docs(security): add Gitea inventory request handoff [skip ci]

docs/LOGBOOK.md

@@ -1,3 +1,37 @@
+## 2026-06-04｜IwoooS P1-2 Gitea Authenticated Inventory Request Handoff
+
+**背景**：P1 GitHub primary readiness 只讀重盤仍卡在 Gitea authenticated / admin export 全量清冊缺口；public-only user endpoint 只能看到 2 個 repo，本機 remote evidence 至少有 4 個 unique Gitea repos，不能把 public-only 結果當完整清冊。本段補 P1-2 請求交接封套，讓後續 owner / 管理者知道可以提供什麼、禁止提供什麼，以及 S4.9 owner response gate 仍是先行條件。
+
+**本輪完成**：
+- 先 fast-forward 到 `8c9582f3 chore(cd): deploy b61ee9b [skip ci]`，保留另一個 Session 的 AwoooP controls deploy marker。
+- 更新 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md`：日期改為 2026-06-04，補 P1-2 請求交接封套、5 項送件前條件、8 欄交接欄位與送後不變條件。
+- 更新 `gitea-authenticated-inventory-export-request.snapshot.json`：新增 S4.9 owner response gate 先行條件、handoff ready、5 項 request dispatch preflight、8 欄 request handoff packet；`request_dispatch_authorized=false`、payload received / accepted / imported 皆為 0。
+- 更新 `gitea_authenticated_inventory_export_request_v1.schema.json`：同步納入 request dispatch preflight、request handoff packet 與 post-dispatch invariants，避免 snapshot 與 schema 漂移。
+- 更新 `GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` 與 IwoooS P0/P1 主控總帳：P1 只讀重盤工作完成度從 `62%` 調到 `64%`，但 GitHub primary readiness gate 仍 `0`。
+
+**完成度更新**：
+- P1-2 Gitea authenticated inventory request handoff：`100%`。
+- P1 GitHub primary readiness 只讀重盤階段：`64%`。
+- GitHub primary readiness gate：`0`。
+- Authenticated inventory gate：仍 blocked；`admin_export_payload_received_count=0`、`admin_export_payload_accepted_count=0`、`inventory_imported_count=0`。
+
+**驗證**：
+- `python3 -m json.tool docs/security/gitea-authenticated-inventory-export-request.snapshot.json`：通過。
+- `python3 -m json.tool docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json`：通過。
+- 本段自訂結構檢查：`GITEA_AUTHENTICATED_INVENTORY_HANDOFF_STRUCTURE_OK`。
+- `git diff --check`：通過。
+- `python3 scripts/security/source-control-owner-response-guard.py --root .`：`SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。
+- `python3 scripts/security/security-mirror-progress-guard.py --root .`：`SECURITY_MIRROR_PROGRESS_GUARD_OK`。
+- URL credential pattern 檢查：本段異動檔案無命中。
+- Schema validator 限制：本地沒有 Python `jsonschema` 與 Node AJV，未跑完整 JSON Schema validator；已以 JSON parse、自訂結構檢查與既有 guard 補位。
+- Production 頁面檢查：本段只改 docs / snapshot / schema / LOGBOOK，未改前端、未部署、未宣稱新的 production 狀態；沿用 P0 `/zh-TW/iwooos` desktop / mobile live sanity 作為基準。
+
+**目前邊界**：
+- 不收 token value、write credential、DB dump、repo archive、git object pack、deploy key private key、webhook secret 或 runner registration token。
+- 不使用既有可 push credential 當 read-only token。
+- 不建立 GitHub repo、不改 visibility、不同步或刪除 refs、不修改 workflow / secret、不切 GitHub primary、不停 Gitea。
+- P1-2 handoff 只代表請求包可交接；S4.6 import acceptance 與 S4.9 owner response 未通過前，不得把 `gitea_repo_inventory_v1.status` 標記為 `ok`。
+
 ## 2026-06-04｜WOOO Open Design D1 AwoooP 控制項 radius token rollout
 
