
"readyForMirrorDetail": "33 ready, 2 partial, 1 contract-only, and 0 blocked.",
"partialReady": "Partial",
"partialReadyDetail": "Remaining gaps are owner response, payload ingestion, and source-control owner evidence.",
"activeRuntimeGates": "Active runtime gates",
"activeRuntimeGatesDetail": "Still 0; contract visibility is not runtime enforcement."
},
"contractRefs": {
"statusRollup": "The shared state entrypoint for AwoooP and the Security Session; it only rolls up progress and safe gates.",
"postureProjection": "The projection contract for IwoooS posture, host coverage, owner response focus, and forbidden actions.",
"ownerValidation": "The S4.9-S4.12 owner response received / accepted separation and reviewer check semantics.",
"rolloutPolicy": "The low-friction, observe-first rollout policy with owner review before blocking."
}
},
"githubPrimaryReadinessCandidate": {
"title": "GitHub Primary Readiness Contract Read-only Candidate",
"subtitle": "The contract dashboard mirrors the Gitea-to-GitHub readiness contract refs, owner-response gaps, and non-execution boundaries. This is not repo creation, refs mutation, secret collection, or primary-switch authorization.",
"badge": "GitHub readiness",
"contractRefsTitle": "Primary readiness contract refs",
"boundaryLabel": "Source-control Boundary",
"boundaryTitle": "No GitHub primary is switchable here",
"boundaryDetail": "This panel only displays candidate repos, in-scope repos, primary-ready state, owner responses, and workflow / secret-name inventory gaps. It does not create GitHub repos, change visibility, sync / delete / force-push refs, collect secret values, switch primary, disable Gitea, or trigger runtime gates.",
"openIwooos": "Open IwoooS",
"metrics": {
"candidateRepos": "Candidate repos",
"candidateReposDetail": "S4.0 currently tracks 8 GitHub primary readiness candidates.",
"inScopeRepos": "In-scope",
"inScopeReposDetail": "7 still need owner / visibility / canonical / rollback evidence.",
"primaryReady": "Primary ready",
"primaryReadyDetail": "Still 0; visible readiness is not primary cutover approval.",
"ownerResponses": "Owner response",
"ownerResponsesDetail": "The 22 S4.9-S4.12 response templates remain 0 received / accepted.",
"workflowInventory": "Workflow inventory",
"workflowInventoryDetail": "Workflow / secret-name inventory remains incomplete for the 7 in-scope repos."
},
"contractRefs": {
"primaryReadiness": "The main readiness gate for GitHub primary parity, owner, refs, workflow, and rollback prerequisites.",
"ownerValidation": "Received / accepted / rejected separation plus reviewer checks for the four owner-response packets.",
"rollbackAdr": "Rollback ADR drafts, owner review, and validation windows for the 7 in-scope repos.",
"workflowInventory": "Workflow, runner, deploy-key, branch-protection, CODEOWNERS, and secret-name inventory; names only, never values.",
"postureProjection": "The IwoooS frontend projection for the GitHub readiness board and forbidden actions."
}
},
"ownerResponseValidationCandidate": {
"title": "Owner Response Validation Contract Read-only Candidate",
"subtitle": "The contract dashboard mirrors the S4.13 owner response validation rollup and four source intake packets. This is not received owner response, an approval record, repo / refs / workflow action, or runtime authorization.",
"badge": "Validation candidate",
"contractRefsTitle": "Owner response validation contract refs",
"boundaryLabel": "Validation Boundary",
"boundaryTitle": "No validation result is publishable or executable here",
"boundaryDetail": "This panel only displays the four packets, 22 response templates, received / accepted / rejected counters at 0, and AwoooP display sections. It does not create approval records, create repos, mutate refs, modify workflows / secrets, collect secret values, switch primary, or open runtime gates.",
"openIwooos": "Open IwoooS",
"metrics": {
"packets": "Packets",
"packetsDetail": "The S4.9-S4.12 packets are still waiting for owner response.",
"templates": "Templates",
"templatesDetail": "22 templates only define intake shape; they are not sent or accepted responses.",
"received": "Received",
"receivedDetail": "Still 0; visible work items or contracts must not rewrite intake state.",
"accepted": "Accepted",
"acceptedDetail": "Still 0; only redacted evidence that passes validation can change this.",
"displaySections": "Display sections",
"displaySectionsDetail": "8 AwoooP display sections explain validation flow and boundaries only."
