docs(security): add low-friction non-blocking lanes
This commit is contained in:
Your Name
@@ -1,3 +1,17 @@
|
||||
## 2026-05-19 | 資安供應鏈 S1.3:Low-Friction Non-Blocking Escalation Lanes
|
||||
|
||||
**背景**:統帥明確要求初期不要把資訊安全等級一次拉太高,避免產品、架構與流程被過度阻擋。既有 `security_rollout_policy_v1` 已有 observe-first / mirror-only 原則,但尚未把「哪些情境不能直接升 blocking」寫成可驗證 lanes。
|
||||
|
||||
**完成**:
|
||||
- `security_rollout_policy_v1` schema / snapshot 新增 7 條 non-blocking escalation lanes:LOW / MEDIUM observation、owner response missing、mirror data incomplete、source-control drift draft、Kali observe finding、workflow / secret name gap、progress display holding。
|
||||
- 每條 lane 固定 `owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false`、`awooop_display_mode=display_low_friction_non_blocking_lane_only` 與 `not_authorization=true`。
|
||||
- `security-mirror-progress-guard.py` 開始驗證 low-friction policy 的 lane count、lane id 順序、display order、observe / warn 初始模式、runtime blocking false 與 AwoooP allowed outputs。
|
||||
- `security_mirror_status_rollup_v1` micro progress ledger 新增 S1.3 framework detail,headline progress 維持 58%。
|
||||
|
||||
**仍禁止**:
|
||||
- 不把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接變成 deploy blocker、runtime blocker、production incident、action button 或 enforcement rule。
|
||||
- 不讓 non-blocking escalation lane 觸發 repo creation、visibility change、refs sync / delete / force push、workflow/webhook/runner/deploy key/branch protection/repository secret 變更、Kali active scan、Kali `/execute`、GitHub hosted runner、GitHub primary switch、Gitea disable 或任何 runtime action。
|
||||
|
||||
## 2026-05-19 | 資安供應鏈 S4.13:Owner Response Validation Parallel Session Recovery Outcome Lanes
|
||||
|
||||
**背景**:S4.13 已有四包 owner response validation rollup、22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes 與 6 個 parallel session recovery checks;本輪補上 7 條 parallel session recovery outcome lanes,讓 AwoooP / 另一個 Session 在復原檢查後只能分類 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift。
|
||||
|
||||
@@ -9,6 +9,9 @@
|
||||
"status",
|
||||
"default_mode",
|
||||
"enforcement_level",
|
||||
"non_blocking_escalation_lane_count",
|
||||
"non_blocking_escalation_lanes",
|
||||
"allowed_awooop_outputs",
|
||||
"policy_items"
|
||||
],
|
||||
"properties": {
|
||||
@@ -27,6 +30,73 @@
|
||||
"type": "string",
|
||||
"enum": ["mirror_only", "read_only_policy", "approval_gate", "enforced"]
|
||||
},
|
||||
"non_blocking_escalation_lane_count": {
|
||||
"type": "integer",
|
||||
"minimum": 0
|
||||
},
|
||||
"non_blocking_escalation_lanes": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"lane_id",
|
||||
"display_order",
|
||||
"trigger",
|
||||
"initial_mode",
|
||||
"allowed_action",
|
||||
"forbidden_escalation",
|
||||
"owner_review_required_before_blocking",
|
||||
"runtime_blocking_allowed",
|
||||
"awooop_display_mode",
|
||||
"not_authorization"
|
||||
],
|
||||
"properties": {
|
||||
"lane_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_order": {
|
||||
"type": "integer",
|
||||
"minimum": 1
|
||||
},
|
||||
"trigger": {
|
||||
"type": "string"
|
||||
},
|
||||
"initial_mode": {
|
||||
"type": "string",
|
||||
"enum": ["observe", "warn"]
|
||||
},
|
||||
"allowed_action": {
|
||||
"type": "string"
|
||||
},
|
||||
"forbidden_escalation": {
|
||||
"type": "string"
|
||||
},
|
||||
"owner_review_required_before_blocking": {
|
||||
"type": "boolean",
|
||||
"const": true
|
||||
},
|
||||
"runtime_blocking_allowed": {
|
||||
"type": "boolean",
|
||||
"const": false
|
||||
},
|
||||
"awooop_display_mode": {
|
||||
"type": "string",
|
||||
"enum": ["display_low_friction_non_blocking_lane_only"]
|
||||
},
|
||||
"not_authorization": {
|
||||
"type": "boolean",
|
||||
"const": true
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
},
|
||||
"allowed_awooop_outputs": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"policy_items": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
|
||||
@@ -19,7 +19,7 @@ AwoooP 可以消費 Security Supply Chain Session 產出的事件,但初期只
|
||||
|
||||
AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得切換 GitHub primary、不得修改 production runtime。
|
||||
|
||||
初期也不得把每個 observation 都變成阻擋條件。LOW / MEDIUM 且不涉及不可逆變更的項目,先以 `observe` / `warn` 累積 evidence;只有 repo creation、visibility change、refs sync、secret、RBAC、NetworkPolicy、firewall、deploy、primary switch 等高風險動作才進 approval。
|
||||
初期也不得把每個 observation 都變成阻擋條件。LOW / MEDIUM 且不涉及不可逆變更的項目,先以 `observe` / `warn` 累積 evidence;缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 也只能先建立 follow-up / owner review,不得直接升 runtime blocker。只有 repo creation、visibility change、refs sync、secret、RBAC、NetworkPolicy、firewall、deploy、primary switch 等高風險動作才進 approval。
|
||||
|
||||
## 1. 允許消費的事件
|
||||
|
||||
@@ -60,7 +60,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `local_repo_canonical_probe_v1` | 本機 working tree lineage 比對 | Canonical decision evidence | mirror-only | 不自動合併、不自動建 repo、不刪除 |
|
||||
| `git_remote_refs_probe_v1` | 指定 repo remote refs read-only probe | Source readiness evidence | mirror-only | 不 fetch、不 push、不自動 mirror |
|
||||
| `approval_required_event_v1` | 上述事件的高風險 gate | Approval queue、Audit | approval-only | `blocked_until_approved=true` |
|
||||
| `security_rollout_policy_v1` | 低摩擦資安 rollout policy | Read-only policy、Operator Console | mirror-only | 初期 observe-first,不做 runtime enforcement |
|
||||
| `security_rollout_policy_v1` | 低摩擦資安 rollout policy | Read-only policy、Operator Console | mirror-only | 初期 observe-first,顯示 7 條 non-blocking escalation lanes,不做 runtime enforcement |
|
||||
| `security_supply_chain_contract_manifest_v1` | Security Supply Chain 契約索引 | Contract registry、Operator Console | mirror-only | 只作路由索引,不作 execution router |
|
||||
|
||||
## 2. AwoooP 可以做的處理
|
||||
@@ -132,7 +132,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `source_control_workflow_secret_name_inventory_v1.status=draft_missing_evidence` | `approve_required` | 顯示 S4.2 local evidence、S4.3 export request、S4.12 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 templates;不收 secret value、不改 workflow、不啟用 runner |
|
||||
| `local_repo_canonical_probe_v1.status=unrelated` | `approve_required` | 禁止自動合併,需人工 canonical 判定 |
|
||||
| `git_remote_refs_probe_v1.status=ok` | `observe` | 可作 source evidence,但仍需 GitHub target 與 approval |
|
||||
| `security_rollout_policy_v1.enforcement_level=mirror_only` | `observe` | 只顯示 policy,不阻擋既有流程 |
|
||||
| `security_rollout_policy_v1.enforcement_level=mirror_only` | `observe` | 只顯示 policy 與 7 條 non-blocking escalation lanes,不阻擋既有流程 |
|
||||
| `security_supply_chain_contract_manifest_v1.default_enforcement_level=mirror_only` | `observe` | 只載入契約索引,不新增執行入口 |
|
||||
|
||||
## 5. Evidence 脫敏要求
|
||||
|
||||
@@ -142,7 +142,7 @@ Kali / Code Review / GitHub / Gitea / Codex
|
||||
|
||||
Schema:`docs/schemas/security_finding_v1.schema.json`
|
||||
|
||||
最小欄位:
|
||||
關鍵欄位:
|
||||
|
||||
```json
|
||||
{
|
||||
