diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index ae92165c..ed9550dc 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,37 @@ +## 2026-06-04|IwoooS P1-2 Gitea Authenticated Inventory Request Handoff + +**背景**:P1 GitHub primary readiness 只讀重盤仍卡在 Gitea authenticated / admin export 全量清冊缺口;public-only user endpoint 只能看到 2 個 repo,本機 remote evidence 至少有 4 個 unique Gitea repos,不能把 public-only 結果當完整清冊。本段補 P1-2 請求交接封套,讓後續 owner / 管理者知道可以提供什麼、禁止提供什麼,以及 S4.9 owner response gate 仍是先行條件。 + +**本輪完成**: +- 先 fast-forward 到 `8c9582f3 chore(cd): deploy b61ee9b [skip ci]`,保留另一個 Session 的 AwoooP controls deploy marker。 +- 更新 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md`:日期改為 2026-06-04,補 P1-2 請求交接封套、5 項送件前條件、8 欄交接欄位與送後不變條件。 +- 更新 `gitea-authenticated-inventory-export-request.snapshot.json`:新增 S4.9 owner response gate 先行條件、handoff ready、5 項 request dispatch preflight、8 欄 request handoff packet;`request_dispatch_authorized=false`、payload received / accepted / imported 皆為 0。 +- 更新 `gitea_authenticated_inventory_export_request_v1.schema.json`:同步納入 request dispatch preflight、request handoff packet 與 post-dispatch invariants,避免 snapshot 與 schema 漂移。 +- 更新 `GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` 與 IwoooS P0/P1 主控總帳:P1 只讀重盤工作完成度從 `62%` 調到 `64%`,但 GitHub primary readiness gate 仍 `0`。 + +**完成度更新**: +- P1-2 Gitea authenticated inventory request handoff:`100%`。 +- P1 GitHub primary readiness 只讀重盤階段:`64%`。 +- GitHub primary readiness gate:`0`。 +- Authenticated inventory gate:仍 blocked;`admin_export_payload_received_count=0`、`admin_export_payload_accepted_count=0`、`inventory_imported_count=0`。 + +**驗證**: +- `python3 -m json.tool docs/security/gitea-authenticated-inventory-export-request.snapshot.json`:通過。 +- `python3 -m json.tool docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json`:通過。 +- 本段自訂結構檢查:`GITEA_AUTHENTICATED_INVENTORY_HANDOFF_STRUCTURE_OK`。 +- `git diff --check`:通過。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .`:`SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .`:`SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- URL credential pattern 檢查:本段異動檔案無命中。 +- Schema validator 限制:本地沒有 Python `jsonschema` 與 Node AJV,未跑完整 JSON Schema validator;已以 JSON parse、自訂結構檢查與既有 guard 補位。 +- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK,未改前端、未部署、未宣稱新的 production 狀態;沿用 P0 `/zh-TW/iwooos` desktop / mobile live sanity 作為基準。 + +**目前邊界**: +- 不收 token value、write credential、DB dump、repo archive、git object pack、deploy key private key、webhook secret 或 runner registration token。 +- 不使用既有可 push credential 當 read-only token。 +- 不建立 GitHub repo、不改 visibility、不同步或刪除 refs、不修改 workflow / secret、不切 GitHub primary、不停 Gitea。 +- P1-2 handoff 只代表請求包可交接;S4.6 import acceptance 與 S4.9 owner response 未通過前,不得把 `gitea_repo_inventory_v1.status` 標記為 `ok`。 + ## 2026-06-04|WOOO Open Design D1 AwoooP 控制項 radius token rollout **背景**:接續 D0 token bridge 與 `design.wooo.work` 採用策略,本段處理 AwoooP operator console 中最明顯的視覺不一致:Runs / Approvals 的 refresh button、select、incident input 與 error surface 仍使用 `rounded-lg / rounded-md`。D1 只做半徑 token 收斂,不改資料鏈路、不改文案、不碰 IwoooS runtime / GitHub primary / S4.9 owner response gate。 