},
"contractRefs": {
"validationRollup": "The S4.13 four-packet validation rollup that keeps received / accepted / rejected and reviewer checks separate.",
"giteaAttestation": "The S4.9 Gitea inventory owner attestation packet; five templates are still not received.",
"githubTarget": "The S4.10 GitHub target owner decision packet; seven templates are still not accepted.",
"refsTruth": "The S4.11 refs truth owner response packet; classification must not become refs action authorization.",
"workflowSecret": "The S4.12 workflow / secret-name owner response packet; names and redacted evidence only, never secret values."
}
}
},
"approvals": {
"securityOwnerResponseGate": {
"title": "IwoooS Owner Response Read-only Review Focus",
"subtitle": "The AwoooP approval queue only shows the next human intake focus for S4.9-S4.12 owner response. This is not an approval record and does not open a runtime gate.",
"badge": "Read-only focus",
"ownerChecksTitle": "Owner response intake order",
"boundaryLabel": "Approval Boundary",
"boundaryTitle": "There is still nothing to approve here",
"boundaryDetail": "This panel does not send requests, mark received / accepted, create approval records, call GitHub / Gitea / Kali, or add approve, execute, deploy, primary switch, or refs actions.",
"openIwooos": "Open IwoooS",
"metrics": {
"received": "Received",
"receivedDetail": "S4.9-S4.12 owner response received remains 0.",
"accepted": "Accepted",
"acceptedDetail": "No acceptable redacted owner evidence has been received.",
"activeRuntimeGates": "Active runtime gates",
"activeRuntimeGatesDetail": "Any runtime gate still needs separate approval plus rollback and post-check evidence.",
"headline": "Overall Security Mesh",
"headlineDetail": "58% is only reviewed when owner response, runtime gate, GitHub primary, or production landing evidence changes."
},
"checks": {
"s49OwnerAttestation": {
"title": "S4.9 Gitea owner attestation",
"detail": "Recommended first intake; needs public-only / local gap, org / user endpoint, 110 adjacent source, canonical owner, and legacy disposition answers."
},
"s410GithubTarget": {
"title": "S4.10 GitHub target owner",
"detail": "After S4.9, collect owner / visibility / canonical decisions for the seven GitHub targets."
},
"s411RefsTruth": {
"title": "S4.11 refs truth owner response",
"detail": "Wait for redacted owner decisions on main / dev truth, deprecated drift, release tags, and GitHub-only refs."
},
"s412WorkflowSecret": {
"title": "S4.12 workflow / secret names",
"detail": "Wait for redacted owner decisions on webhooks, runners, deploy keys, branch protection / CODEOWNERS, and secret name parity."
}
}
},
"githubPrimaryReadinessGate": {
"title": "GitHub Primary Readiness Approval Boundary",
"subtitle": "The approval queue only displays the owner-response gaps that block GitHub primary readiness. This is not GitHub primary approval and does not create repos, mutate refs, collect secret values, or disable Gitea.",
"badge": "Read-only approval boundary",
"responseLanesTitle": "Owner response lanes",
"boundaryLabel": "GitHub Primary Boundary",
"boundaryTitle": "No primary switch is approvable here",
"boundaryDetail": "This panel only brings the S4.9-S4.12 intake order into the approvals surface. All responses remain received=0 / accepted=0, with no approval record, no GitHub primary switch, no Gitea primary change, and no runtime gate.",
"openIwooos": "Open IwoooS",
"metrics": {
"giteaOwner": "Gitea owner",
"giteaOwnerDetail": "The five S4.9 owner attestation items are still not received / accepted.",
"githubTargetOwner": "GitHub target owner",
"githubTargetOwnerDetail": "The seven S4.10 target owner / visibility / canonical responses are still not accepted.",
"refsTruth": "Refs truth",
"refsTruthDetail": "The five S4.11 refs truth owner responses are still not accepted.",
"workflowSecretNames": "Workflow / secret names",
"workflowSecretNamesDetail": "The five S4.12 workflow / secret-name owner responses are still not accepted.",
"primaryReady": "Primary ready",
"primaryReadyDetail": "Still 0; approvals visibility is not primary cutover approval."