@@ -410,12 +410,15 @@ Schema:`docs/schemas/security_rollout_policy_v1.schema.json`
|
||||
"schema_version": "security_rollout_policy_v1",
|
||||
"status": "draft",
|
||||
"default_mode": "observe",
|
||||
"enforcement_level": "mirror_only"
|
||||
"enforcement_level": "mirror_only",
|
||||
"non_blocking_escalation_lane_count": 7
|
||||
}
|
||||
```
|
||||
|
||||
AwoooP 初期處理方式:只作為 read-only policy 與 Operator Console 顯示,不做 runtime enforcement。
|
||||
|
||||
2026-05-19 追加:`security_rollout_policy_v1` 已補 7 條 non-blocking escalation lanes,涵蓋 LOW / MEDIUM observation、owner response missing、mirror data incomplete、source-control drift draft、Kali observe finding、workflow / secret name gap 與 progress display holding。AwoooP 可顯示 lane 與建立 follow-up,但每條 lane 都維持 `owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` 與 `not_authorization=true`,不得直接升 runtime blocker 或 action button。
|
||||
|
||||
### `security_supply_chain_contract_manifest_v1`
|
||||
|
||||
用途:集中列出 Security Supply Chain 初期可供 AwoooP 消費的 schema、snapshot、人讀文件、允許動作與禁止動作。
|
||||
@@ -879,7 +882,7 @@ Console 初期不提供高風險執行按鈕。
|
||||
|
||||
2026-05-17 S4.10 GitHub target owner decision response 收件包追加,2026-05-18 補 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks:已新增 `docs/schemas/github_target_owner_decision_response_v1.schema.json`、`docs/security/github-target-owner-decision-response.snapshot.json` 與 `docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md`。AwoooP 可顯示 1 個 owner response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、7 個 response templates、8 個 acceptance checks 與 10 個 rejection rules;目前收到 response 0 筆、接受 0 筆,仍不得建立 repo、修改 visibility、sync refs、切 GitHub primary 或停用 Gitea。
|
||||
|
||||
2026-05-12 低摩擦 rollout policy 追加:已新增 `docs/schemas/security_rollout_policy_v1.schema.json`、`docs/security/security-rollout-policy.snapshot.json` 與 `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md`。AwoooP 初期應採 observe-first / mirror-only,不把 LOW / MEDIUM observation 變成 blocking controls。
|
||||
2026-05-12 低摩擦 rollout policy 追加,2026-05-19 補 non-blocking escalation lanes:已新增 `docs/schemas/security_rollout_policy_v1.schema.json`、`docs/security/security-rollout-policy.snapshot.json` 與 `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md`。AwoooP 初期應採 observe-first / mirror-only,不把 LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 變成 blocking controls。
|
||||
|
||||
2026-05-12 contract manifest 追加:已新增 `docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`、`docs/security/security-supply-chain-contract-manifest.snapshot.json` 與 `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md`。AwoooP 應先讀 manifest 作為 mirror-only contract registry,不把 manifest 當 execution router。
|
||||
|
||||
|
||||
@@ -34,7 +34,23 @@
|
||||
| secret / RBAC / NetworkPolicy / firewall / deploy / primary switch | `approve_required` | 建 approval event、準備 dry-run / rollback | auto execute、保存 secret value、跳過人工 review |
|
||||
| 無 rollback 的破壞性動作或保存 raw secret | `block_candidate` | 記錄原因、要求人工 exception | force push、delete repo、保存 raw secret、關閉 audit |
|
||||
|
||||
## 3. AwoooP 初期行為
|
||||
## 3. 非阻擋升級分流
|
||||
|
||||
這 7 條 lane 是 AwoooP 與平行 Session 的共用低摩擦護欄。它們只決定「先 observe / warn,什麼時候需要 owner review」,不授權 runtime blocker、deploy blocker、repo / refs action、Kali active scan 或自動修復。
|
||||
|
||||
| Lane | 初始模式 | 可以做 | 禁止升級 |
|
||||
|------|----------|--------|----------|
|
||||
| LOW / MEDIUM observation | `warn` | 標記風險、建立 follow-up、補 evidence_ref、準備草案 | 阻擋 deploy、自動 patch、自動 merge、建立 runtime blocker |
|
||||
| Owner response missing | `observe` | 顯示 missing lane、next collection candidate、template status、request packet | 把未回覆當拒絕、停止產品流程、自動補 owner response |
|
||||
| Mirror data incomplete | `warn` | 顯示 partial / quarantine reason、要求補 redacted snapshot、保留 retry gate | 阻擋無關 runtime、當 production incident、吞入未脫敏 payload |
|
||||
| Source-control drift draft | `warn` | 維持 draft reconcile plan、ADR、read-only diff、owner review lane | sync refs、delete refs、force push、建立 repo、修改 visibility、切 GitHub primary |
|
||||
| Kali observe finding | `warn` | 顯示 redacted finding summary、evidence_ref、scan scope approval candidate、block reason | 自動啟動 active scan、呼叫 `/execute`、直接變 deploy blocker |
|
||||
| Workflow / secret name gap | `warn` | 要求 redacted export、顯示 owner response template、更新 readiness wording | 收集 secret value、啟用 GitHub hosted runner、修改 workflow / webhook / repository secret |
|
||||
| Progress display holding | `observe` | 顯示 micro progress、latest delta、not_authorization、下一個高層 gate | 把 58% 解讀成卡住、把 micro progress 當 runtime approval |
|
||||
|
||||
每一條 lane 都要求 `owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` 與 `not_authorization=true`。AwoooP 可以顯示 `display_non_blocking_escalation_lanes` 與建立 follow-up,但不能把 follow-up 轉成阻擋條件。
|
||||
|
||||
## 4. AwoooP 初期行為
|
||||
|
||||
AwoooP 初期只應:
|
||||
|
||||
@@ -51,7 +67,7 @@ AwoooP 初期不應:
|
||||
4. 直接同步 refs 或切 GitHub primary。
|
||||
5. 把所有 observation 都變成 blocking incident。
|
||||
|
||||
## 4. 階段性收斂
|
||||
## 5. 階段性收斂
|
||||
|
||||
| 階段 | 目標 | 控制強度 |
|
||||
|------|------|----------|
|
||||
@@ -62,7 +78,7 @@ AwoooP 初期不應:
|
||||
| S4 | 受控 migration / execution | approve_required + rollback |
|
||||
| S5 | 規則收斂與自動化 | 只在 evidence 成熟後逐步提高 |
|
||||
|
||||
## 5. 永久邊界
|
||||
## 6. 永久邊界
|
||||
|
||||
即使後續提高資安等級,以下仍不得自動化:
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
2. 每筆鏡像 payload 都有 `security_mirror_event_v1` 信封。
|
||||
3. Route group 覆蓋所有 contract。
|
||||
4. Evidence 必須脫敏。
|
||||
5. LOW / MEDIUM observation 初期不阻擋。
|
||||
5. LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期不阻擋。
|
||||
6. Approval Queue 不等於 execution queue。
|
||||
7. Channel Event 初期低噪音。
|
||||
8. 進度估算只能顯示,不可被解讀成 runtime authorization。
|
||||
@@ -33,7 +33,7 @@
|
||||
| `ROUTE_GROUP_COVERAGE` | 確認 5 個 route groups 覆蓋所有 contracts | 是 |
|
||||
| `REDACTION_ONLY` | 確認不保存 raw sensitive value | 是 |
|
||||
| `PROGRESS_ESTIMATE_NOT_AUTHORIZATION` | 確認 58% headline 進度與 micro progress delta ledger 只作跨 Session 狀態顯示,不授權 scan / execute / repo / refs / workflow / secret / runner / primary 動作 | 是 |
|
||||
| `LOW_MEDIUM_NOT_BLOCKING` | 確認低中風險 observation 初期只 observe / warn | 否 |
|
||||
| `LOW_MEDIUM_NOT_BLOCKING` | 確認 7 條 low-friction non-blocking escalation lanes 初期只 observe / warn | 否 |
|
||||
| `APPROVAL_IS_NOT_EXECUTION` | 確認 approval 只留痕、不自動執行 | 否 |
|
||||
| `CHANNEL_LOW_NOISE` | 確認通知低噪音 | 否 |
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
| `CHECK_ACCEPTANCE_AND_QUARANTINE` | 確認驗收與隔離只處理 mirror payload | 不阻擋 runtime |
|
||||
| `CHECK_PROGRESS_GUARD` | 確認 58% headline 進度與 micro progress delta ledger 只作狀態顯示 | 不把進度或 delta ledger 當 approval 或 runtime authorization |
|
||||
