P06 / demo_observer / regulator-safe exhibit modeP06 / demo_observer / 监管安全展示模式

Final external-safe proof view最终外部安全证明视图

Regulator-safe exhibit mode监管安全展示模式

P06 proves how internal evidence becomes a demo_observer-safe package: disclose decision rationale, evidence counts, receipt semantics, and readiness state; redact sensitive operational material at the serializer; never overclaim legal acceptance.P06 证明内部证据如何转化为 demo_observer 安全包:披露判断理由、证据数量、回执语义与准备度;在序列化层脱敏敏感材料;绝不声称法律接受。

role: demo_observerserver-side redaction
01Internal evidence内部证据

Customer context, PoC, raw attachments, private notes, contacts, SCM detail.客户上下文、PoC、原始附件、私密备注、联系人、SCM 细节。

02Redaction boundary脱敏边界

Server-side policy converts sensitive fields into counts, rationale, limitations, or redacted markers.服务端策略将敏感字段转换为数量、理由、限制说明或脱敏标记。

03Observer-safe package观察者安全包

Regulator-facing exhibit with receipt limitation and explicit cannot-claim semantics.面向监管的展示包,保留回执限制与不可声称语义。

Presenter path演示讲述路径

Click a step to focus the narrative detail.点击步骤聚焦讲述细节。

What observer can see

Selected presenter step当前选中演示步骤

disclosed

Decision rationale, proof-lane outcomes, evidence counts, readiness state, receipt semantics, and explicit known gaps are visible to demo_observer.

Try it试一试Open “What is redacted” to run the decrypt reveal — or click any redacted token below.打开“被脱敏内容”运行解密揭示 —— 或点击下方任意脱敏标记。
Internal view (RBAC-gated)内部视图(RBAC 受限)
customer_nameAlpine Robotics AG; IberGrid Health Devices
PoCcurl -H "X-Debug: …" https://mgmt.example.local/parser
raw_attachmentforum-capture.zip / exploit-repro.mov / lab-notes.md
private_notesCustomer escalation call scheduled; legal asks for narrower claim language.
internal_contactssecops-oncall@netshield.example; legal-cra@netshield.example
SCM detailrepo/security-edge@a18f7c2 parser hotfix branch
External observer view外部观察者视图
customer_name
PoC
raw_attachment6 evidence items counted; raw files omitted计数 6 个证据项;原始文件省略
private_notes
internal_contacts
SCM detail

Replay internal workflow from P00从 P00 回放内部工作流

Regulator-facing summary, safe by design.面向监管的摘要,默认安全。

Reportable

Signal Intake信号录入

Threat-intel signal for CVE-2026-12345, severity critical, structured as VulnerabilitySignal.CVE-2026-12345 威胁情报信号,critical 严重度,结构化为 VulnerabilitySignal。

Reportability Decision报送触发判断

Product and EEA relevance established; L2 met; decision_rule_trace produces a reportable outcome.产品与 EEA 相关性成立;L2 满足;decision_rule_trace 生成 reportable。

Case & ShareTable v2Case 与 ShareTable v2

A formal Case exists only after reviewer endorsement; affected products aggregate by country and version.正式 Case 仅在 reviewer endorsement 后存在;受影响产品按国家和版本聚合。

Evidence Trace证据链

Evidence count: 6 referenced items. Raw attachments and PoC are omitted from the observer response.证据数量:6 个引用项。原始附件与 PoC 从观察者响应中省略。

Receipt Semantics回执语义

Portal status is received_registered only; legal acceptance is not claimed.Portal 状态仅为 received_registered;不声称法律接受。

Export package preview导出包预览

Click included / excluded rows to inspect disclosure policy.点击包含/排除行检查披露策略。

pending
Included evidence summaryObserver receives rationale, proof-lane states, evidence counts, and regulator-safe excerpts without raw files.
Receipt limitation回执限制received_registered is exported as a limitation-bearing evidence event, not legal acceptance.received_registered 作为带限制的证据事件导出,不是法律接受。

Visible to observer观察者可见

Decision rationale判断理由L2 met because RCE weakens confidentiality / integrity; L1 remains unknown.L2 满足,因为 RCE 削弱机密性/完整性;L1 仍未知。
Evidence count证据数量6 referenced items, 2 regulator-safe excerpts, raw material hidden.6 个引用项、2 个监管安全摘录,原始材料隐藏。
Known gaps已知缺口UTC receipt timestamp and IT authority path metadata are explicit.UTC 回执时间戳与 IT 机构路径元数据缺口被明确展示。
Receipt limitation回执限制received_registered is not legal acceptance.received_registered 不是法律接受。