},
"responseLanes": {
"giteaOwnerAttestation": {
"title": "Gitea inventory owner attestation",
"detail": "First confirm public-only / local gap, org / user endpoint, 110 adjacent source, canonical owner, and legacy disposition."
},
"githubTargetOwner": {
"title": "GitHub target owner decision",
"detail": "Then confirm owner, visibility, and canonical target for the seven in-scope targets without creating repos automatically."
},
"refsTruthOwner": {
"title": "Refs truth owner response",
"detail": "Next confirm main / dev truth, deprecated drift, release tags, and GitHub-only refs without syncing, deleting, or force-pushing refs."
},
"workflowSecretOwner": {
"title": "Workflow / secret-name owner response",
"detail": "Finally confirm workflow, runner, deploy key, branch protection, CODEOWNERS, and secret names. Collect names only, never values."
}
}
},
"ownerResponseValidationBoundary": {
"title": "Owner Response Validation Read-only Review Boundary",
"subtitle": "The approval queue mirrors the S4.13 validation rollup and the S4.9-S4.12 source intake packets. This is not received response, accepted response, an approval record, repo action, refs action, workflow / secret action, or runtime authorization.",
"badge": "Read-only validation boundary",
"reviewRefsTitle": "Validation and source intake refs",
"boundaryLabel": "Non-approvable boundary",
"boundaryTitle": "No approval record can be created here",
"boundaryDetail": "This panel only displays four packets, 22 response templates, received / accepted / rejected all still 0, and 8 display sections. It does not create approval records, create repos, mutate refs, change workflows / secrets, collect secret values, switch primary, or open runtime gates.",
"openIwooos": "Open IwoooS",
"metrics": {
"packets": "Response packets",
"packetsDetail": "S4.9-S4.12 all still wait for owner response.",
"templates": "Response templates",
"templatesDetail": "The 22 templates are future intake formats only, not sent, received, or accepted responses.",
"received": "Received",
"receivedDetail": "Still 0. Approval queue visibility must not rewrite intake state.",
"accepted": "Accepted",
"acceptedDetail": "Still 0. Only validated redacted evidence can change this.",
"rejected": "Rejected",
"rejectedDetail": "Still 0. Rejection outcomes cannot exist before human validation.",
"displaySections": "Display sections",
"displaySectionsDetail": "The 8 display sections explain validation flow, evidence routing, and boundaries only."