| `CHECK_OWNER_RESPONSE_GUARD` | 確認四包 owner response 仍未收到 / 接受,且 S4.9 request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / preflight / outcome lanes 只提示 owner、逐項顯示 waiting、只定義 0 emitted 的 metadata audit 模板、脫敏範例與只讀 UI 區塊、維持收件狀態分離、分類可審、補證、隔離、拒收或等待;S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 也只提示 7 個 GitHub target 要回覆的欄位、逐項顯示 waiting / request ready、定義 0 emitted 的脫敏 metadata、維持 request / received / accepted 分離,並只分類可收、補證、隔離或拒收;S4.11 request packet 只提示 5 類 refs truth owner response 欄位,template status ledger 逐項顯示 waiting / request ready,audit event templates 只定義 0 emitted 的脫敏 metadata,redaction examples 只示範安全 metadata shape,collection checks 只維持 request / received / accepted 分離,intake preflight checks 只分類可審、補證、隔離、拒收或等待;S4.12 request packet 只提示 5 類 workflow / secret 名稱 owner response 欄位,template status ledger 逐項顯示 waiting / request ready,audit event templates 只定義 0 emitted 的脫敏 metadata,redaction examples 只示範安全 metadata shape,collection checks 只維持 request / received / accepted 分離,intake preflight checks 只分類可審、補證、隔離或拒收 | 不把 guard pass、request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo、refs、workflow、secret、runner、primary、audit production ingestion 或 runtime 授權 |
|
||||
| `CHECK_LOW_NOISE_CHANNEL` | 確認 Channel Event 低噪音 | 不對 LOW / MEDIUM 洗版 |
|
||||
| `CHECK_LOW_NOISE_CHANNEL` | 確認 Channel Event 低噪音 | 不對 LOW / MEDIUM 或 non-blocking escalation lanes 洗版 |
|
||||
| `CONFIRM_NO_RUNTIME_ACTION` | 確認 dry-run 沒有任何 runtime action | 不掃描、不 deploy、不 sync refs |
|
||||
|
||||
本地只讀驗證指令:
|
||||
@@ -64,7 +64,7 @@ python3 scripts/security/source-control-owner-response-guard.py
|
||||
|
||||
1. 不把 dry-run 轉成 production ingestion。
|
||||
2. 不在 dry-run 中啟動 scan、execute、repo、refs、deploy、secret 類動作。
|
||||
3. 不把 LOW / MEDIUM observation 變成 blocking gate。
|
||||
3. 不把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 變成 blocking gate。
|
||||
4. 不保存 raw secret、token、cookie、private key 或 exploit payload。
|
||||
5. 不自動建立 repo、不 sync refs、不切 GitHub primary。
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
|
||||
## 2. AwoooP 可做
|
||||
|
||||
1. 讀取 `security_mirror_readiness_v1`、manifest 與 rollout policy。
|
||||
1. 讀取 `security_mirror_readiness_v1`、manifest 與 rollout policy,並顯示 7 條 non-blocking escalation lanes。
|
||||
2. 使用 `security_mirror_event_v1` 包裝每一筆 mirror payload。
|
||||
3. 使用 `security_mirror_route_v1` 決定目的地、channel policy 與 review lane。
|
||||
4. 使用 `security_mirror_acceptance_v1` 驗收 contract count、event envelope、route coverage 與 redaction。
|
||||
@@ -64,7 +64,7 @@
|
||||
| `MIRROR_ONLY_DEFAULT` | 所有 waves 都必須維持 `runtime_execution_authorized=false` |
|
||||
| `NO_ACTION_BUTTONS` | Operator Console 不得新增 scan、execute、repo、refs、deploy、secret 類執行按鈕 |
|
||||
| `REDACTION_ONLY` | Mirror payload 不得保存 raw sensitive value |
|
||||
| `LOW_MEDIUM_NOT_BLOCKING` | LOW / MEDIUM observation 初期只能 observe / warn |
|
||||
| `LOW_MEDIUM_NOT_BLOCKING` | LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn |
|
||||
|
||||
## 5. 與目前主線的邊界
|
||||
|
||||
|
||||
@@ -61,6 +61,7 @@ AwoooP 可以將 ready / partial contracts mirror 到:
|
||||
7. 不切 GitHub primary。
|
||||
8. 不保存 raw secret、token、cookie、private key 或 exploit payload。
|
||||
9. 不把 LOW / MEDIUM observation 變成 blocking gate。
|
||||
10. 不把缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接變 runtime blocker。
|
||||
|
||||
## 4. 下一步建議
|
||||
|
||||
@@ -72,7 +73,7 @@ AwoooP 可以將 ready / partial contracts mirror 到:
|
||||
4. 再 mirror `security_mirror_acceptance_v1`,驗收 contract count、event envelope、route coverage 與 redaction。
|
||||
5. 再 mirror `security_mirror_quarantine_v1`,定義驗收失敗時的隔離與 retry gate。
|
||||
6. 再 mirror `security_mirror_dry_run_v1`,定義接入演練回報格式。
|
||||
7. 再 mirror `security_mirror_status_rollup_v1` 與 S4.13 `SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md`,顯示跨 Session 狀態、四個 owner response packets、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與下一個 gate。
|
||||
7. 再 mirror `security_mirror_status_rollup_v1`、`security_rollout_policy_v1` 與 S4.13 `SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md`,顯示跨 Session 狀態、7 條 low-friction non-blocking escalation lanes、四個 owner response packets、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與下一個 gate。
|
||||
8. 再 mirror `security_mirror_intake_plan_v1`,照 wave 執行 read-only intake。
|
||||
9. 再 mirror `security_approval_queue_v1`,只顯示 review order。
|
||||
10. 再 mirror `security_approval_gate_v1`,只記錄人工決策與 follow-up runtime gate。
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
1. 依 route group 顯示不同 review lane。
|
||||
2. 把 ready / partial snapshot 包成 `security_mirror_event_v1`。
|
||||
3. 把高風險候選放進 Approval Queue,但不執行。
|
||||
4. 把 LOW / MEDIUM observation 留在 observe / warn。
|
||||
4. 把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 留在 observe / warn。
|
||||
5. 將每個 route group 的 blocked processing 顯示給 Operator。
|
||||
|
||||
## 3. AwoooP 不可做
|
||||
|
||||
@@ -33,6 +33,7 @@
|
||||
| Gitea inventory | S4.5 已補認證清冊匯出請求;S4.6 已補匯入驗收契約;S4.7 已補 owner coverage attestation;S4.8 已把既有 Gitea queue/gate/review packet/follow-up gate 對齊 attestation 先行;S4.9 已補 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、owner response 0 筆、audit events emitted 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
|
||||
| Workflow / secret name inventory | S4.1 已建立;S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidence;S4.3 補 7 個 repos、5 類 lanes 的 redacted export request;S4.12 補 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 owner response templates;0 個 inventory complete、audit events emitted 0 筆、禁止收集 secret value、禁止 write token |
|
||||
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestation;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,reviewer audit emitted 仍為 0,不代表 owner response 已收到或任何執行授權 |
|
||||
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn;`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` |
|
||||
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
|
||||
| Runtime actions | `false` |
|
||||
| Payload ingestion | `false` |
|
||||
@@ -48,7 +49,7 @@
|
||||
|
||||
## 1.2 為什麼 58% 看起來沒動
|
||||
|
||||
58% 是 headline progress,只在高層 gate 真正改變時調整。最近幾輪 S4.10、S4.11、S4.12 與 S4.13 的工作確實有前進,但屬於框架細節、顯示順序與收件安全,不會直接推高 headline。
|
||||
58% 是 headline progress,只在高層 gate 真正改變時調整。最近幾輪 S4.10、S4.11、S4.12、S4.13 與 S1.3 的工作確實有前進,但屬於框架細節、顯示順序、收件安全與低摩擦分流,不會直接推高 headline。
|
||||
|
||||
| 最近完成 | 進度軸 | headline delta | 為什麼整體百分比不變 |
|
||||
|----------|--------|----------------|----------------------|
|
||||
@@ -86,6 +87,8 @@
|
||||
| S4.13 parallel session sync checks | framework detail | 0 | 只確認同一 PR 分支、latest delta 可見、counters 仍為 0、runtime flags 仍為 false、source-control mutation 阻擋與 next focus 維持 S4.9,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
|
||||
| S4.13 parallel session conflict lanes | framework detail | 0 | 只把 stale branch、stale delta、counter drift、runtime flag drift、source-control mutation request 與 next focus drift 分流到停下重讀或人工 review,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
|
||||
| S4.13 parallel session recovery checks | framework detail | 0 | 只確認 conflict lane 後要重抓遠端、重讀 latest ledger、重跑只讀 guards、review staged diff、確認 runtime false flags 與回到 S4.9 next focus,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
|
||||