 **背景**：接續 D0 token bridge 與 `design.wooo.work` 採用策略，本段處理 AwoooP operator console 中最明顯的視覺不一致：Runs / Approvals 的 refresh button、select、incident input 與 error surface 仍使用 `rounded-lg / rounded-md`。D1 只做半徑 token 收斂，不改資料鏈路、不改文案、不碰 IwoooS runtime / GitHub primary / S4.9 owner response gate。

docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json

@@ -16,6 +16,9 @@
     "export_source_options",
     "required_inventory_fields",
     "coverage_gap_hints",
+    "request_dispatch_preflight_checks",
+    "request_handoff_packet",
+    "post_dispatch_invariants",
     "acceptance_rules",
     "redaction_rules",
     "forbidden_actions"
@@ -63,7 +66,16 @@
         "repo_write_allowed",
         "refs_sync_allowed",
         "github_primary_switch_authorized",
-        "action_buttons_allowed"
+        "action_buttons_allowed",
+        "s4_9_owner_response_gate_required",
+        "request_handoff_package_ready",
+        "request_dispatch_handoff_completion_percent",
+        "request_packet_field_count",
+        "request_dispatch_authorized",
+        "admin_export_payload_received_count",
+        "admin_export_payload_accepted_count",
+        "inventory_imported_count",
+        "runtime_inventory_execution_authorized"
       ],
       "properties": {
         "gitea_base_url": {"type": "string"},
@@ -81,7 +93,20 @@
         "repo_write_allowed": {"type": "boolean", "const": false},
         "refs_sync_allowed": {"type": "boolean", "const": false},
         "github_primary_switch_authorized": {"type": "boolean", "const": false},
-        "action_buttons_allowed": {"type": "boolean", "const": false}
+        "action_buttons_allowed": {"type": "boolean", "const": false},
+        "s4_9_owner_response_gate_required": {"type": "boolean", "const": true},
+        "request_handoff_package_ready": {"type": "boolean", "const": true},
+        "request_dispatch_handoff_completion_percent": {
+          "type": "integer",
+          "minimum": 0,
+          "maximum": 100
+        },
+        "request_packet_field_count": {"type": "integer", "minimum": 0},
+        "request_dispatch_authorized": {"type": "boolean", "const": false},
+        "admin_export_payload_received_count": {"type": "integer", "minimum": 0},
+        "admin_export_payload_accepted_count": {"type": "integer", "minimum": 0},
+        "inventory_imported_count": {"type": "integer", "minimum": 0},
+        "runtime_inventory_execution_authorized": {"type": "boolean", "const": false}
       },
       "additionalProperties": false
     },
@@ -163,6 +188,74 @@
       },
       "minItems": 1
     },
+    "request_dispatch_preflight_checks": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": [
+          "check_id",
+          "display_order",
+          "check",
+          "current_status",
+          "execution_authorized"
+        ],
+        "properties": {
+          "check_id": {"type": "string"},
+          "display_order": {"type": "integer", "minimum": 1},
+          "check": {"type": "string"},
+          "current_status": {
+            "type": "string",
+            "enum": ["defined_not_dispatched"]
+          },
+          "execution_authorized": {"type": "boolean", "const": false}
+        },
+        "additionalProperties": false
+      },
+      "minItems": 1
+    },
+    "request_handoff_packet": {
+      "type": "object",
+      "required": [
+        "request_id",
+        "prerequisite_gate",
+        "allowed_source_options",
+        "recipient_role_or_team_required",
+        "requested_outputs",
+        "forbidden_inputs",
+        "intake_acceptance_ref",
+        "not_approval",
+        "execution_authorized"
+      ],
+      "properties": {
+        "request_id": {"type": "string"},
+        "prerequisite_gate": {"type": "string"},
+        "allowed_source_options": {
+          "type": "array",
+          "items": {"type": "string"},
+          "minItems": 1
+        },
+        "recipient_role_or_team_required": {"type": "boolean", "const": true},
+        "requested_outputs": {
+          "type": "array",
+          "items": {"type": "string"},
+          "minItems": 1
+        },
+        "forbidden_inputs": {
+          "type": "array",
+          "items": {"type": "string"},
+          "minItems": 1
+        },
+        "intake_acceptance_ref": {"type": "string"},
+        "not_approval": {"type": "boolean", "const": true},
+        "execution_authorized": {"type": "boolean", "const": false}
+      },
+      "additionalProperties": false
+    },
+    "post_dispatch_invariants": {
+      "type": "array",
+      "items": {"type": "string"},
+      "minItems": 1
+    },
     "acceptance_rules": {
       "type": "array",
       "items": {"type": "string"},

docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md

@@ -2,8 +2,8 @@
 
 | 項目 | 內容 |
 |------|------|
-| 日期 | 2026-05-17 |
-| 狀態 | 草案，等待 owner 匯出 / 只讀批准 |
+| 日期 | 2026-06-04 |
+| 狀態 | 草案與交接封套已整理，等待 S4.9 owner response / 只讀批准 |
 | 資料契約 | `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json` |
 | 快照 | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
 | 後續驗收 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
@@ -24,6 +24,8 @@ S4.6 已補後續的匯入驗收契約：即使 owner 或管理者提供 payload
 