},
"reviewRefs": {
"validationRollup": {
"title": "S4.13 validation rollup",
"detail": "Locks packet separation, cross-packet validation, evidence routing, reviewer checklist, and outcome lanes without creating approval records.",
"contract": "source_control_owner_response_validation_rollup_v1"
},
"giteaAttestation": {
"title": "S4.9 Gitea inventory owner attestation",
"detail": "Five templates still wait for owner response; this can only display the next intake focus.",
"contract": "gitea_inventory_owner_attestation_response_v1"
},
"githubTarget": {
"title": "S4.10 GitHub target owner decision",
"detail": "Seven target owner / visibility / canonical responses are not accepted and must not create repos automatically.",
"contract": "github_target_owner_decision_response_v1"
},
"refsTruth": {
"title": "S4.11 refs truth owner response",
"detail": "Five truth lanes still wait for redacted response and must not sync, delete, or force-push refs.",
"contract": "source_control_ref_truth_owner_response_v1"
},
"workflowSecret": {
"title": "S4.12 workflow / secret-name owner response",
"detail": "Five name and redacted-evidence lanes still wait for response. Names only, never secret values.",
"contract": "source_control_workflow_secret_name_owner_response_v1"
}
}
}
},
"workItems": {
"title": "Work Chain",
"subtitle": "{count} control points synced from production truth-chain and governance data",
"refresh": "Refresh",
"lastUpdated": "Last updated {time}",
"tableLabel": "AwoooP work chain",
"open": "Open",
"summary": {
"live": "Completed",
"inProgress": "In Progress",
"watching": "Watching",
"blocked": "Blocked"
},
"status": {
"live": "Completed",
"in_progress": "In Progress",
"blocked": "Blocked",
"watching": "Watching"
},
"columns": {
"phase": "Phase",
"work": "Work Item",
"status": "Status",
"surface": "Frontend Surface",
"source": "Data Source",
"evidence": "Production Evidence",
"gate": "Completion Gate",
"link": "Link"
},
"surfaces": {
"runs": "Run Monitor / Run Detail",
"governance": "Governance Events / SLO",
"workItems": "Work Chain",
"iwooos": "IwoooS / Security Mirror"
},
"items": {
"sourceDossier": {
"title": "Source event dossier and truth-chain mirror"
},
"autoRepair": {
"title": "Low-risk Alertmanager auto-repair loop"
},
"remediationQueue": {
"title": "Non-success verification remediation queue"
},
"telegramCallbacks": {
"title": "Telegram detail / history as DB truth-first"
},
"governanceDispatch": {
"title": "Governance alert dispatch and dedupe"
},
"frontendConsole": {
"title": "AwoooP Operator Console productization"
},
"iwooosSecurityMirror": {
"title": "IwoooS security mirror read-only work item"
},
"githubPrimaryReadiness": {
"title": "GitHub Primary Readiness read-only work item"
},
"ownerResponseValidation": {
"title": "Owner response validation read-only work item"
},
"mcpGateway": {
"title": "MCP Gateway usage evidence overview"
},
"timelineContract": {
"title": "Timeline / KM / PlayBook writeback consistency"
}
},
"gates": {
"sourceDossier": "Inbound alerts must show received / incident_linked / source refs",
"autoRepair": "Requires auto_repair, verification_result=success, and KM writeback",
"remediationQueue": "Every degraded / failed / timeout row must map to replay, reverify, ticket, or manual review",
"telegramCallbacks": "Detail and history buttons cannot depend only on Redis TTL or stale snapshots",
"governanceDispatch": "Governance alerts must enter dispatch and expose skipped / pending / repaired",
"frontendConsole": "Completed and in-progress work must be trackable from the frontend",
"iwooosSecurityMirror": "Track security mesh progress and boundaries as read-only only; do not create scan, execute, repair, deploy, primary switch, or runtime gate actions",
"githubPrimaryReadiness": "Track the Gitea-to-GitHub readiness gap as read-only only; do not create repos, change visibility, sync refs, collect secret values, switch primary, or disable Gitea",
"ownerResponseValidation": "Track the four owner response validation packets as read-only only; do not treat the work item as received, accepted, an approval record, a primary switch, or a runtime gate",
"mcpGateway": "MCP usage must show agent, tool, scope, and blocked reason",
"timelineContract": "Incident, Approval, Evidence, KM, and Timeline must not contradict each other"
},
"evidence": {
"channelEvents": "Recent Alertmanager channel events: {count}",
"autoRepair": "Verified auto-repairs: {verified}/{evaluated}",
"remediationQueue": "Remediation work: {total}; AI-ready: {ready}; human: {human}",
"telegramCallbacks": "Telegram callback lookup and history summary are being repaired",
"governance": "Unresolved governance alerts: {unresolved}; pending dispatch: {queued}",
"governanceUnavailable": "Governance events API is not responding; pending dispatch: {queued}",
"governanceQueueMissing": "Governance dispatch table is not ready; unresolved governance alerts: {unresolved}",