| S4.13 parallel session recovery outcome lanes | framework detail | 0 | 只把復原結果分類成 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
|
||||
| S1.3 non-blocking escalation lanes | framework detail | 0 | 只確認 LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 先維持 observe / warn,不代表 blocking gate、runtime enforcement 或 action button |
|
||||
|
||||
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence:
|
||||
|
||||
@@ -111,6 +114,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
3. 將彙整結果寫入 Audit evidence。
|
||||
4. 低噪音通知階段完成、blocked reason 或人工批准必要事件。
|
||||
5. 把下一步限制在 `observe` / `approval_required` / `block_candidate`。
|
||||
6. 顯示 7 條 non-blocking escalation lanes,讓 follow-up 不直接升級成 runtime blocker。
|
||||
|
||||
## 3. AwoooP 不可做
|
||||
|
||||
@@ -119,6 +123,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
3. 不把 LOW / MEDIUM observation 變成 blocking gate。
|
||||
4. 不把 approval queue 接成 runner。
|
||||
5. 不把 GitHub primary、refs sync 或 Kali `/execute` 當成已批准。
|
||||
6. 不把缺 owner response、partial mirror、source-control drift 或 headline holding 當成產品流程阻擋。
|
||||
|
||||
## 4. 下一個安全 gate
|
||||
|
||||
@@ -137,5 +142,6 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
9. GitHub primary readiness blockers 與 rollback ADR 缺口。
|
||||
10. S4.4 GitHub primary rollback ADR 草案:先顯示 7 個 repo 的 rollback owner、validation window 與 triggers,owner approval 前不可執行。
|
||||
11. workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口,先看 S4.2 local evidence,再依 S4.3 redacted export request 與 S4.12 owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / 收件包補 webhook / runner / deploy key / branch protection / repository secret parity;只保存名稱與 owner,不保存 value,不使用 write token。
|
||||
12. Low-friction rollout policy:先顯示 7 條 non-blocking escalation lanes,只允許 observe / warn、建立 follow-up 與 owner review before blocking;不得把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接升 blocking。
|
||||
|
||||
任何批准後的執行仍需下一階段 runtime gate 與獨立 evidence,不得由本 rollup 自動觸發。
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
| Contract | Consumption | 主要用途 | Snapshot |
|
||||
|----------|-------------|----------|----------|
|
||||
| `security_rollout_policy_v1` | read-only policy | 低摩擦 observe-first policy | `docs/security/security-rollout-policy.snapshot.json` |
|
||||
| `security_rollout_policy_v1` | read-only policy | 低摩擦 observe-first policy;含 7 條 non-blocking escalation lanes | `docs/security/security-rollout-policy.snapshot.json` |
|
||||
| `security_finding_v1` | mirror-only | Kali / code / infra finding | `security-finding-kali-sample.snapshot.json` |
|
||||
| `kali_integration_status_v1` | mirror-only | Kali 112 live health / update / gap evidence | `kali-integration-status.snapshot.json` |
|
||||
| `kali_scan_scope_approval_v1` | approval-only | Kali scan scope、111/168 observe-only、active/credentialed/execute gate | `kali-scan-scope-approval.snapshot.json` |
|
||||
@@ -57,7 +57,7 @@
|
||||
|
||||
## 2. AwoooP 消費順序
|
||||
|
||||
1. 先讀 `security_rollout_policy_v1`,確認目前仍是 `mirror_only`。
|
||||
1. 先讀 `security_rollout_policy_v1`,確認目前仍是 `mirror_only`,且 7 條 non-blocking escalation lanes 都維持 `runtime_blocking_allowed=false`。
|
||||
2. 再讀本 manifest,取得可消費 contract 與禁止動作。
|
||||
3. 將 snapshot mirror 成 Runtime State / Channel Event / Audit evidence。
|
||||
4. 讀到 `source-control-ref-truth-owner-response.snapshot.json` 時,只顯示 S4.11 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、response templates、acceptance checks 與 rejection rules;不得新增 refs action。
|
||||
|
||||
@@ -27,7 +27,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
|
||||
### 0.2 Headline 58% 不代表停滯
|
||||
|
||||
近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks,以及 S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
|
||||
近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes,以及 S1.3 non-blocking escalation lanes 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
|
||||
|
||||
| 最近完成 | 目前狀態 | headline delta |
|
||||
|----------|----------|----------------|
|
||||
@@ -65,6 +65,8 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
| S4.13 parallel session sync checks | 已完成草案,只確認同一 PR 分支、latest delta、0 counters、false flags、source-control mutation 禁令與 S4.9 next focus | 0 |
|
||||
| S4.13 parallel session conflict lanes | 已完成草案,只把 stale branch、stale delta、counter drift、runtime flag drift、source-control mutation request 與 next focus drift 分流到停下重讀或人工 review | 0 |
|
||||
| S4.13 parallel session recovery checks | 已完成草案,只確認 conflict lane 後要重抓遠端、重讀 latest ledger、重跑只讀 guards、review diff、確認 false flags 與回到 S4.9 next focus | 0 |
|
||||
| S4.13 parallel session recovery outcome lanes | 已完成草案,只分類 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift | 0 |
|
||||
| S1.3 low-friction non-blocking escalation lanes | 已完成草案,只確認 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 維持 observe / warn | 0 |
|
||||
|
||||
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
|
||||
|
||||
@@ -78,7 +80,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S1.2a refs reconcile plan | 完成草案 | `awoooi`、`clawbot-v5`、`wooo-aiops` 已產生 draft plan;狀態仍為 `draft_blocked` | authenticated inventory + branch/tag diff + single-repo approval |
|
||||
| S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff;已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs |
|
||||
| S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類:4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs;S4.11 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包 | repo owner 單 ref / 單 repo 判定 |
|
||||
| S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立 | AwoooP read-only policy 消費 |
|
||||
| S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立,並補 7 條 non-blocking escalation lanes:LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap、headline holding;全部 `runtime_blocking_allowed=false` | AwoooP read-only policy 消費,不把 follow-up 直接升 blocking |
|
||||
| S1.4 契約索引 | 完成草案 | 35 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
|
||||
| S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + `/execute` high-risk gate |
|
||||
| S1.6 Kali finding / scan scope approval | 完成草案 | `security_finding_v1` sample snapshot 與 `kali_scan_scope_approval_v1` approval package 已建立;111/168 已納入 observe-only scope | 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate |
|
||||
@@ -218,6 +220,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
|
||||
1. Read-only inventory、文件化、risk label、mirror evidence 可持續推進。
|
||||
2. 初期不把 LOW / MEDIUM observation 變成阻擋條件。
|
||||
3. 缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 初期只建立 follow-up / owner review,不直接變 runtime blocker。
|
||||
3. 初期不要求所有 repo 一次完成最高等級 controls。
|
||||
4. 只針對不可逆或高風險動作設 approval gate。
|
||||
5. 每階段完成後再逐步收斂,避免讓產品、架構與部署流程突然變複雜。
|
||||
@@ -232,5 +235,5 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
6. 對 `ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
|
||||
7. 依 `KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`。