 S4.7 已補 owner coverage attestation：在補全量清冊前，owner 仍需判定 public-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent sources 的 scope。S4.7 不授權 token 收集、repo 寫入、refs sync 或 primary cutover。
 
+S4.9 已補 owner response gate 與 2026-06-04 request dispatch preflight 交接包：P1-2 的只讀 token 或 redacted admin export 請求必須等 S4.9 五題 scope decision 進入可審狀態後，才能由人工批准進下一步。這仍不代表 token value 可以被貼到文件、對話、LOGBOOK 或 snapshot。
+
 ## 1. 摘要
 
 | 指標 | 數量 |
@@ -41,6 +43,11 @@ S4.7 已補 owner coverage attestation：在補全量清冊前，owner 仍需判
 | 允許 refs sync | `false` |
 | 授權切換 GitHub primary | `false` |
 | S4.7 owner attestation items | 5 |
+| S4.9 owner response gate required | `true` |
+| request handoff package | `ready` |
+| request dispatch authorized | `false` |
+| admin export payload received | 0 |
+| admin export payload accepted | 0 |
 
 ## 2. 匯出來源選項
 
@@ -98,7 +105,38 @@ S4.7 已補 owner coverage attestation：在補全量清冊前，owner 仍需判
 6. 不建立 GitHub repo、不 sync refs、不切 GitHub primary。
 7. 不把清冊請求當成清冊已完成。
 
-## 8. 階段定位
+## 8. 2026-06-04 P1-2 請求交接封套
+
+本段把 S4.5 認證清冊匯出請求對齊 2026-06-04 的 S4.9 owner response gate。它只代表「請求包可交接」，不代表 owner 已批准、不代表只讀 token 已提供、不代表 redacted admin export 已收到，也不代表 `gitea_repo_inventory_v1.status=ok`。
+
+### 8.1 送件前條件
+
+| 順序 | 條件 | 完成狀態 |
+|------|------|----------|
+| 1 | S4.9 五題 owner response request packet 已可交接，且 request / received / accepted 分離 | 已整理，未送件 |
+| 2 | 只讀 token 路徑與 redacted admin export 路徑二選一，不要求同時提供 | 已整理，未執行 |
+| 3 | 收件欄位只收 repo metadata、redacted URL、owner/team 與 evidence refs | 已整理，未收件 |
+| 4 | 禁止 token value、write token、DB dump、git object pack、secret / webhook / deploy key material | 已整理，未收件 |
+| 5 | 實際收到 payload 前，received / accepted / imported count 全部維持 0 | 已整理，未收件 |
+
+### 8.2 交接封套欄位
+
+| 欄位 | 內容規則 |
+|------|----------|
+| `request_id` | `p1_2_gitea_authenticated_inventory_request` |
+| `prerequisite_gate` | S4.9 owner response gate 需先保持可審狀態；未通過前不可標記 inventory complete |
+| `allowed_source_options` | `readonly_token_api_inventory` 或 `redacted_admin_export_inventory` |
+| `recipient_role_or_team` | 只填角色或團隊，不填 token / PAT / cookie / session |
+| `requested_outputs` | repo metadata、redacted clone / ssh URL、visibility scope、coverage notes、evidence refs |
+| `forbidden_inputs` | token value、write credential、DB dump、repo archive、git object pack、deploy key private key、webhook secret、runner token |
+| `intake_acceptance_ref` | `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
+| `not_approval` | 必須為 `true` |
+
+### 8.3 送件後不變條件
+
+即使後續 owner / 管理者同意提供只讀來源，也只能把狀態推到「等待安全輸入」或「收到脫敏 payload 待驗收」。必須先通過 S4.6 import acceptance，並用 S4.7 / S4.9 owner response 解釋 coverage gap，才可把清冊候選交給 reviewer。任何 repo 建立、refs sync、workflow / secret 修改、GitHub primary cutover、Gitea 停用或 runtime gate 都需要另行人工批准。
+
+## 9. 階段定位
 