"frontendConsole": "This page now reads production APIs instead of a static list",
"iwooosSecurityMirror": "Overall {headline}; framework {framework}; landing {runtime}; active runtime gates={gates}",
"iwooosSecurityMirrorOwner": "Owner response is still waiting; production_landing_enabled=false",
"iwooosSecurityMirrorBoundary": "execution_router_linked=false; runtime_execution_authorized=false; action_buttons_allowed=false",
"githubPrimaryReadiness": "Candidate repos={candidates}; in-scope={inScope}; primary ready={ready}",
"githubPrimaryOwnerResponses": "Owner response remains 0/22; request-ready is not accepted",
"githubPrimaryWorkflowNames": "Workflow / secret-name inventory complete=0/7; collect names only, never secret values",
"githubPrimaryBoundary": "repo_creation=false; refs_mutation=false; github_primary_switch=false; disable_gitea=false",
"ownerResponseValidation": "Packets={packets}; templates={templates}; received={received}; accepted={accepted}; rejected={rejected}",
"ownerResponseValidationChecks": "Cross-packet checks={crossPacket}; evidence routing={routing}; display sections={sections}",
"ownerResponseValidationBoundary": "No approval record, no primary switch, and no runtime gate",
"mcpReady": "MCP Gateway gate is not currently a top gap",
"mcpMissing": "Quality summary still reports an MCP Gateway observation gap",
"remediationHistory": "Dry-run history: {count}x; latest {preview}",
"remediationHistoryEmpty": "No remediation dry-run history yet",
"remediationRoute": "MCP: {route}",
"remediationWrites": "Writes: incident={incident}; autoRepair={autoRepair}",
"timelineReady": "Timeline gate is not currently a top gap",
"timelineMissing": "Quality summary still reports a Timeline / audit gap"
}
},
"listEvidence": {
"column": "AI Evidence",
"count": "{count} dry-runs",
"route": "MCP: {route}",
"emptyShort": "No remediation dry-run linked",
"manualGate": "Next: human approval",
"filters": {
"label": "AI evidence filter",
"all": "All AI evidence",
"incidentLabel": "Incident ID filter",
"incidentPlaceholder": "Enter Incident ID"
},
"incident": {
"column": "Incident",
"empty": "Not linked",
"filterTitle": "Show only {incidentId}",
"more": "+{count} more"
},
"statuses": {
"noEvidence": "No dry-run yet",
"readOnlyDryRun": "AI dry-run: read-only",
"writeObserved": "Write flag observed",
"blocked": "Dry-run blocked",
"observed": "Evidence linked"
},
"details": {
"noEvidence": "This row is not linked to ADR-100 remediation dry-run records in alert_operation_log yet.",
"readOnlyDryRun": "AI has run the remediation dry-run and the latest record did not write incident or auto-repair state.",
"writeObserved": "The latest remediation record contains write flags; verify the state-change source before approval.",
"blocked": "The remediation dry-run failed or was blocked by a gate; human review is required.",
"observed": "This row is linked to remediation history; open Run Timeline for the full evidence."
},
"summary": {
"readOnly": "Read-only dry-run",
"readOnlyDetail": "Latest evidence shows AI trialed the action without writing state",
"manualGate": "Human gate",
"manualGateDetail": "AI is stopped at the approval gate and needs approve / reject",
"writeObserved": "Write flags",
"writeObservedDetail": "Verify whether this is the expected auto-repair result",
"noEvidence": "Missing evidence",
"noEvidenceDetail": "The list row is not linked to ADR-100 dry-run history yet",
"approvalReadOnlyDetail": "Read-only remediation evidence is visible before approval",
"approvalNoEvidenceDetail": "Approval still lacks remediation dry-run evidence; inspect Run Timeline"
}
},
"incidentEvidence": {
"title": "Incident Evidence",
"subtitle": "Telegram, Run, Approval, and Work Item share the same remediation evidence",
"empty": "--",
"incidentLabel": "Incident",
"notLinked": "No Incident linked",
"filterTitle": "Show only {incidentId}",
"more": "+{count} more",
"dryRuns": "Dry-run",
"route": "MCP Route",
"writes": "Write flags",
"writeFlags": "incident={incident} / autoRepair={autoRepair}",
"runLink": "Run Timeline"
},
"runDetail": {
"back": "Back to Run Monitor",
"title": "Run Disposition Timeline",
"refresh": "Refresh",
"empty": "--",
"durationSeconds": "{seconds}s",
"errors": {
"title": "Failed to load run details",
"loadFailed": "Load failed"
},
"stats": {
"state": "Current State",
"timeline": "Timeline",
"mcpSteps": "MCP / Steps",
"duration": "Duration"
},
"summary": {
"title": "Run Summary",
"project": "Project",
"agent": "Agent",
"traceId": "Trace ID",
"trigger": "Trigger",
"triggerRef": "Trigger Ref",
"cost": "Cost",
"attempts": "Attempts",
"created": "Created",
"completed": "Completed",
"error": "Error"
},
"timeline": {
"title": "Disposition Timeline",
"lastUpdated": "Last updated {time}",
"count": "{count} items",
"empty": "No timeline records yet."