|
||||
8. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1`、`security_mirror_status_rollup_v1`、S4.13 `source_control_owner_response_validation_rollup_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 S4.13 需顯示四包 owner response validation rollup、missing lanes、collection order、next collection candidate、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes,Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / 收件包,GitHub target 決策需同時顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 owner decision response templates,refs truth 需同時顯示 S4.11 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 templates,workflow / secret inventory 需同時顯示 S4.3 redacted export request、S4.12 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 5 個 owner response templates,primary readiness 需同時顯示 S4.4 rollback ADR 草案。
|
||||
9. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy,不做 runtime blocking。
|
||||
10. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1`、`source_control_workflow_secret_name_inventory_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、S4.9 owner response request packet、S4.9 owner response template status ledger、S4.9 owner response audit event templates、S4.9 owner response redaction examples、S4.9 owner response display sections、S4.9 owner response collection checks、S4.9 owner response templates、S4.10 GitHub target owner response request packet、S4.10 GitHub target owner response template status ledger、S4.10 GitHub target owner response audit event templates、S4.10 GitHub target owner response redaction examples、S4.10 GitHub target owner response collection checks、S4.10 GitHub target owner response intake preflight checks、S4.10 GitHub target owner response templates、S4.11 refs truth owner response request packet、S4.11 refs truth owner response template status ledger、S4.11 refs truth owner response audit event templates、S4.11 refs truth owner response redaction examples、S4.11 refs truth owner response collection checks、S4.11 refs truth owner response intake preflight checks、S4.11 refs truth owner response templates、S4.12 workflow / secret 名稱 owner response request packet、S4.12 workflow / secret 名稱 owner response template status ledger、S4.12 workflow / secret 名稱 owner response audit event templates、S4.12 workflow / secret 名稱 owner response redaction examples、S4.12 workflow / secret 名稱 owner response collection checks、S4.12 workflow / secret 名稱 owner response intake preflight checks、S4.12 workflow / secret 名稱 owner response templates、S4.13 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。
|
||||
9. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy,不做 runtime blocking;7 條 non-blocking escalation lanes 只能顯示、建立 follow-up 或要求 owner review before blocking。
|
||||
10. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1`、`source_control_workflow_secret_name_inventory_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、S4.9 owner response request packet、S4.9 owner response template status ledger、S4.9 owner response audit event templates、S4.9 owner response redaction examples、S4.9 owner response display sections、S4.9 owner response collection checks、S4.9 owner response templates、S4.10 GitHub target owner response request packet、S4.10 GitHub target owner response template status ledger、S4.10 GitHub target owner response audit event templates、S4.10 GitHub target owner response redaction examples、S4.10 GitHub target owner response collection checks、S4.10 GitHub target owner response intake preflight checks、S4.10 GitHub target owner response templates、S4.11 refs truth owner response request packet、S4.11 refs truth owner response template status ledger、S4.11 refs truth owner response audit event templates、S4.11 refs truth owner response redaction examples、S4.11 refs truth owner response collection checks、S4.11 refs truth owner response intake preflight checks、S4.11 refs truth owner response templates、S4.12 workflow / secret 名稱 owner response request packet、S4.12 workflow / secret 名稱 owner response template status ledger、S4.12 workflow / secret 名稱 owner response audit event templates、S4.12 workflow / secret 名稱 owner response redaction examples、S4.12 workflow / secret 名稱 owner response collection checks、S4.12 workflow / secret 名稱 owner response intake preflight checks、S4.12 workflow / secret 名稱 owner response templates、S4.13 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes、S1.3 non-blocking escalation lanes、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。
|
||||
|
||||
@@ -121,8 +121,8 @@
|
||||
},
|
||||
{
|
||||
"check_id": "LOW_MEDIUM_NOT_BLOCKING",
|
||||
"title": "LOW / MEDIUM 不升級為阻擋",
|
||||
"expected_result": "LOW / MEDIUM observation 初期只進 observe / warn,不變成 blocking gate。",
|
||||
"title": "低摩擦分流不升級為阻擋",
|
||||
"expected_result": "LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只進 observe / warn,不變成 blocking gate。",
|
||||
"evidence_refs": [
|
||||
"docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md",
|
||||
"docs/security/security-rollout-policy.snapshot.json"
|
||||
@@ -130,6 +130,7 @@
|
||||
"blocking_if_failed": false,
|
||||
"allowed_processing": [
|
||||
"顯示 observe / warn",
|
||||
"顯示 non-blocking escalation lanes",
|
||||
"排入 weekly review"
|
||||
],
|
||||
"blocked_processing": [
|
||||
|
||||
@@ -132,7 +132,7 @@
|
||||
"docs/security/security-mirror-route.snapshot.json",
|
||||
"docs/security/SECURITY-MIRROR-ROUTE.md"
|
||||
],
|
||||
"pass_condition": "LOW / MEDIUM observation 不發阻擋事件、不洗版。",
|
||||
"pass_condition": "LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 不發阻擋事件、不洗版。",
|
||||
"execution_allowed": false,
|
||||
"blocked_actions": [
|
||||
"notify_every_observation",
|
||||
|
||||
@@ -220,7 +220,7 @@
|
||||
},
|
||||
{
|
||||
"gate_id": "LOW_MEDIUM_NOT_BLOCKING",
|
||||
"requirement": "LOW / MEDIUM observation 初期只能 observe / warn,不得升為 blocking gate。",
|
||||
"requirement": "LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn,不得升為 blocking gate。",
|
||||
"evidence_ref": "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md"
|
||||
}
|
||||
],
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
"human_docs": [
|
||||
"docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
|
||||
],
|
||||
"notes": "可供 AwoooP 顯示 observe-first / mirror-only policy;不得 runtime enforcement。"
|
||||
"notes": "可供 AwoooP 顯示 observe-first / mirror-only policy 與 7 條 non-blocking escalation lanes;不得 runtime enforcement,也不得把 follow-up 直接升 blocking。"
|
||||
},
|
||||
{
|
||||
"contract": "security_finding_v1",
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
"summary": {
|
||||
"total_contracts": 35,
|
||||
"route_group_count": 5,
|
||||
"channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件;LOW / MEDIUM observation 不發阻擋事件。",
|
||||
"channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 不發阻擋事件。",
|
||||
"approval_queue_policy": "只有 approval-only、suggest-only 或 blocked-until-approved 項目可進 approval queue;approval queue 不代表可執行。"