 S4.5 只是把 Gitea 認證清冊的下一步請求、欄位、拒收規則與驗收 gate 定清楚。
 

docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md

@@ -2,8 +2,8 @@
 
 | 項目 | 內容 |
 |------|------|
-| 日期 | 2026-05-17 |
-| 狀態 | 第一版，read-only / export-only |
+| 日期 | 2026-06-04 |
+| 狀態 | read-only / export-only；P1-2 交接封套已整理 |
 | 工具 | `scripts/security/gitea-repo-inventory.py` |
 | 事件 | `gitea_repo_inventory_v1` |
 | Approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
@@ -12,6 +12,7 @@
 | S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
 | S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
 | S4.9 owner response request packet / 收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` |
+| P1-2 request handoff | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
 | 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo |
 
 ## 0. 核心結論
@@ -39,6 +40,8 @@ S4.7 已補 `gitea_inventory_coverage_attestation_v1`：owner 必須先對 publi
 
 S4.9 已補 `gitea_inventory_owner_attestation_response_v1`：AwoooP 可先顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples 與 8 個 display sections，並用 6 個 collection checks 維持 request / received / accepted 分離；audit event templates 目前全為 `template_only_not_emitted`、0 emitted，只定義 request shown / response received metadata / outcome classified 的脫敏 metadata 欄位；redaction examples 只供 owner 參考安全回覆形狀；display sections 只固定只讀 UI 區塊順序；owner response 必須依 5 個 template 填寫，並先通過 6 個 intake preflight checks、5 個 outcome lanes 與基本驗收，才能把 S4.7 coverage attestation 視為可審 evidence。此 request packet / response 收件包仍不授權 read-only inventory runtime、repo migration、audit production ingestion 或 primary cutover。
 
+2026-06-04 P1-2 已補 request handoff package：Gitea authenticated inventory request 必須先保留 S4.9 owner response gate 作為先行條件，並將只讀 token API 清冊與 redacted admin export 清冊兩條路徑拆開。交接包只要求 repo metadata、redacted URL、visibility scope、coverage notes 與 evidence refs；token value、write credential、DB dump、repo archive、git object pack、deploy key private key、webhook secret 與 runner registration token 全部拒收。此 handoff 只代表請求包可交接，不代表 payload received / accepted、inventory imported、status=ok、GitHub primary 或 runtime 授權。
+
 ## 1. Public-only 快照指令
 
 ```bash

docs/security/gitea-authenticated-inventory-export-request.snapshot.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "gitea_authenticated_inventory_export_request_v1",
   "status": "draft_waiting_owner_export",
-  "date": "2026-05-13",
+  "date": "2026-06-04",
   "mode": "redacted_export_request_only",
   "runtime_execution_authorized": false,
   "source_contract": "gitea_repo_inventory_v1",
@@ -26,7 +26,16 @@
     "repo_write_allowed": false,
     "refs_sync_allowed": false,
     "github_primary_switch_authorized": false,
-    "action_buttons_allowed": false
+    "action_buttons_allowed": false,
+    "s4_9_owner_response_gate_required": true,
+    "request_handoff_package_ready": true,
+    "request_dispatch_handoff_completion_percent": 100,
+    "request_packet_field_count": 8,
+    "request_dispatch_authorized": false,
+    "admin_export_payload_received_count": 0,
+    "admin_export_payload_accepted_count": 0,
+    "inventory_imported_count": 0,
+    "runtime_inventory_execution_authorized": false
   },
   "export_source_options": [
     {
@@ -136,6 +145,79 @@
       "execution_authorized": false
     }
   ],
+  "request_dispatch_preflight_checks": [
+    {
+      "check_id": "p1-2-prerequisite-s4-9-owner-response",
+      "display_order": 1,
+      "check": "S4.9 五題 owner response request packet 已可交接，且 request / received / accepted 分離。",
+      "current_status": "defined_not_dispatched",
+      "execution_authorized": false
+    },
+    {
+      "check_id": "p1-2-source-option-selected",
+      "display_order": 2,
+      "check": "只讀 token API 清冊或 redacted admin export 清冊二選一，不要求同時提供。",
+      "current_status": "defined_not_dispatched",
+      "execution_authorized": false
+    },
+    {
+      "check_id": "p1-2-metadata-only-output",
+      "display_order": 3,
+      "check": "收件欄位只收 repo metadata、redacted URL、owner/team 與 evidence refs。",
+      "current_status": "defined_not_dispatched",
+      "execution_authorized": false
+    },
+    {
+      "check_id": "p1-2-forbidden-sensitive-inputs",
+      "display_order": 4,
+      "check": "禁止 token value、write token、DB dump、git object pack、secret、webhook、deploy key 或 runner token material。",
+      "current_status": "defined_not_dispatched",
+      "execution_authorized": false
+    },
+    {
+      "check_id": "p1-2-counts-remain-zero",
+      "display_order": 5,
+      "check": "實際收到 payload 前，received / accepted / imported count 全部維持 0。",
+      "current_status": "defined_not_dispatched",
+      "execution_authorized": false
+    }
+  ],
+  "request_handoff_packet": {
+    "request_id": "p1_2_gitea_authenticated_inventory_request",
+    "prerequisite_gate": "s4_9_owner_response_gate",
+    "allowed_source_options": [
+      "readonly_token_api_inventory",
+      "redacted_admin_export_inventory"
+    ],
+    "recipient_role_or_team_required": true,
+    "requested_outputs": [
+      "repo_metadata",
+      "redacted_clone_url",
+      "redacted_ssh_url",
+      "visibility_scope",
+      "coverage_notes",
+      "redacted_evidence_refs"
+    ],
+    "forbidden_inputs": [
+      "token_value",
+      "write_credential",
+      "database_dump",
+      "repo_archive",
+      "git_object_pack",
+      "deploy_key_private_key",
+      "webhook_secret",
+      "runner_registration_token"
+    ],
+    "intake_acceptance_ref": "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md",
+    "not_approval": true,
+    "execution_authorized": false
+  },
+  "post_dispatch_invariants": [
+    "同意提供只讀來源只能推到等待安全輸入或收到脫敏 payload 待驗收。",
+    "S4.6 import acceptance 通過前不得標記 gitea_repo_inventory_v1.status=ok。",
+    "S4.7 / S4.9 owner response 必須解釋 coverage gap 後，清冊候選才可交給 reviewer。",
+    "任何 repo 建立、refs sync、workflow / secret 修改、GitHub primary cutover、Gitea 停用或 runtime gate 都需要另行人工批准。"
+  ],
   "acceptance_rules": [
     "S4.5 完成只代表 Gitea authenticated inventory export request 已定義，不代表 inventory 已取得。",
     "真正完成 gate 必須讓 `gitea_repo_inventory_v1.status=ok`，且 `visibility_scope` 為 `authenticated` 或 `admin_export`。",

docs/workplans/2026-06-04-iwooos-security-governance-p0.md

@@ -9,7 +9,7 @@
 | 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
 | 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` |
 | 本次分支 | `codex/iwooos-governance-p0-20260604` |
-| 最新觀察到的 `gitea/main` | `b61ee9b0 feat(web): align AwoooP controls with WOOO radius tokens` |
+| 最新觀察到的 `gitea/main` | `8c9582f3 chore(cd): deploy b61ee9b [skip ci]` |
 | 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` |
 | 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` |
 | 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 |
@@ -23,7 +23,7 @@
 | runtime landing | 40-45% | 否 | production 只讀頁存在，不等於 runtime ingestion 或 execution router |
 | active runtime gate | 0 | 否 | 必須維持 0，直到獨立人工批准、rollback、post-check 與 guard 成立 |
 | S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收，不標記 received / accepted |
-| GitHub primary readiness | 0 | 否 | primary gate 仍為 0；P1 只讀重盤工作本身目前約 62%，不代表可切 primary |
+| GitHub primary readiness | 0 | 否 | primary gate 仍為 0；P1 只讀重盤工作本身目前約 64%，不代表可切 primary |
 | Kali 112 維護準備 | 只讀證據已納管，維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan |
 | 111 / 168 開發主機納管 | observe-only mapping 已有，維護包需補強 | 可補文件，不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 |
 | VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位，產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 |
@@ -150,12 +150,13 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count
 | GitHub target probe refresh | 100% | 8 個候選中 5 個可讀、3 個 `not_found_or_private`；`open-design` heads `644` 只作 external scope evidence | owner / visibility / canonical response 仍待收 |
 | Workflow / secret 名稱本機 evidence refresh | 100% | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | 補 webhook、runner owner、deploy key、branch protection、secret name parity |
 | Primary readiness gate 文件更新 | 90% | 已寫入 2026-06-04 refs truth 重產結果與禁止誤讀規則 | 跑 guard 後以 LOGBOOK 封存 |
+| Gitea authenticated inventory request handoff | 100% | S4.5 請求已對齊 S4.9 owner response gate，補 5 項 request dispatch preflight、8 欄 handoff packet 與送後不變條件 | 仍未收 token value、未收 payload、未 import inventory；S4.6/S4.9 驗收前不得標記 status=ok |
 | 全量 Gitea 專案版本盤點 | 25% | 目前仍是 public-only + 本機輔助 evidence | 需只讀 token / admin export；不使用 write credential |
 | 逐 repo refs truth queue | 100% | S4.11 current queue 已重產為 `194` refs review items：真相來源 `4`、deprecated / archive 候選 `142`、release tag `3`、GitHub-only `20` | 送 owner response；received / accepted 仍維持 0 |
 | Workflow / runner / secret parity owner response | 15% | 有 local evidence 與 template，但 received / accepted 皆 0 | 只收 redacted metadata，不收 value |
 | GitHub primary cutover readiness | 0% | `primary_ready_count=0`、`github_primary_switch_authorized=false` | 需 owner、parity、rollback ADR、人工批准全部成立 |
 
-P1 只讀重盤階段整體完成度：`62%`。它代表 freshness / inventory 工作進度，不代表 GitHub primary gate 或 runtime gate 提升。
+P1 只讀重盤階段整體完成度：`64%`。它代表 freshness / inventory / handoff 工作進度，不代表 GitHub primary gate、authenticated inventory gate 或 runtime gate 提升。
 
 ## 6.2 規範分析：已不符合、需新增、需調整
 
@@ -177,7 +178,7 @@ P1 只讀重盤階段整體完成度：`62%`。它代表 freshness / inventory
 | 優先 | 工作 | 內容 | 完成條件 |
 |------|------|------|----------|
 | P1-1 | Source-control refs truth 重產 | 以 2026-06-04 `awoooi` refs refresh 重產 detail diff / truth classification | 新 queue 已改為 `194` items，不再引用舊 `141` 為 current |
-| P1-2 | Gitea authenticated inventory request | 依 S4.5/S4.6/S4.7/S4.9 收只讀 token 或 redacted admin export | 只收 metadata，不保存 token value |
+| P1-2 | Gitea authenticated inventory request | 已補 2026-06-04 request handoff package；S4.9 owner response gate 作先行條件，只讀 token API / redacted admin export 二選一 | 只收 metadata，不保存 token value；received / accepted / imported 全部仍為 0 |
 | P1-3 | GitHub target owner response | 對 7 個 in-scope targets 收 owner / visibility / canonical 決策 | received / accepted 前仍全部 0 |
 | P1-4 | Workflow / runner / secret parity evidence | webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity | redacted evidence refs 完整，secret value 仍拒收 |
 | P1-5 | Primary rollback ADR 補強 | 逐 repo rollback owner、trigger、validation window、fallback role | ADR approved 前不切 primary |
@@ -204,6 +205,8 @@ P1 只讀重盤階段整體完成度：`62%`。它代表 freshness / inventory
 | P1 Gitea repo inventory refresh | user endpoint public-only 2 repos；org endpoint blocked / 404；仍需只讀 token 或 redacted admin export |
 | P1 GitHub target probe refresh | 8 個候選中 5 個可讀、3 個 `not_found_or_private`；`open-design` heads `644` 僅作 external scope |
 | P1 workflow / secret 名稱 refresh | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` |
+| P1-2 Gitea authenticated inventory request handoff | S4.5 request 日期更新為 2026-06-04；補 5 項 dispatch preflight、8 欄 request handoff packet、送後不變條件；payload received / accepted / imported 仍 0 |
+| P1-2 JSON parse / structure check | `gitea-authenticated-inventory-export-request.snapshot.json` 與 schema JSON parse 通過；本段自訂結構檢查 `GITEA_AUTHENTICATED_INVENTORY_HANDOFF_STRUCTURE_OK`；本地無 `jsonschema` / AJV，未跑完整 schema validator |
 | P1 JSON parse | `gitea-github-awoooi-inventory`、`github-target-probe`、`source-control-primary-readiness-gate`、`source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 |
 | P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy；不宣稱新的 production 狀態，沿用 P0 live sanity 作為基準 |