},
"gateway": {
"title": "MCP Gateway",
"emptyState": "No records",
"agent": "Agent",
"tool": "Tool",
"scope": "Scope",
"blockers": "Blockers",
"metrics": {
"firstClass": "First-class",
"policy": "Policy enforced",
"approvalExecutor": "Approval executor",
"legacyBridge": "Legacy bridge"
}
},
"remediation": {
"title": "Remediation Dry-run Evidence",
"empty": "This run is not linked to ADR-100 remediation dry-run history yet.",
"latest": "Latest dry-run",
"route": "MCP Route",
"preview": "Mode {mode}; preview {preview}",
"writes": "Writes: incident={incident}; autoRepair={autoRepair}",
"status": {
"linked": "Linked to remediation history",
"empty": "No remediation history"
},
"metrics": {
"incidents": "Incident",
"dryRuns": "Dry-run",
"tools": "Tools",
"writes": "Write flags"
}
},
"dossier": {
"title": "Source Event Dossier",
"empty": "This run is not linked to replayable inbound source events yet.",
"content": "Redacted Content",
"sourceRefs": "Source References",
"duplicate": "Duplicate",
"firstSeen": "First seen",
"status": {
"visible": "Recorded in truth-chain",
"empty": "No source"
},
"metrics": {
"sources": "Sources",
"refs": "References",
"redacted": "Redacted",
"duplicates": "Duplicates"
},
"fields": {
"stage": "Stage",
"severity": "Risk",
"namespace": "Namespace",
"target": "Target",
"hash": "Hash"
},
"refs": {
"alertIds": "Alert",
"approvalIds": "Approval",
"eventIds": "Event",
"fingerprints": "Fingerprint",
"incidentIds": "Incident",
"sentryIssueIds": "Sentry",
"signozAlerts": "SignOz"
}
},
"action": {
"eyebrow": "Next Decision",
"approval": {
"title": "Waiting for human approval",
"detail": "AI is stopped at the human gate and has not resumed. Approve or reject from the approval page; every decision is written back to Run state and audit.",
"primary": "Open approval decision"
},
"manual": {
"title": "Manual handoff required",
"detail": "AI cannot safely close the loop, or execution has failed / timed out. Return to Run Monitor to compare same-project work and hand off to the SRE war room when needed.",
"primary": "Back to Run Monitor"
},
"completed": {
"title": "Completed, ready for audit review",
"detail": "The run has converged. Use the timeline to verify MCP calls, outbound messages, and cost records before writing back to KM / Playbook.",
"primary": "Back to Run Monitor"
},
"running": {
"title": "AI is processing",
"detail": "The run is still active and this page refreshes periodically. If it stays running for too long, check heartbeat, MCP latency, and worker state.",
"primary": "Back to Run Monitor"
},
"observe": {
"title": "Observing",
"detail": "The run has not reached a human gate or terminal state. Follow the timeline to verify inbound events, tool calls, and outbound messages.",
"primary": "Back to Run Monitor"
},
"evidence": {
"inbound": "Inbound",
"outbound": "Outbound",
"mcp": "MCP Calls",
"steps": "Steps"
}
},
"ownerResponseValidationDetailBoundary": {
"title": "Owner Response Validation Detail Boundary",
"subtitle": "The single-run detail view mirrors the S4.13 validation rollup and S4.9-S4.12 response packets as read-only state; this is not approval, remediation, MCP execution, repo, refs, workflow / secret, or runtime authorization for this Run.",
"badge": "Read-only detail boundary",
"openIwooos": "Open IwoooS",
"detailRefsTitle": "Detail validation references",
"boundaryLabel": "Validation / detail boundary",
"boundaryTitle": "No owner-response validation detail action can run yet",
"boundaryDetail": "This section only explains how this Run detail understands the four packets, 22 response templates, received / accepted / rejected still at 0, and the gap between validation context and the execution timeline. It does not create approval records, start MCP or remediation, create platform runs, link the execution router, create repos, change refs, modify workflow / secrets, collect secret values, switch the primary source, or open a runtime gate.",
"metrics": {
"packets": {
"label": "Response packets",
"detail": "S4.9-S4.12 remain waiting for owner responses."