diff --git a/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json b/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json index e141bdce..453aaa1b 100644 --- a/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json +++ b/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json @@ -16,6 +16,9 @@ "export_source_options", "required_inventory_fields", "coverage_gap_hints", + "request_dispatch_preflight_checks", + "request_handoff_packet", + "post_dispatch_invariants", "acceptance_rules", "redaction_rules", "forbidden_actions" @@ -63,7 +66,16 @@ "repo_write_allowed", "refs_sync_allowed", "github_primary_switch_authorized", - "action_buttons_allowed" + "action_buttons_allowed", + "s4_9_owner_response_gate_required", + "request_handoff_package_ready", + "request_dispatch_handoff_completion_percent", + "request_packet_field_count", + "request_dispatch_authorized", + "admin_export_payload_received_count", + "admin_export_payload_accepted_count", + "inventory_imported_count", + "runtime_inventory_execution_authorized" ], "properties": { "gitea_base_url": {"type": "string"}, @@ -81,7 +93,20 @@ "repo_write_allowed": {"type": "boolean", "const": false}, "refs_sync_allowed": {"type": "boolean", "const": false}, "github_primary_switch_authorized": {"type": "boolean", "const": false}, - "action_buttons_allowed": {"type": "boolean", "const": false} + "action_buttons_allowed": {"type": "boolean", "const": false}, + "s4_9_owner_response_gate_required": {"type": "boolean", "const": true}, + "request_handoff_package_ready": {"type": "boolean", "const": true}, + "request_dispatch_handoff_completion_percent": { + "type": "integer", + "minimum": 0, + "maximum": 100 + }, + "request_packet_field_count": {"type": "integer", "minimum": 0}, + "request_dispatch_authorized": {"type": "boolean", "const": false}, + "admin_export_payload_received_count": {"type": "integer", "minimum": 0}, + "admin_export_payload_accepted_count": {"type": "integer", "minimum": 0}, + "inventory_imported_count": {"type": "integer", "minimum": 0}, + "runtime_inventory_execution_authorized": {"type": "boolean", "const": false} }, "additionalProperties": false }, @@ -163,6 +188,74 @@ }, "minItems": 1 }, + "request_dispatch_preflight_checks": { + "type": "array", + "items": { + "type": "object", + "required": [ + "check_id", + "display_order", + "check", + "current_status", + "execution_authorized" + ], + "properties": { + "check_id": {"type": "string"}, + "display_order": {"type": "integer", "minimum": 1}, + "check": {"type": "string"}, + "current_status": { + "type": "string", + "enum": ["defined_not_dispatched"] + }, + "execution_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "request_handoff_packet": { + "type": "object", + "required": [ + "request_id", + "prerequisite_gate", + "allowed_source_options", + "recipient_role_or_team_required", + "requested_outputs", + "forbidden_inputs", + "intake_acceptance_ref", + "not_approval", + "execution_authorized" + ], + "properties": { + "request_id": {"type": "string"}, + "prerequisite_gate": {"type": "string"}, + "allowed_source_options": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "recipient_role_or_team_required": {"type": "boolean", "const": true}, + "requested_outputs": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "forbidden_inputs": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "intake_acceptance_ref": {"type": "string"}, + "not_approval": {"type": "boolean", "const": true}, + "execution_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "post_dispatch_invariants": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, "acceptance_rules": { "type": "array", "items": {"type": "string"}, diff --git a/docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md b/docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md index 83c07e3d..f7392f64 100644 --- a/docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md +++ b/docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-05-17 | -| 狀態 | 草案,等待 owner 匯出 / 只讀批准 | +| 日期 | 2026-06-04 | +| 狀態 | 草案與交接封套已整理,等待 S4.9 owner response / 只讀批准 | | 資料契約 | `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json` | | 快照 | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` | | 後續驗收 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` | @@ -24,6 +24,8 @@ S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload S4.7 已補 owner coverage attestation:在補全量清冊前,owner 仍需判定 public-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent sources 的 scope。S4.7 不授權 token 收集、repo 寫入、refs sync 或 primary cutover。 +S4.9 已補 owner response gate 與 2026-06-04 request dispatch preflight 交接包:P1-2 的只讀 token 或 redacted admin export 請求必須等 S4.9 五題 scope decision 進入可審狀態後,才能由人工批准進下一步。這仍不代表 token value 可以被貼到文件、對話、LOGBOOK 或 snapshot。 + ## 1. 摘要 | 指標 | 數量 | @@ -41,6 +43,11 @@ S4.7 已補 owner coverage attestation:在補全量清冊前,owner 仍需判 | 允許 refs sync | `false` | | 授權切換 GitHub primary | `false` | | S4.7 owner attestation items | 5 | +| S4.9 owner response gate required | `true` | +| request handoff package | `ready` | +| request dispatch authorized | `false` | +| admin export payload received | 0 | +| admin export payload accepted | 0 | ## 2. 匯出來源選項 @@ -98,7 +105,38 @@ S4.7 已補 owner coverage attestation:在補全量清冊前,owner 仍需判 6. 不建立 GitHub repo、不 sync refs、不切 GitHub primary。 7. 不把清冊請求當成清冊已完成。 -## 8. 階段定位 +## 8. 2026-06-04 P1-2 請求交接封套 + +本段把 S4.5 認證清冊匯出請求對齊 2026-06-04 的 S4.9 owner response gate。它只代表「請求包可交接」,不代表 owner 已批准、不代表只讀 token 已提供、不代表 redacted admin export 已收到,也不代表 `gitea_repo_inventory_v1.status=ok`。 + +### 8.1 送件前條件 + +| 順序 | 條件 | 完成狀態 | +|------|------|----------| +| 1 | S4.9 五題 owner response request packet 已可交接,且 request / received / accepted 分離 | 已整理,未送件 | +| 2 | 只讀 token 路徑與 redacted admin export 路徑二選一,不要求同時提供 | 已整理,未執行 | +| 3 | 收件欄位只收 repo metadata、redacted URL、owner/team 與 evidence refs | 已整理,未收件 | +| 4 | 禁止 token value、write token、DB dump、git object pack、secret / webhook / deploy key material | 已整理,未收件 | +| 5 | 實際收到 payload 前,received / accepted / imported count 全部維持 0 | 已整理,未收件 | + +### 8.2 交接封套欄位 + +| 欄位 | 內容規則 | +|------|----------| +| `request_id` | `p1_2_gitea_authenticated_inventory_request` | +| `prerequisite_gate` | S4.9 owner response gate 需先保持可審狀態;未通過前不可標記 inventory complete | +| `allowed_source_options` | `readonly_token_api_inventory` 或 `redacted_admin_export_inventory` | +| `recipient_role_or_team` | 只填角色或團隊,不填 token / PAT / cookie / session | +| `requested_outputs` | repo metadata、redacted clone / ssh URL、visibility scope、coverage notes、evidence refs | +| `forbidden_inputs` | token value、write credential、DB dump、repo archive、git object pack、deploy key private key、webhook secret、runner token | +| `intake_acceptance_ref` | `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` | +| `not_approval` | 必須為 `true` | + +### 8.3 送件後不變條件 + +即使後續 owner / 管理者同意提供只讀來源,也只能把狀態推到「等待安全輸入」或「收到脫敏 payload 待驗收」。必須先通過 S4.6 import acceptance,並用 S4.7 / S4.9 owner response 解釋 coverage gap,才可把清冊候選交給 reviewer。任何 repo 建立、refs sync、workflow / secret 修改、GitHub primary cutover、Gitea 停用或 runtime gate 都需要另行人工批准。 + +## 9. 階段定位 S4.5 只是把 Gitea 認證清冊的下一步請求、欄位、拒收規則與驗收 gate 定清楚。 diff --git a/docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md b/docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md index ae22f6f0..0ee2eecd 100644 --- a/docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md +++ b/docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-05-17 | -| 狀態 | 第一版,read-only / export-only | +| 日期 | 2026-06-04 | +| 狀態 | read-only / export-only;P1-2 交接封套已整理 | | 工具 | `scripts/security/gitea-repo-inventory.py` | | 事件 | `gitea_repo_inventory_v1` | | Approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` | @@ -12,6 +12,7 @@ | S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` | | S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` | | S4.9 owner response request packet / 收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` | +| P1-2 request handoff | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` | | 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo | ## 0. 核心結論 @@ -39,6 +40,8 @@ S4.7 已補 `gitea_inventory_coverage_attestation_v1`:owner 必須先對 publi S4.9 已補 `gitea_inventory_owner_attestation_response_v1`:AwoooP 可先顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples 與 8 個 display sections,並用 6 個 collection checks 維持 request / received / accepted 分離;audit event templates 目前全為 `template_only_not_emitted`、0 emitted,只定義 request shown / response received metadata / outcome classified 的脫敏 metadata 欄位;redaction examples 只供 owner 參考安全回覆形狀;display sections 只固定只讀 UI 區塊順序;owner response 必須依 5 個 template 填寫,並先通過 6 個 intake preflight checks、5 個 outcome lanes 與基本驗收,才能把 S4.7 coverage attestation 視為可審 evidence。此 request packet / response 收件包仍不授權 read-only inventory runtime、repo migration、audit production ingestion 或 primary cutover。 +2026-06-04 P1-2 已補 request handoff package:Gitea authenticated inventory request 必須先保留 S4.9 owner response gate 作為先行條件,並將只讀 token API 清冊與 redacted admin export 清冊兩條路徑拆開。交接包只要求 repo metadata、redacted URL、visibility scope、coverage notes 與 evidence refs;token value、write credential、DB dump、repo archive、git object pack、deploy key private key、webhook secret 與 runner registration token 全部拒收。此 handoff 只代表請求包可交接,不代表 payload received / accepted、inventory imported、status=ok、GitHub primary 或 runtime 授權。 + ## 1. Public-only 快照指令 ```bash diff --git a/docs/security/gitea-authenticated-inventory-export-request.snapshot.json b/docs/security/gitea-authenticated-inventory-export-request.snapshot.json index 5c23fba0..8e0402e6 100644 --- a/docs/security/gitea-authenticated-inventory-export-request.snapshot.json +++ b/docs/security/gitea-authenticated-inventory-export-request.snapshot.json @@ -1,7 +1,7 @@ { "schema_version": "gitea_authenticated_inventory_export_request_v1", "status": "draft_waiting_owner_export", - "date": "2026-05-13", + "date": "2026-06-04", "mode": "redacted_export_request_only", "runtime_execution_authorized": false, "source_contract": "gitea_repo_inventory_v1", @@ -26,7 +26,16 @@ "repo_write_allowed": false, "refs_sync_allowed": false, "github_primary_switch_authorized": false, - "action_buttons_allowed": false + "action_buttons_allowed": false, + "s4_9_owner_response_gate_required": true, + "request_handoff_package_ready": true, + "request_dispatch_handoff_completion_percent": 100, + "request_packet_field_count": 8, + "request_dispatch_authorized": false, + "admin_export_payload_received_count": 0, + "admin_export_payload_accepted_count": 0, + "inventory_imported_count": 0, + "runtime_inventory_execution_authorized": false }, "export_source_options": [ { @@ -136,6 +145,79 @@ "execution_authorized": false } ], + "request_dispatch_preflight_checks": [ + { + "check_id": "p1-2-prerequisite-s4-9-owner-response", + "display_order": 1, + "check": "S4.9 五題 owner response request packet 已可交接,且 request / received / accepted 分離。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-2-source-option-selected", + "display_order": 2, + "check": "只讀 token API 清冊或 redacted admin export 清冊二選一,不要求同時提供。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-2-metadata-only-output", + "display_order": 3, + "check": "收件欄位只收 repo metadata、redacted URL、owner/team 與 evidence refs。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-2-forbidden-sensitive-inputs", + "display_order": 4, + "check": "禁止 token value、write token、DB dump、git object pack、secret、webhook、deploy key 或 runner token material。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-2-counts-remain-zero", + "display_order": 5, + "check": "實際收到 payload 前,received / accepted / imported count 全部維持 0。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + } + ], + "request_handoff_packet": { + "request_id": "p1_2_gitea_authenticated_inventory_request", + "prerequisite_gate": "s4_9_owner_response_gate", + "allowed_source_options": [ + "readonly_token_api_inventory", + "redacted_admin_export_inventory" + ], + "recipient_role_or_team_required": true, + "requested_outputs": [ + "repo_metadata", + "redacted_clone_url", + "redacted_ssh_url", + "visibility_scope", + "coverage_notes", + "redacted_evidence_refs" + ], + "forbidden_inputs": [ + "token_value", + "write_credential", + "database_dump", + "repo_archive", + "git_object_pack", + "deploy_key_private_key", + "webhook_secret", + "runner_registration_token" + ], + "intake_acceptance_ref": "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md", + "not_approval": true, + "execution_authorized": false + }, + "post_dispatch_invariants": [ + "同意提供只讀來源只能推到等待安全輸入或收到脫敏 payload 待驗收。", + "S4.6 import acceptance 通過前不得標記 gitea_repo_inventory_v1.status=ok。", + "S4.7 / S4.9 owner response 必須解釋 coverage gap 後,清冊候選才可交給 reviewer。", + "任何 repo 建立、refs sync、workflow / secret 修改、GitHub primary cutover、Gitea 停用或 runtime gate 都需要另行人工批准。" + ], "acceptance_rules": [ "S4.5 完成只代表 Gitea authenticated inventory export request 已定義,不代表 inventory 已取得。", "真正完成 gate 必須讓 `gitea_repo_inventory_v1.status=ok`,且 `visibility_scope` 為 `authenticated` 或 `admin_export`。", diff --git a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md index 6828625b..7504142e 100644 --- a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md +++ b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md @@ -9,7 +9,7 @@ | 工作視窗 | IwoooS / AWOOOI 資安治理 P0 | | 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` | | 本次分支 | `codex/iwooos-governance-p0-20260604` | -| 最新觀察到的 `gitea/main` | `b61ee9b0 feat(web): align AwoooP controls with WOOO radius tokens` | +| 最新觀察到的 `gitea/main` | `8c9582f3 chore(cd): deploy b61ee9b [skip ci]` | | 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` | | 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` | | 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 | @@ -23,7 +23,7 @@ | runtime landing | 40-45% | 否 | production 只讀頁存在,不等於 runtime ingestion 或 execution router | | active runtime gate | 0 | 否 | 必須維持 0,直到獨立人工批准、rollback、post-check 與 guard 成立 | | S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收,不標記 received / accepted | -| GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 62%,不代表可切 primary | +| GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 64%,不代表可切 primary | | Kali 112 維護準備 | 只讀證據已納管,維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan | | 111 / 168 開發主機納管 | observe-only mapping 已有,維護包需補強 | 可補文件,不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 | | VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 | @@ -150,12 +150,13 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count | GitHub target probe refresh | 100% | 8 個候選中 5 個可讀、3 個 `not_found_or_private`;`open-design` heads `644` 只作 external scope evidence | owner / visibility / canonical response 仍待收 | | Workflow / secret 名稱本機 evidence refresh | 100% | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | 補 webhook、runner owner、deploy key、branch protection、secret name parity | | Primary readiness gate 文件更新 | 90% | 已寫入 2026-06-04 refs truth 重產結果與禁止誤讀規則 | 跑 guard 後以 LOGBOOK 封存 | +| Gitea authenticated inventory request handoff | 100% | S4.5 請求已對齊 S4.9 owner response gate,補 5 項 request dispatch preflight、8 欄 handoff packet 與送後不變條件 | 仍未收 token value、未收 payload、未 import inventory;S4.6/S4.9 驗收前不得標記 status=ok | | 全量 Gitea 專案版本盤點 | 25% | 目前仍是 public-only + 本機輔助 evidence | 需只讀 token / admin export;不使用 write credential | | 逐 repo refs truth queue | 100% | S4.11 current queue 已重產為 `194` refs review items:真相來源 `4`、deprecated / archive 候選 `142`、release tag `3`、GitHub-only `20` | 送 owner response;received / accepted 仍維持 0 | | Workflow / runner / secret parity owner response | 15% | 有 local evidence 與 template,但 received / accepted 皆 0 | 只收 redacted metadata,不收 value | | GitHub primary cutover readiness | 0% | `primary_ready_count=0`、`github_primary_switch_authorized=false` | 需 owner、parity、rollback ADR、人工批准全部成立 | -P1 只讀重盤階段整體完成度:`62%`。它代表 freshness / inventory 工作進度,不代表 GitHub primary gate 或 runtime gate 提升。 +P1 只讀重盤階段整體完成度:`64%`。它代表 freshness / inventory / handoff 工作進度,不代表 GitHub primary gate、authenticated inventory gate 或 runtime gate 提升。 ## 6.2 規範分析:已不符合、需新增、需調整 @@ -177,7 +178,7 @@ P1 只讀重盤階段整體完成度:`62%`。它代表 freshness / inventory | 優先 | 工作 | 內容 | 完成條件 | |------|------|------|----------| | P1-1 | Source-control refs truth 重產 | 以 2026-06-04 `awoooi` refs refresh 重產 detail diff / truth classification | 新 queue 已改為 `194` items,不再引用舊 `141` 為 current | -| P1-2 | Gitea authenticated inventory request | 依 S4.5/S4.6/S4.7/S4.9 收只讀 token 或 redacted admin export | 只收 metadata,不保存 token value | +| P1-2 | Gitea authenticated inventory request | 已補 2026-06-04 request handoff package;S4.9 owner response gate 作先行條件,只讀 token API / redacted admin export 二選一 | 只收 metadata,不保存 token value;received / accepted / imported 全部仍為 0 | | P1-3 | GitHub target owner response | 對 7 個 in-scope targets 收 owner / visibility / canonical 決策 | received / accepted 前仍全部 0 | | P1-4 | Workflow / runner / secret parity evidence | webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity | redacted evidence refs 完整,secret value 仍拒收 | | P1-5 | Primary rollback ADR 補強 | 逐 repo rollback owner、trigger、validation window、fallback role | ADR approved 前不切 primary | @@ -204,6 +205,8 @@ P1 只讀重盤階段整體完成度:`62%`。它代表 freshness / inventory | P1 Gitea repo inventory refresh | user endpoint public-only 2 repos;org endpoint blocked / 404;仍需只讀 token 或 redacted admin export | | P1 GitHub target probe refresh | 8 個候選中 5 個可讀、3 個 `not_found_or_private`;`open-design` heads `644` 僅作 external scope | | P1 workflow / secret 名稱 refresh | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | +| P1-2 Gitea authenticated inventory request handoff | S4.5 request 日期更新為 2026-06-04;補 5 項 dispatch preflight、8 欄 request handoff packet、送後不變條件;payload received / accepted / imported 仍 0 | +| P1-2 JSON parse / structure check | `gitea-authenticated-inventory-export-request.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `GITEA_AUTHENTICATED_INVENTORY_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator | | P1 JSON parse | `gitea-github-awoooi-inventory`、`github-target-probe`、`source-control-primary-readiness-gate`、`source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 | | P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy;不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 |