|
||||
},
|
||||
"route_groups": [
|
||||
@@ -223,7 +223,7 @@
|
||||
},
|
||||
{
|
||||
"gate_id": "LOW_NOISE_CHANNEL",
|
||||
"requirement": "Channel Event 初期只發低噪音摘要或人工批准必要事件,不把 LOW / MEDIUM observation 變成阻擋。"
|
||||
"requirement": "Channel Event 初期只發低噪音摘要或人工批准必要事件,不把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 變成阻擋。"
|
||||
},
|
||||
{
|
||||
"gate_id": "APPROVAL_IS_NOT_EXECUTION",
|
||||
|
||||
@@ -143,15 +143,15 @@
|
||||
{
|
||||
"phase_id": "S4_migration_execution",
|
||||
"state": "not_started",
|
||||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance;S4.7 已補 owner coverage attestation request;S4.9 已補 Gitea owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;S4.10 已補 GitHub target owner decision response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 intake packet;S4.11 已補 refs truth owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包;S4.12 已補 workflow / secret 名稱 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 intake packet;S4.13 已補四包 owner response validation rollup、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes,彙整 22 個 templates、received=0、accepted=0,並標示 next_collection_candidate=S4.9,但 inventory status 仍 partial,S4.9/S4.11/S4.12 audit events emitted 仍 0 筆,GitHub target / refs truth / workflow-secret response 仍 0 筆,S4.13 reviewer audit templates 也仍為 emitted=0,handoff packets / checks、parallel session sync checks、parallel session conflict lanes、recovery checks 與 recovery outcome lanes 只作跨 Session 只讀交接、消費檢查、分支/ledger 同步確認、衝突分流、復原前檢查與復原結果分類。",
|
||||
"next_gate": "依 S4.13 先集中檢查四包 owner response validation 狀態、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes,AwoooP 只顯示 next_collection_candidate=S4.9 Gitea owner attestation,依 S4.9 owner response request packet 要求 owner 回覆,並用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離;再依 S4.9 收到並驗收 S4.7 Gitea owner response、依 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 7 個 GitHub target owner / visibility / canonical response、依 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 5 個 refs truth owner response templates、依 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 5 個 workflow / secret 名稱 owner response templates、authenticated inventory payload 通過 S4.6 驗收、rollback ADR owner approval 與逐 repo 人工批准。"
|
||||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance;S4.7 已補 owner coverage attestation request;S4.9 已補 Gitea owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;S4.10 已補 GitHub target owner decision response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 intake packet;S4.11 已補 refs truth owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包;S4.12 已補 workflow / secret 名稱 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 intake packet;S4.13 已補四包 owner response validation rollup、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes;S1.3 低摩擦 rollout policy 已補 7 條 non-blocking escalation lanes,彙整 22 個 templates、received=0、accepted=0,並標示 next_collection_candidate=S4.9,但 inventory status 仍 partial,S4.9/S4.11/S4.12 audit events emitted 仍 0 筆,GitHub target / refs truth / workflow-secret response 仍 0 筆,S4.13 reviewer audit templates 也仍為 emitted=0,handoff packets / checks、parallel session sync checks、parallel session conflict lanes、recovery checks、recovery outcome lanes 與 non-blocking escalation lanes 只作跨 Session 只讀交接、消費檢查、分支/ledger 同步確認、衝突分流、復原前檢查、復原結果分類與低摩擦升級判讀。",
|
||||
"next_gate": "依 S4.13 先集中檢查四包 owner response validation 狀態、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes,同時用 S1.3 的 7 條 non-blocking escalation lanes 確認 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 都不得直接升 blocking;AwoooP 只顯示 next_collection_candidate=S4.9 Gitea owner attestation,依 S4.9 owner response request packet 要求 owner 回覆,並用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離;再依 S4.9 收到並驗收 S4.7 Gitea owner response、依 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 7 個 GitHub target owner / visibility / canonical response、依 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 5 個 refs truth owner response templates、依 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 5 個 workflow / secret 名稱 owner response templates、authenticated inventory payload 通過 S4.6 驗收、rollback ADR owner approval 與逐 repo 人工批准。"
|
||||
}
|
||||
],
|
||||
"progress_display_policy": {
|
||||
"headline_percent": 58,
|
||||
"headline_status": "holding_until_owner_response_or_runtime_gate",
|
||||
"why_headline_is_holding": [
|
||||
"最近完成的是 S4.10 owner response request / status / audit / redaction / collection checks / intake preflight、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks,以及 S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes 的框架細節,改善可見性、收件安全、稽核格式、跨 Session 同步、衝突分流、復原前檢查與復原結果分類,但 owner response received / accepted 仍為 0。",
|
||||
"最近完成的是 S4.10 owner response request / status / audit / redaction / collection checks / intake preflight、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes,以及 S1.3 non-blocking escalation lanes 的框架細節,改善可見性、收件安全、稽核格式、跨 Session 同步、衝突分流、復原前檢查、復原結果分類與低摩擦升級判讀,但 owner response received / accepted 仍為 0。",
|
||||
"overall_percent 只在 owner response、redacted payload ingestion、active runtime gate、GitHub primary readiness 或 AwoooP production ingestion 這些高層 gate 有實質變化時調整。",
|
||||
"維持 58% 是為了避免把 read-only scaffold 誤算成 runtime enforcement、Kali scan、repo migration 或 GitHub primary cutover。"
|
||||
],
|
||||
@@ -587,6 +587,18 @@
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"delta_id": "s1_3_low_friction_non_blocking_escalation_lanes",
|
||||
"display_order": 36,
|
||||
"completed_stage": "S1.3 low-friction non-blocking escalation lanes",
|
||||
"progress_axis": "framework_detail",
|
||||
"headline_percent_delta": 0,
|
||||
"framework_delta_visible": true,
|
||||
"why_headline_unchanged": "non-blocking escalation lanes 只確認 LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 先維持 observe / warn,不代表 owner response received、production ingestion、approval、runtime gate 或 execution authorization。",
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"next_safe_actions": [
|
||||
@@ -623,6 +635,22 @@
|
||||
"把 LOW / MEDIUM observation 變成 blocking gate"
|
||||
]
|
||||
},
|
||||
{
|
||||
"action_id": "mirror_low_friction_non_blocking_lanes",
|
||||
"title": "AwoooP 顯示低摩擦非阻擋升級分流",
|
||||
"mode": "observe",
|
||||
"source_contract": "security_rollout_policy_v1",
|
||||
"allowed_processing": [
|
||||
"顯示 7 條 non-blocking escalation lanes",
|
||||
"對 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 只建立 follow-up",
|
||||
"保留 owner_review_required_before_blocking=true 與 runtime_blocking_allowed=false"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"把 follow-up 直接轉成 deploy blocker",
|
||||
"把 warn / observe 轉成 runtime enforcement",
|
||||
"新增 scan / execute / repo / refs / workflow / secret / runner / primary action button"
|
||||
]
|
||||
},
|
||||
{
|
||||
"action_id": "mirror_approval_review_packets",
|
||||
"title": "AwoooP 顯示 8 個人工審查封包",
|
||||
@@ -843,7 +871,8 @@
|
||||
"S4.10 新增 GitHub target owner decision response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包;owner_response_request_packet_count=1、owner_response_template_status_count=7、owner_response_audit_event_template_count=3、owner_response_redaction_example_count=5、owner_response_collection_check_count=6、intake_preflight_check_count=6、response_template_count=7、received_response_count=0、accepted_response_count=0,不把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當 repo creation、visibility change、refs sync 或 GitHub primary approval。",
|
||||
"S4.11 已新增 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包;owner_response_request_packet_count=1、owner_response_template_status_count=5、owner_response_audit_event_template_count=3、owner_response_redaction_example_count=5、owner_response_collection_check_count=6、intake_preflight_check_count=6、response_template_count=5、received_response_count=0、accepted_response_count=0、audit_events_emitted=0,不把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當 refs sync、delete、force push 或 GitHub primary approval。",
|
||||
"S4.12 只新增 workflow / secret 名稱 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包;owner_response_audit_event_template_count=3、owner_response_redaction_example_count=5、owner_response_collection_check_count=6、intake_preflight_check_count=6、audit_events_emitted=0、response_template_count=5、received_response_count=0、accepted_response_count=0,不把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當 secret value collection、workflow modification、GitHub hosted runner enablement 或 GitHub primary approval。",
|
||||
"S4.13 只新增 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes;response_packet_count=4、template_count=22、received_response_count=0、accepted_response_count=0、cross_packet_check_count=10、owner_response_evidence_routing_rule_count=6、owner_response_validation_display_section_count=8、owner_response_validation_state_transition_rule_count=7、owner_response_validation_reviewer_checklist_count=9、owner_response_validation_reviewer_outcome_lane_count=7、owner_response_validation_reviewer_audit_event_template_count=4、owner_response_validation_reviewer_audit_display_section_count=5、owner_response_validation_reviewer_audit_collection_check_count=6、owner_response_validation_reviewer_audit_redaction_example_count=5、owner_response_validation_reviewer_audit_retention_rule_count=5、owner_response_validation_reviewer_audit_retention_check_count=6、owner_response_validation_reviewer_audit_handoff_packet_count=6、owner_response_validation_reviewer_audit_handoff_check_count=6、owner_response_validation_parallel_session_sync_check_count=6、owner_response_validation_parallel_session_conflict_lane_count=6、owner_response_validation_parallel_session_recovery_check_count=6、owner_response_validation_parallel_session_recovery_outcome_lane_count=7、reviewer_audit_events_emitted=0、next_collection_candidate=S4.9,不把 rollup、routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets / checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 或 parallel session recovery outcome lanes 當 approval、runtime gate、production ingestion 或 execution authorization。"
|
||||
"S4.13 只新增 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes;response_packet_count=4、template_count=22、received_response_count=0、accepted_response_count=0、cross_packet_check_count=10、owner_response_evidence_routing_rule_count=6、owner_response_validation_display_section_count=8、owner_response_validation_state_transition_rule_count=7、owner_response_validation_reviewer_checklist_count=9、owner_response_validation_reviewer_outcome_lane_count=7、owner_response_validation_reviewer_audit_event_template_count=4、owner_response_validation_reviewer_audit_display_section_count=5、owner_response_validation_reviewer_audit_collection_check_count=6、owner_response_validation_reviewer_audit_redaction_example_count=5、owner_response_validation_reviewer_audit_retention_rule_count=5、owner_response_validation_reviewer_audit_retention_check_count=6、owner_response_validation_reviewer_audit_handoff_packet_count=6、owner_response_validation_reviewer_audit_handoff_check_count=6、owner_response_validation_parallel_session_sync_check_count=6、owner_response_validation_parallel_session_conflict_lane_count=6、owner_response_validation_parallel_session_recovery_check_count=6、owner_response_validation_parallel_session_recovery_outcome_lane_count=7、reviewer_audit_events_emitted=0、next_collection_candidate=S4.9,不把 rollup、routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets / checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 或 parallel session recovery outcome lanes 當 approval、runtime gate、production ingestion 或 execution authorization。",
|
||||
"S1.3 只新增 7 條 low-friction non-blocking escalation lanes;non_blocking_escalation_lane_count=7、owner_review_required_before_blocking=true、runtime_blocking_allowed=false,不把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接變 blocking gate、runtime enforcement 或 action button。"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"start_kali_scan",
|
||||
|
||||
@@ -3,6 +3,99 @@
|
||||
"status": "draft",
|
||||
"default_mode": "observe",
|
||||
"enforcement_level": "mirror_only",
|
||||
"non_blocking_escalation_lane_count": 7,
|
||||
"non_blocking_escalation_lanes": [
|
||||
{
|
||||
"lane_id": "lane-low-medium-observation",
|
||||
"display_order": 1,
|
||||
"trigger": "LOW / MEDIUM finding 且不涉及不可逆變更、secret value、repo / refs / deploy / primary control plane。",
|
||||
"initial_mode": "warn",
|
||||
"allowed_action": "標記風險、建立 follow-up、補 evidence_ref 或準備草案。",
|
||||
"forbidden_escalation": "不得阻擋 deploy、不得自動 patch、不得自動 merge、不得建立 runtime blocker。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "lane-owner-response-missing",
|
||||
"display_order": 2,
|
||||
"trigger": "S4.9 / S4.10 / S4.11 / S4.12 owner response 尚未收到或尚未 accepted。",
|
||||
"initial_mode": "observe",
|
||||
"allowed_action": "顯示 missing lane、next collection candidate、template status 與 request packet。",
|
||||
"forbidden_escalation": "不得把未回覆當成拒絕、不得停止產品流程、不得自動補 owner response。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "lane-mirror-data-incomplete",
|
||||
"display_order": 3,
|
||||
"trigger": "mirror snapshot、redacted payload 或 contract coverage 不完整,但未涉及 raw secret / token / exploit payload。",
|
||||
"initial_mode": "warn",
|
||||
"allowed_action": "顯示 partial / quarantine reason、要求補 redacted snapshot、保留 retry gate。",
|
||||
"forbidden_escalation": "不得阻擋無關 runtime、不得把 partial mirror 當 production incident、不得吞入未脫敏 payload。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "lane-source-control-drift-draft",
|
||||
"display_order": 4,
|
||||
"trigger": "GitHub / Gitea refs、target、visibility 或 canonical decision 存在差異,但尚未 owner approved。",
|
||||
"initial_mode": "warn",
|
||||
"allowed_action": "維持 draft reconcile plan、ADR、read-only diff 與 owner review lane。",
|
||||
"forbidden_escalation": "不得 sync refs、delete refs、force push、建立 repo、修改 visibility 或切 GitHub primary。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "lane-kali-observe-finding",
|
||||
"display_order": 5,
|
||||
"trigger": "Kali finding 或 scan scope 仍在 observe / approval package 階段。",
|
||||
"initial_mode": "warn",
|
||||
"allowed_action": "只顯示 redacted finding summary、evidence_ref、scan scope approval candidate 與 block reason。",
|
||||
"forbidden_escalation": "不得自動啟動 active scan、不得呼叫 /execute、不得把 finding 直接變 deploy blocker。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "lane-workflow-secret-name-gap",
|
||||
"display_order": 6,
|
||||
"trigger": "workflow、webhook、runner、deploy key、branch protection、CODEOWNERS 或 secret 名稱 parity 尚缺 redacted evidence。",
|
||||
"initial_mode": "warn",
|
||||
"allowed_action": "要求 redacted export、顯示 owner response template 與只讀 readiness blocker wording。",
|
||||
"forbidden_escalation": "不得收集 secret value、不得啟用 GitHub hosted runner、不得修改 workflow / webhook / repository secret。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "lane-progress-display-holding",
|
||||
"display_order": 7,
|
||||
"trigger": "headline progress 維持 58%,但 framework detail ledger 持續增加。",
|
||||
"initial_mode": "observe",
|
||||
"allowed_action": "顯示 micro progress、latest delta、not_authorization 與下一個高層 gate。",
|
||||
"forbidden_escalation": "不得把 progress holding 解讀成卡住、不得把 micro progress 當 runtime approval。",
|
||||
"owner_review_required_before_blocking": true,
|
||||
"runtime_blocking_allowed": false,
|
||||
"awooop_display_mode": "display_low_friction_non_blocking_lane_only",
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"allowed_awooop_outputs": [
|
||||
"display_non_blocking_escalation_lanes",
|
||||
"create_followup_without_blocking",
|
||||
"show_owner_review_required_before_blocking",
|
||||
"keep_runtime_blocking_false"
|
||||
],
|
||||
"policy_items": [
|
||||
{
|
||||
"condition": "read_only_inventory_or_evidence_mirror",
|
||||
|
||||
@@ -18,13 +18,15 @@
|
||||
"allowed_actions": [
|
||||
"mirror_policy",
|
||||
"display_mode",
|
||||
"recommend_observe_warn_approval"
|
||||
"recommend_observe_warn_approval",
|
||||
"display_non_blocking_escalation_lanes"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"runtime_enforcement",
|
||||
"auto_block_low_medium_observation"
|
||||
"auto_block_low_medium_observation",
|
||||
"auto_block_non_blocking_escalation_lane"
|
||||
],
|
||||
"notes": "初期 observe-first / mirror-only,不把資安網變成流程負擔。"
|
||||
"notes": "初期 observe-first / mirror-only,含 7 條 non-blocking escalation lanes;不把資安網變成流程負擔,也不把 follow-up 直接升 blocking。"
|
||||
},
|
||||
{
|
||||
"contract": "security_finding_v1",
|
||||
|
||||
@@ -45,6 +45,7 @@ def validate(root: Path) -> None:
|
||||
dry_run = load_json(security_dir / "security-mirror-dry-run.snapshot.json")
|
||||
owner_rollup = load_json(security_dir / "source-control-owner-response-validation-rollup.snapshot.json")
|
||||
primary_gate = load_json(security_dir / "source-control-primary-readiness-gate.snapshot.json")
|
||||
rollout_policy = load_json(security_dir / "security-rollout-policy.snapshot.json")
|
||||
|
||||
manifest_count = manifest["contract_count"]
|
||||
readiness_summary = readiness["summary"]
|
||||
@@ -117,6 +118,7 @@ def validate(root: Path) -> None:
|
||||
"s4_13_owner_response_validation_parallel_session_conflict_lanes",
|
||||
"s4_13_owner_response_validation_parallel_session_recovery_checks",
|
||||
"s4_13_owner_response_validation_parallel_session_recovery_outcome_lanes",
|
||||
"s1_3_low_friction_non_blocking_escalation_lanes",
|
||||
]
|
||||
assert_equal(
|
||||
"progress_delta_ledger.delta_ids",
|
||||
@@ -147,6 +149,62 @@ def validate(root: Path) -> None:
|
||||
assert_false("rollup.secret_value_collection_allowed", rollup_summary["secret_value_collection_allowed"])
|
||||
assert_false("rollup.secret_value_detected", rollup_summary["secret_value_detected"])
|
||||
|
||||
assert_equal("rollout_policy.schema_version", rollout_policy["schema_version"], "security_rollout_policy_v1")
|
||||
assert_equal("rollout_policy.default_mode", rollout_policy["default_mode"], "observe")
|
||||
assert_equal("rollout_policy.enforcement_level", rollout_policy["enforcement_level"], "mirror_only")
|
||||
assert_equal("rollout_policy.non_blocking_escalation_lane_count", rollout_policy["non_blocking_escalation_lane_count"], 7)
|
||||
expected_low_friction_lane_ids = [
|
||||
"lane-low-medium-observation",
|
||||
"lane-owner-response-missing",
|
||||
"lane-mirror-data-incomplete",
|
||||
"lane-source-control-drift-draft",
|
||||
"lane-kali-observe-finding",
|
||||
"lane-workflow-secret-name-gap",
|
||||
"lane-progress-display-holding",
|
||||
]
|
||||
non_blocking_lanes = rollout_policy["non_blocking_escalation_lanes"]
|
||||
assert_equal(
|
||||
"rollout_policy.non_blocking_escalation_lanes.ids",
|
||||
[item["lane_id"] for item in non_blocking_lanes],
|
||||
expected_low_friction_lane_ids,
|
||||
)
|
||||
assert_equal(
|
||||
"rollout_policy.non_blocking_escalation_lanes.display_order",
|
||||
[item["display_order"] for item in non_blocking_lanes],
|
||||
list(range(1, len(expected_low_friction_lane_ids) + 1)),
|
||||
)
|
||||
for item in non_blocking_lanes:
|
||||
if item["initial_mode"] not in {"observe", "warn"}:
|
||||
raise SystemExit(
|
||||
f"BLOCKED rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.initial_mode: "
|
||||
f"expected observe/warn, got {item['initial_mode']!r}"
|
||||
)
|
||||
assert_true(
|
||||
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.owner_review_required_before_blocking",
|
||||
item["owner_review_required_before_blocking"],
|
||||
)
|
||||
assert_false(
|
||||
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.runtime_blocking_allowed",
|
||||
item["runtime_blocking_allowed"],
|
||||
)
|
||||
assert_equal(
|
||||
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.awooop_display_mode",
|
||||
item["awooop_display_mode"],
|
||||
"display_low_friction_non_blocking_lane_only",
|
||||
)
|
||||
assert_true(
|
||||
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.not_authorization",
|
||||
item["not_authorization"],
|
||||
)
|
||||
rollout_outputs = rollout_policy["allowed_awooop_outputs"]
|
||||
for output in [
|
||||
"display_non_blocking_escalation_lanes",
|
||||
"create_followup_without_blocking",
|
||||
"show_owner_review_required_before_blocking",
|
||||
"keep_runtime_blocking_false",
|
||||
]:
|
||||
assert_contains("rollout_policy.allowed_awooop_outputs", rollout_outputs, output)
|
||||
|
||||
owner_summary = owner_rollup["summary"]
|
||||
assert_equal("owner_rollup.total_received_response_count", owner_summary["total_received_response_count"], 0)
|
||||
assert_equal("owner_rollup.total_accepted_response_count", owner_summary["total_accepted_response_count"], 0)
|
||||
|
||||
Reference in New Issue
Block a user