},
"templates": {
"label": "Response templates",
"detail": "22 templates are future intake formats, not responses received by this Run."
},
"received": {
"label": "Received",
"detail": "Still 0; the detail page must not turn visibility into intake state."
},
"accepted": {
"label": "Accepted",
"detail": "Still 0; this can only change after redacted evidence passes validation."
},
"validationRuns": {
"label": "Validation runs",
"detail": "Still 0; this detail card does not create a platform run."
},
"displaySections": {
"label": "Display sections",
"detail": "8 sections only explain validation flow and the detail boundary."
}
},
"detailRefs": {
"validationRollup": {
"title": "S4.13 Validation Rollup",
"detail": "Pins the four packets, cross-packet validation, evidence routing, review checklist, and result lanes, but does not create approval or remediation execution for this Run."
},
"giteaAttestation": {
"title": "S4.9 Gitea Inventory Owner Attestation",
"detail": "5 templates still wait for owner response; the detail page can only mark the next intake focus."
},
"githubTarget": {
"title": "S4.10 GitHub Target Owner Decision",
"detail": "7 target owner / visibility / standard responses remain unaccepted; repos or execution records must not be created automatically."
},
"refsTruth": {
"title": "S4.11 Refs Truth Owner Response",
"detail": "5 truth categories still wait for redacted responses; refs must not be synced, deleted, or force-pushed."
},
"workflowSecret": {
"title": "S4.12 Workflow / Secret Name Owner Response",
"detail": "5 name and redacted-evidence categories still wait for responses; only name inventories are allowed, never raw secret values."
}
}
},
"statuses": {
"blocked": "Blocked",
"cancelled": "Cancelled",
"completed": "Completed",
"error": "Error",
"failed": "Failed",
"pending": "Pending",
"received": "Received",
"running": "Running",
"sent": "Sent",
"shadow": "Shadow",
"success": "Success",
"timeout": "Timed out",
"warning": "Warning",
"waitingApproval": "Waiting approval"
}
},
"approvalDecision": {
"back": "Back to Approval Queue",
"viewTimeline": "View Run Timeline",
"eyebrow": "Human Approval Gate",
"title": "Approval Decision",
"timeout": "Approval Deadline",
"empty": "--",
"errors": {
"title": "Failed to load run data",
"loadFailed": "Load failed",
"missingProject": "Missing project_id; cannot submit approval decision",
"actionFailed": "Action failed"
},
"success": {
"approve": "Run approved. Returning to Timeline",
"reject": "Run rejected. Returning to Timeline"
},
"notWaiting": {
"title": "This run is not waiting for human approval",
"detail": "Current state is {state}. This page will not show approve / reject; return to Run Timeline for the latest state."
},
"remediation": {
"title": "Remediation Dry-run Evidence",
"empty": "This run is not linked to remediation dry-run history yet; check the Run Timeline source dossier and MCP Gateway before approval.",
"latest": "Latest dry-run",
"preview": "Mode {mode}; preview {preview}",
"writes": "Writes: incident={incident}; autoRepair={autoRepair}",
"status": {
"linked": "Linked to remediation history",
"empty": "No remediation history"
},
"metrics": {
"incidents": "Incident",
"dryRuns": "Dry-run",
"tools": "Tools"
}
},
"ownerResponseValidationDecisionBoundary": {
"title": "Owner Response Validation Approval Decision Boundary",
"subtitle": "The approval decision page mirrors the S4.13 validation rollup and S4.9-S4.12 response packets as read-only state; this is not owner response acceptance, GitHub primary approval, repo, refs, workflow / secret, or runtime authorization.",
"badge": "Read-only approval boundary",
"openIwooos": "Open IwoooS",
"decisionRefsTitle": "Approval validation references",
"boundaryLabel": "Validation / approval decision boundary",
"boundaryTitle": "No owner-response validation approval action can run yet",
"boundaryDetail": "This section only explains how the approval decision page understands the four packets, 22 response templates, received / accepted / rejected still at 0, and the separation between approval buttons and owner-response validation. It does not mark owner responses received or accepted, create security approval records, create platform runs, link the execution router, create repos, change refs, modify workflow / secrets, collect secret values, switch the primary source, or open a runtime gate.",
"metrics": {
"packets": {
"label": "Response packets",
"detail": "S4.9-S4.12 remain waiting for owner responses."
},
"templates": {
"label": "Response templates",
"detail": "22 templates are future intake formats, not responses accepted by the approval decision."
},
"received": {
"label": "Received",
"detail": "Still 0; the approval detail must not turn visibility into intake state."
},
"accepted": {
"label": "Accepted",
"detail": "Still 0; this can only change after redacted evidence passes validation."
},
"decisionAcceptance": {
"label": "Decision acceptance",
"detail": "Still 0; approving execution is not accepting owner responses."
},
"displaySections": {
"label": "Display sections",
"detail": "8 sections only explain validation flow and the approval boundary."
}
},
"decisionRefs": {
"validationRollup": {
"title": "S4.13 Validation Rollup",
"detail": "Pins the four packets, cross-packet validation, evidence routing, review checklist, and result lanes, but does not create approval acceptance or remediation execution."
},
"giteaAttestation": {
"title": "S4.9 Gitea Inventory Owner Attestation",
"detail": "5 templates still wait for owner response; the approval page can only mark the next intake focus."
},
"githubTarget": {
"title": "S4.10 GitHub Target Owner Decision",
"detail": "7 target owner / visibility / standard responses remain unaccepted; repos or primary switches must not be created automatically."
},
"refsTruth": {
"title": "S4.11 Refs Truth Owner Response",
"detail": "5 truth categories still wait for redacted responses; refs must not be synced, deleted, or force-pushed."
},
"workflowSecret": {
"title": "S4.12 Workflow / Secret Name Owner Response",
"detail": "5 name and redacted-evidence categories still wait for responses; only name inventories are allowed, never raw secret values."
}
}
},
"details": {
"title": "Run Details",
"runId": "Run ID",
"project": "Project",
"agent": "Agent",
"state": "State",
"traceId": "Trace ID",
"trigger": "Trigger",
"triggerRef": "Trigger Ref",
"cost": "Cost",
"attempts": "Attempts",
"created": "Created",
"timeout": "Timeout",
"error": "Error",
"empty": "Run data was not found."
},
"actions": {
"approve": "Approve",
"reject": "Reject"
},
"dialog": {
"close": "Close",
"cancel": "Cancel",
"runId": "Run ID:",
"approve": {
"title": "Confirm Approval",
"body": "After approval, the run resumes from the human gate and continues through Runtime / MCP Gateway.",
"warning": "This decision is written to Run state, approval token, and audit trail.",
"confirm": "Confirm Approval"
},
"reject": {
"title": "Confirm Rejection",
"body": "After rejection, the run is cancelled and will not continue automatic execution.",
"reason": "Rejection reason",
"placeholder": "Enter rejection reason...",
"warning": "The reason is written to the audit trail for later review in Run Timeline.",
"confirm": "Confirm Rejection"
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink