docs(security): add gitea owner response request packet
This commit is contained in:
Your Name
@@ -1,3 +1,18 @@
|
||||
## 2026-05-18 | 資安供應鏈 S4.9:Owner Response Request Packet
|
||||
|
||||
**背景**:S4.13 已把下一個建議收件固定為 S4.9,S4.9 也已有 preflight 與 outcome lanes;本輪補上 AwoooP 可直接顯示給 owner 的 request packet,讓 owner 知道要回覆哪 5 個 templates、可填哪些欄位、evidence 如何脫敏,以及哪些 payload 必須拒收或隔離。
|
||||
|
||||
**完成**:
|
||||
- `gitea_inventory_owner_attestation_response_v1` schema 新增 optional `owner_response_request_packet`,summary 新增 `owner_response_request_packet_count=1`。
|
||||
- `gitea-inventory-owner-attestation-response.snapshot.json` 新增 `s4_9_gitea_owner_attestation_response_request`,固定 requested templates、allowed response fields、evidence ref rules、forbidden payloads、allowed submission modes、`execution_authorized=false` 與 `not_approval=true`。
|
||||
- `source-control-owner-response-guard.py` 反查 S4.9 request packet id、template ids、AwoooP display mode、`execution_authorized=false` 與 `not_approval=true`。
|
||||
- 更新 S4.9 人讀文件、AwoooP checklist、handoff、readiness、manifest、status rollup、dry-run、approval queue / gate / review packet、follow-up runtime gate、primary readiness gate、runbook、read-only approval package 與 progress。
|
||||
|
||||
**仍禁止**:
|
||||
- 不把 request packet 當成 owner response 已收到或 accepted。
|
||||
- 不把 request packet 當成 read-only inventory runtime、repo migration、repo 建立、refs sync、workflow / secret / runner 變更或 GitHub primary approval。
|
||||
- 不收 token value、secret value、private key、cookie、session、DB dump、git object pack、repo archive 或未脫敏 payload。
|
||||
|
||||
## 2026-05-18 | 資安供應鏈 S4.9:Owner Response Outcome Lanes
|
||||
|
||||
**背景**:S4.9 preflight 已能判斷 owner response 是否可收、補證、隔離或拒收;本輪補上 outcome lanes,讓 AwoooP 可以把 preflight 結果穩定顯示成可審、補證、隔離、拒收或等待,不需自行推測 UI / audit 分類。
|
||||
|
||||
@@ -61,6 +61,7 @@
|
||||
"accepted_response_count",
|
||||
"rejected_response_count",
|
||||
"response_template_count",
|
||||
"owner_response_request_packet_count",
|
||||
"intake_preflight_check_count",
|
||||
"intake_outcome_lane_count",
|
||||
"acceptance_check_count",
|
||||
@@ -82,6 +83,7 @@
|
||||
"accepted_response_count": {"type": "integer", "minimum": 0},
|
||||
"rejected_response_count": {"type": "integer", "minimum": 0},
|
||||
"response_template_count": {"type": "integer", "minimum": 0},
|
||||
"owner_response_request_packet_count": {"type": "integer", "minimum": 0},
|
||||
"intake_preflight_check_count": {"type": "integer", "minimum": 0},
|
||||
"intake_outcome_lane_count": {"type": "integer", "minimum": 0},
|
||||
"acceptance_check_count": {"type": "integer", "minimum": 0},
|
||||
@@ -172,6 +174,73 @@
|
||||
},
|
||||
"minItems": 1
|
||||
},
|
||||
"owner_response_request_packet": {
|
||||
"type": "object",
|
||||
"description": "AwoooP 可直接顯示給 owner 的 S4.9 回覆請求;只說明要填什麼與不得貼什麼,不授權任何執行。",
|
||||
"required": [
|
||||
"request_id",
|
||||
"display_status",
|
||||
"requested_packet",
|
||||
"required_response_item_count",
|
||||
"requested_template_ids",
|
||||
"owner_instruction_summary",
|
||||
"allowed_response_fields",
|
||||
"evidence_ref_rules",
|
||||
"forbidden_payloads",
|
||||
"allowed_submission_modes",
|
||||
"awooop_display_mode",
|
||||
"execution_authorized",
|
||||
"not_approval",
|
||||
"still_forbidden"
|
||||
],
|
||||
"properties": {
|
||||
"request_id": {"type": "string"},
|
||||
"display_status": {"type": "string", "enum": ["ready_to_request_owner_response"]},
|
||||
"requested_packet": {"type": "string"},
|
||||
"required_response_item_count": {"type": "integer", "minimum": 0},
|
||||
"requested_template_ids": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"owner_instruction_summary": {"type": "string"},
|
||||
"allowed_response_fields": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"evidence_ref_rules": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"forbidden_payloads": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"allowed_submission_modes": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"awooop_display_mode": {"type": "string", "enum": ["display_owner_response_request_only"]},
|
||||
"execution_authorized": {
|
||||
"type": "boolean",
|
||||
"const": false
|
||||
},
|
||||
"not_approval": {
|
||||
"type": "boolean",
|
||||
"const": true
|
||||
},
|
||||
"still_forbidden": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"intake_preflight_checks": {
|
||||
"type": "array",
|
||||
"description": "AwoooP 收到 S4.9 owner response 前後可執行的只讀 preflight;只分類可收、補證或隔離,不授權任何執行。",
|
||||
|
||||
@@ -45,7 +45,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `source_control_owner_response_validation_rollup_v1` | S4.9 / S4.10 / S4.11 / S4.12 owner response validation rollup | Operator Console、Source-control review、Audit | mirror-only | 只顯示四包 response packets、22 個 templates、missing response lanes、owner response collection order、next collection candidate、10 個 cross-packet checks、quarantine rules 與 latest local validation;不得視為 approval 或 runtime gate |
|
||||
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
|
||||
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
|
||||
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation、S4.9 owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;不保存 token value、不刪除或停用 Gitea repo |
|
||||
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation、S4.9 owner response request packet、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;不保存 token value、不刪除或停用 Gitea repo |
|
||||
| `local_git_remote_inventory_v1` | 本機可見 Git working tree remote | Source-control coverage evidence、migration matrix | mirror-only | 不視為 Gitea server 全量、不修改 remote |
|
||||
| `github_target_probe_v1` | 候選 GitHub repo read-only probe | Migration target evidence | mirror-only | `not_found_or_private` 不等同確認不存在 |
|
||||
| `github_target_decision_v1` | GitHub target 建立與可見性決策草案;S4.10 owner decision response 收件包 | Approval candidate、Migration target evidence | mirror-only | approval 前不得建立 repo、修改 visibility、同步 refs;S4.10 response 目前 0 筆,不代表執行批准 |
|
||||
@@ -118,7 +118,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason,不允許切 primary |
|
||||
| `source_control_migration_event_v1.status=verified` | `approve_required` | 仍需人工批准主控切換 |
|
||||
| `gitea_repo_inventory_v1.status=blocked` | `observe` | 補只讀 token 或管理匯出,不做同步 |
|
||||
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence,顯示 S4.5 export request、S4.6 import acceptance、S4.7 owner attestation request、S4.9 owner response templates、intake preflight checks、outcome lanes 與 coverage gap,不做同步 |
|
||||
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence,顯示 S4.5 export request、S4.6 import acceptance、S4.7 owner attestation request、S4.9 owner response request packet、owner response templates、intake preflight checks、outcome lanes 與 coverage gap,不做同步 |
|
||||
| `gitea_repo_inventory_v1.status=ok` | `warn` | 進入 repo mapping / branch tag diff |
|
||||
| `approval_required_event_v1.requested_action=run_gitea_readonly_inventory` | `approve_required` | 只允許 read-only token 或 redacted admin export,不保存 token value |
|
||||
| `local_git_remote_inventory_v1.status=partial` | `observe` | 補 server-side inventory,不做主控切換 |
|
||||
|
||||
@@ -58,6 +58,8 @@ AwoooP 顯示 S4.13 時,應把 `missing_response_lanes` 當成 Operator Consol
|
||||
|
||||
可同步顯示 `next_collection_candidate`,目前只指向 S4.9 Gitea owner attestation response:需要 5 個 Gitea coverage attestation items、received / accepted 皆為 0、顯示模式為 `display_next_collection_item_only`。這個欄位只提示下一包 response,不是 approval,也不代表 S4.10 / S4.11 / S4.12 可被提前接受。
|
||||
|
||||
S4.9 也提供 1 個 `owner_response_request_packet`:AwoooP 可直接顯示 owner 需要回覆的 5 個 template、允許欄位、脫敏 evidence 規則、禁止 payload 與允許提交模式。這只是收件提示,不是 approval、不授權 inventory、不授權 repo 建立、不授權 refs sync,也不授權切 GitHub primary。
|
||||
|
||||
S4.9 也提供 6 個 `intake_preflight_checks`:已知 item、必填欄位、允許 decision、脫敏 evidence、不得夾帶執行要求、接受前覆蓋五個 items。AwoooP 只能用它判斷可收、補證、隔離或拒收,不得把 preflight pass 當成 inventory runtime、repo migration 或 primary approval。
|
||||
|
||||
同時顯示 5 個 `intake_outcome_lanes`:`ready_for_owner_review`、`request_more_evidence`、`quarantine_sensitive_payload`、`reject_execution_request`、`keep_waiting_owner_response`。這些 lanes 只決定 Operator Console 顯示與 audit 分類,不會讓 received / accepted count 自動增加,也不會解除 S4.13 的 waiting 狀態。
|
||||
@@ -379,7 +381,7 @@ Schema:`docs/schemas/security_mirror_status_rollup_v1.schema.json`
|
||||
|
||||
Snapshot:`docs/security/security-mirror-status-rollup.snapshot.json`
|
||||
|
||||
目前 rollup:`framework_ready_waiting_approval`;35 個 contracts、32 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆、primary ready 0 筆;S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;S4.10 GitHub target owner decision response templates 7 筆、received response 0 筆、accepted response 0 筆;S4.11 refs truth owner response templates 5 筆、received response 0 筆、accepted response 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、S4.9 owner response templates 5 筆、intake preflight checks 6 筆、outcome lanes 5 筆、received response 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆、S4.12 owner response templates 5 筆、received response 0 筆、accepted response 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。
|
||||
目前 rollup:`framework_ready_waiting_approval`;35 個 contracts、32 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆、primary ready 0 筆;S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;S4.10 GitHub target owner decision response templates 7 筆、received response 0 筆、accepted response 0 筆;S4.11 refs truth owner response templates 5 筆、received response 0 筆、accepted response 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、S4.9 owner response request packet 1 筆、S4.9 owner response templates 5 筆、intake preflight checks 6 筆、outcome lanes 5 筆、received response 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆、S4.12 owner response templates 5 筆、received response 0 筆、accepted response 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。
|
||||
|
||||
AwoooP 初期處理方式:只顯示階段狀態、下一個 gate 與禁止事項,可寫入 Audit evidence;不得把 rollup 當 runtime authorization。
|
||||
|
||||
@@ -533,7 +535,7 @@ S4.6 支援性驗收:已新增 `docs/schemas/gitea_authenticated_inventory_imp
|
||||
|
||||
S4.7 支援性 owner attestation:已新增 `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json`、`docs/security/gitea-inventory-coverage-attestation.snapshot.json` 與 `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md`。此 attestation 仍不新增第 36 個主 contract,只定義 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition 的 owner decision;目前 `required_attestation_item_count=5`、`received_attestation_count=0`、`accepted_attestation_count=0`、`runtime_execution_authorized=false`,不得把 attestation request 視為 repo migration approval。
|
||||
|
||||
S4.9 支援性 owner response 收件包:已新增 `docs/schemas/gitea_inventory_owner_attestation_response_v1.schema.json`、`docs/security/gitea-inventory-owner-attestation-response.snapshot.json` 與 `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md`。此 response packet 仍不新增第 36 個主 contract,只定義 owner 回覆 S4.7 五個 items 時的必填欄位、intake preflight checks、outcome lanes、驗收規則、拒收規則與 allowed output;目前 `required_response_item_count=5`、`intake_preflight_check_count=6`、`intake_outcome_lane_count=5`、`received_response_count=0`、`accepted_response_count=0`、`runtime_execution_authorized=false`,不得把 response packet 視為 read-only inventory 已執行、repo migration approval 或 GitHub primary approval。
|
||||
S4.9 支援性 owner response request packet 與收件包:已新增 `docs/schemas/gitea_inventory_owner_attestation_response_v1.schema.json`、`docs/security/gitea-inventory-owner-attestation-response.snapshot.json` 與 `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md`。此 response packet 仍不新增第 36 個主 contract,只定義 AwoooP 可顯示給 owner 的回覆請求、owner 回覆 S4.7 五個 items 時的必填欄位、intake preflight checks、outcome lanes、驗收規則、拒收規則與 allowed output;目前 `owner_response_request_packet_count=1`、`required_response_item_count=5`、`intake_preflight_check_count=6`、`intake_outcome_lane_count=5`、`received_response_count=0`、`accepted_response_count=0`、`runtime_execution_authorized=false`,不得把 request packet 或 response packet 視為 read-only inventory 已執行、repo migration approval 或 GitHub primary approval。
|
||||
|
||||
### `local_git_remote_inventory_v1`
|
||||
|
||||
@@ -908,7 +910,7 @@ Console 初期不提供高風險執行按鈕。
|
||||
|
||||
2026-05-17 S4.8 Gitea owner attestation approval lane 對齊追加:已更新既有 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_review_packet_v1` 與 `security_followup_runtime_gate_v1` 的 Gitea lane,要求 AwoooP 先顯示 S4.7 的 5 個 owner attestation items 與 scope decision evidence。queue / review packet / follow-up template 數量維持 8 / 8 / 8,`active_runtime_gates=0`,不得新增 action button、不得執行 read-only inventory、不得把 owner attestation 視為 repo migration approval 或 GitHub primary approval。
|
||||
|
||||
2026-05-17 S4.9 Gitea owner attestation response 收件包追加:已新增 `docs/schemas/gitea_inventory_owner_attestation_response_v1.schema.json`、`docs/security/gitea-inventory-owner-attestation-response.snapshot.json` 與 `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md`。AwoooP 可顯示 5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks 與 10 個 rejection rules;目前收到 response 0 筆、接受 0 筆,仍不得保存 token value、不得寫 Gitea、不得 sync refs、不得切 GitHub primary。
|
||||
2026-05-17 S4.9 Gitea owner attestation response 收件包追加,2026-05-18 補 owner response request packet:已新增 `docs/schemas/gitea_inventory_owner_attestation_response_v1.schema.json`、`docs/security/gitea-inventory-owner-attestation-response.snapshot.json` 與 `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md`。AwoooP 可顯示 1 個 owner response request packet、5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks 與 10 個 rejection rules;目前收到 response 0 筆、接受 0 筆,仍不得保存 token value、不得寫 Gitea、不得 sync refs、不得切 GitHub primary。
|
||||
|
||||
2026-05-13 Kali 112 live 整合狀態追加:已在授權下登入 `192.168.0.112` 做 read-only 盤點與低風險更新,並新增 `docs/schemas/kali_integration_status_v1.schema.json`、`docs/security/kali-integration-status.snapshot.json` 與 `docs/security/KALI-INTEGRATION-STATUS.md`。Kali Scanner API `/health` healthy、`kali-scanner.service` active/enabled、node-exporter 與 wg-easy container up;已 targeted update `nmap`、`nikto`、`nuclei`、`curl`、`openssl`、CA 套件,安裝 `jq`,時區改為 `Asia/Taipei`,更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence,但不得直接啟動 scan、credentialed scan 或 `/execute`。
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
|
||||
|
||||
這不是實際匯入,也不是宣告 Gitea inventory 完成。它只把未來可接受的 payload 形狀、必要欄位、拒收規則、隔離 lane 與允許輸出先固定下來,避免 owner 提供資料時把 token、DB dump、git object 或 repo 操作要求混進來。
|
||||
|
||||
S4.7 已補 owner coverage attestation,S4.9 已補 owner response 收件包:即使 payload 通過 S4.6,也仍需 owner 依 S4.9 回覆 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition,且 response 通過驗收後,才可把 blocker 往 primary readiness 下一關推進。
|
||||
S4.7 已補 owner coverage attestation,S4.9 已補 owner response request packet 與收件包:即使 payload 通過 S4.6,也仍需 owner 依 S4.9 request packet 回覆 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition,且 response 通過驗收後,才可把 blocker 往 primary readiness 下一關推進。
|
||||
|
||||
## 1. 驗收摘要
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
|
||||
S4.7 補的是「owner 怎麼說明 Gitea 清冊覆蓋缺口」。
|
||||
|
||||
S4.9 已補上 owner response 收件包,規範 owner 回覆這 5 個 items 時的必填欄位、驗收規則與拒收規則;目前仍未收到 response。
|
||||
S4.9 已補上 owner response request packet 與收件包,規範 AwoooP 要如何提示 owner、owner 回覆這 5 個 items 時的必填欄位、驗收規則與拒收規則;目前仍未收到 response。
|
||||
|
||||
目前 `gitea_repo_inventory_v1` 仍是 public-only / partial:未認證公開範圍只看到 2 個 repos,本機 remote evidence 看到 4 個 Gitea unique repos,另有 4 個 110 internal adjacent sources 需要判定是否屬本輪 GitHub migration scope。
|
||||
|
||||
@@ -31,6 +31,7 @@ S4.9 已補上 owner response 收件包,規範 owner 回覆這 5 個 items 時
|
||||
| 已收到 attestation | 0 |
|
||||
| 已接受 attestation | 0 |
|
||||
| 已拒收 attestation | 0 |
|
||||
| S4.9 owner response request packet | 1 |
|
||||
| S4.9 owner response templates | 5 |
|
||||
| 已收到 owner response | 0 |
|
||||
| 未認證公開範圍 repos | 2 |
|
||||
|
||||
@@ -29,6 +29,7 @@ S4.7 已定義要問什麼,S4.8 已把它接到 AwoooP approval lane;S4.9
|
||||
| 已接受 response | 0 |
|
||||
| 已拒收 response | 0 |
|
||||
| response templates | 5 |
|
||||
| owner response request packet | 1 |
|
||||
| intake preflight checks | 6 |
|
||||
| intake outcome lanes | 5 |
|
||||
| acceptance checks | 8 |
|
||||
@@ -50,6 +51,20 @@ S4.7 已定義要問什麼,S4.8 已把它接到 AwoooP approval lane;S4.9
|
||||
5. `evidence_refs`:只能指向 repo 內文件、snapshot 或 owner 提供的脫敏 metadata。
|
||||
6. `followup_owner`:若需要補 evidence,需指定下一個負責角色或團隊。
|
||||
|
||||
## 2.0 Owner Response Request Packet
|
||||
|
||||
AwoooP 可顯示 `owner_response_request_packet` 給 owner,要求只回覆 S4.9 五個 templates:
|
||||
|
||||
1. `response-public-only-vs-local-gitea-gap`
|
||||
2. `response-org-user-endpoint-identity`
|
||||
3. `response-internal-110-adjacent-scope`
|
||||
4. `response-repo-owner-canonical-scope`
|
||||
5. `response-legacy-or-inaccessible-disposition`
|
||||
|
||||
允許填寫的內容只限 owner role/team、decision、decision reason、受影響 repo/source/namespace、canonical source、GitHub target candidate、visibility review owner、脫敏 evidence refs 與 followup owner。
|
||||
|
||||
禁止貼 token、secret、private key、cookie、session、DB dump、git object pack、repo archive、write/admin API request、repo/refs 執行要求或 workflow/secret/runner 執行要求。此 request packet 只是收件提示,不是 approval,也不授權 inventory、migration 或 primary。
|
||||
|
||||
## 2.1 AwoooP 收件前 Preflight
|
||||
|
||||
| 順序 | 檢查 | 失敗處理 |
|
||||
@@ -112,7 +127,7 @@ S4.7 已定義要問什麼,S4.8 已把它接到 AwoooP approval lane;S4.9
|
||||
## 6. AwoooP 可做
|
||||
|
||||
1. 顯示 5 個 owner response templates。
|
||||
2. 顯示 6 個 intake preflight checks、5 個 outcome lanes、acceptance checks 與 rejection rules。
|
||||
2. 顯示 owner response request packet、6 個 intake preflight checks、5 個 outcome lanes、acceptance checks 與 rejection rules。
|
||||
3. 在 owner response 到來後,只更新 read-only snapshot、matrix、decision table、readiness gate 與 status rollup。
|
||||
4. 將不完整或可疑 response 放進 mirror quarantine。
|
||||
5. 持續顯示 `received_response_count=0`、`accepted_response_count=0`,直到真的收到脫敏 response。
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| S4.9 owner response 收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` |
|
||||
| S4.9 owner response request packet / 收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` |
|
||||
| 目的 | 補齊 Gitea private/internal server-side repo list |
|
||||
| 原則 | 低摩擦、只讀、只盤 metadata、不保存 token value、不做同步或主控切換 |
|
||||
|
||||
@@ -35,7 +35,7 @@ S4.6 已補 `gitea_authenticated_inventory_import_acceptance_v1`,把 owner /
|
||||
|
||||
S4.7 已補 `gitea_inventory_coverage_attestation_v1`,把 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition 的 owner decision 正式文件化。attestation 只做 scope 判定,不等於 repo migration 或 primary cutover approval。
|
||||
|
||||
S4.9 已補 `gitea_inventory_owner_attestation_response_v1`,把 owner 回覆 S4.7 五個 items 時的必填欄位、intake preflight checks、outcome lanes、驗收規則與拒收規則正式文件化。response 通過只代表可更新 read-only matrix / decision table,不等於 read-only inventory 已執行。
|
||||
S4.9 已補 `gitea_inventory_owner_attestation_response_v1`,把 AwoooP 可顯示給 owner 的 request packet、owner 回覆 S4.7 五個 items 時的必填欄位、intake preflight checks、outcome lanes、驗收規則與拒收規則正式文件化。request packet 只是填寫提示;response 通過只代表可更新 read-only matrix / decision table,不等於 read-only inventory 已執行。
|
||||
|
||||
## 1. 申請批准的動作
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| S4.9 owner response 收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` |
|
||||
| S4.9 owner response request packet / 收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` |
|
||||
| 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo |
|
||||
|
||||
## 0. 核心結論
|
||||
@@ -37,7 +37,7 @@ S4.6 已補 `gitea_authenticated_inventory_import_acceptance_v1`:收到 owner
|
||||
|
||||
S4.7 已補 `gitea_inventory_coverage_attestation_v1`:owner 必須先對 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition 作 scope decision。此 attestation 仍不授權 token 收集、repo 寫入、refs sync 或 primary cutover。
|
||||
|
||||
S4.9 已補 `gitea_inventory_owner_attestation_response_v1`:owner response 必須依 5 個 template 填寫,並先通過 6 個 intake preflight checks、5 個 outcome lanes 與基本驗收,才能把 S4.7 coverage attestation 視為可審 evidence。此 response 收件包仍不授權 read-only inventory runtime、repo migration 或 primary cutover。
|
||||
S4.9 已補 `gitea_inventory_owner_attestation_response_v1`:AwoooP 可先顯示 1 個 owner response request packet,owner response 必須依 5 個 template 填寫,並先通過 6 個 intake preflight checks、5 個 outcome lanes 與基本驗收,才能把 S4.7 coverage attestation 視為可審 evidence。此 request packet / response 收件包仍不授權 read-only inventory runtime、repo migration 或 primary cutover。
|
||||
|
||||
## 1. Public-only 快照指令
|
||||
|
||||
|
||||
@@ -73,4 +73,4 @@ S3.0 只讓人工批准有一致語言與可稽核格式。
|
||||
|
||||
2026-05-17 S4.8 追加:Gitea gate 的批准範圍已改為 owner attestation 先行。`approve_scope` 最多允許補 S4.7 owner coverage attestation、更新 matrix / decision table,並在後續 runtime gate 準備妥當後才可做一次 read-only inventory;仍不得保存 token value、寫 Gitea、建立 GitHub repo、sync refs 或切 primary。
|
||||
|
||||
2026-05-17 S4.9 追加:Gitea gate 現在要求 owner response 依 S4.9 收件包通過 intake preflight checks、outcome lanes 與基本驗收後,才可把 S4.7 coverage attestation 視為可審 evidence。此驗收仍只更新 read-only matrix / decision table / readiness gate,不授權 inventory runtime、repo migration 或 GitHub primary。
|
||||
2026-05-17 S4.9 追加,2026-05-18 補 request packet:Gitea gate 現在要求 AwoooP 先顯示 S4.9 owner response request packet,並在 owner response 依 S4.9 收件包通過 intake preflight checks、outcome lanes 與基本驗收後,才可把 S4.7 coverage attestation 視為可審 evidence。此驗收仍只更新 read-only matrix / decision table / readiness gate,不授權 inventory runtime、repo migration 或 GitHub primary。
|
||||
|
||||
@@ -71,4 +71,4 @@ S3.0 開始,人工批准範圍由 `security_approval_gate_v1` 承接。S3.1
|
||||
|
||||
2026-05-17 S4.8 追加:Gitea queue item 不新增第 9 筆,而是把既有 `gitea-private-internal-server-side-inventory-2026-05-12` 升級為「S4.7 owner coverage attestation 先行」。AwoooP 應先要求 owner 對 5 個 coverage items 作 scope decision;未完成前不得把 inventory 標記 complete,也不得啟動 read-only token / redacted admin export runtime gate。
|
||||
|
||||
2026-05-17 S4.9 追加:Gitea queue item 仍維持同一筆,新增 owner response 收件包作為 S4.7 的填寫與驗收格式。AwoooP 可顯示 5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks 與 10 個 rejection rules;未收到並驗收 response 前,不得把 owner attestation 視為完成。
|
||||
2026-05-17 S4.9 追加,2026-05-18 補 request packet:Gitea queue item 仍維持同一筆,新增 owner response request packet 與收件包作為 S4.7 的填寫提示與驗收格式。AwoooP 可顯示 1 個 request packet、5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks 與 10 個 rejection rules;未收到並驗收 response 前,不得把 owner attestation 視為完成。
|
||||
|
||||
@@ -71,4 +71,4 @@ S3.2 只補上「讓人好審」的封包,不提高資安阻力。
|
||||
|
||||
2026-05-17 S4.8 追加:Gitea review packet 會顯示 S4.7 的 5 個 owner attestation items、`received_attestation_count=0` 與 `accepted_attestation_count=0`。這讓 reviewer 先判斷 coverage gap 與 scope decision,不會把 read-only inventory approval 誤解成 repo migration 或 GitHub primary approval。
|
||||
|
||||
2026-05-17 S4.9 追加:Gitea review packet 會顯示 S4.9 的 5 個 owner response templates、6 個 intake preflight checks、5 個 outcome lanes、`received_response_count=0`、8 個 acceptance checks 與 10 個 rejection rules。reviewer 應先看 response 是否可審、需補證、需隔離、需拒收或仍需等待,再看 read-only inventory gate;review packet 仍不代表批准,也不授權執行。
|
||||
2026-05-17 S4.9 追加,2026-05-18 補 request packet:Gitea review packet 會顯示 S4.9 的 1 個 owner response request packet、5 個 owner response templates、6 個 intake preflight checks、5 個 outcome lanes、`received_response_count=0`、8 個 acceptance checks 與 10 個 rejection rules。reviewer 應先確認 request packet 只要求脫敏回覆,再看 response 是否可審、需補證、需隔離、需拒收或仍需等待,最後才看 read-only inventory gate;review packet 仍不代表批准,也不授權執行。
|
||||
|
||||
@@ -64,4 +64,4 @@ S3.4 是「批准後仍不能直接做事」的保險絲。
|
||||
|
||||
2026-05-17 S4.8 追加:Gitea follow-up runtime gate 已要求 S4.7 owner coverage attestation 先完成。即使未來 read-only inventory 被批准,仍要先看 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition 的 owner decision;未完成前不得執行 inventory。
|
||||
|
||||
2026-05-17 S4.9 追加:Gitea follow-up runtime gate 已要求 S4.9 owner response 通過 preflight、outcome lane 判定與基本驗收後,才可把 S4.7 owner scope decision 當成 read-only inventory 的前置 evidence。未收到或未驗收 owner response 前,不得執行 inventory,也不得標記 inventory complete。
|
||||
2026-05-17 S4.9 追加,2026-05-18 補 request packet:Gitea follow-up runtime gate 已要求 AwoooP 先顯示 S4.9 owner response request packet,並在 owner response 通過 preflight、outcome lane 判定與基本驗收後,才可把 S4.7 owner scope decision 當成 read-only inventory 的前置 evidence。未收到或未驗收 owner response 前,不得執行 inventory,也不得標記 inventory complete。
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
| `CHECK_ROUTE_COVERAGE` | 確認 route groups 覆蓋所有 contracts | 不建立 fallback execution route |
|
||||
| `CHECK_ACCEPTANCE_AND_QUARANTINE` | 確認驗收與隔離只處理 mirror payload | 不阻擋 runtime |
|
||||
| `CHECK_PROGRESS_GUARD` | 確認 58% 進度估算只作狀態顯示 | 不把進度當 approval 或 runtime authorization |
|
||||
| `CHECK_OWNER_RESPONSE_GUARD` | 確認四包 owner response 仍未收到 / 接受,且 S4.9 preflight / outcome lanes 只分類可審、補證、隔離、拒收或等待 | 不把 guard pass 當成 repo、refs、workflow、secret、runner、primary 或 runtime 授權 |
|
||||
| `CHECK_OWNER_RESPONSE_GUARD` | 確認四包 owner response 仍未收到 / 接受,且 S4.9 request packet / preflight / outcome lanes 只提示 owner、分類可審、補證、隔離、拒收或等待 | 不把 guard pass 當成 repo、refs、workflow、secret、runner、primary 或 runtime 授權 |
|
||||
| `CHECK_LOW_NOISE_CHANNEL` | 確認 Channel Event 低噪音 | 不對 LOW / MEDIUM 洗版 |
|
||||
| `CONFIRM_NO_RUNTIME_ACTION` | 確認 dry-run 沒有任何 runtime action | 不掃描、不 deploy、不 sync refs |
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
| Contract | 狀態 | 原因 | 下一步 |
|
||||
|----------|------|------|--------|
|
||||
| `security_finding_v1` | `partial_ready` | 目前只有 Kali sample snapshot,runtime ingestion 尚未啟用 | 先 review `kali-finding-runtime-ingestion-approval-20260513` |
|
||||
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidence;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation,S4.9 已補 owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆 | 先依 S4.9 收到並驗收 S4.7 owner response,再依 S4.5 請求取得脫敏清冊並用 S4.6 驗收 / 拒收 / 隔離;不保存 token value |
|
||||
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidence;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation,S4.9 已補 owner response request packet、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆 | 先依 S4.9 request packet 要求 owner 回覆並驗收 S4.7 owner response,再依 S4.5 請求取得脫敏清冊並用 S4.6 驗收 / 拒收 / 隔離;不保存 token value |
|
||||
| `coding_task_v1` | `contract_only` | 已有 schema 與 handoff prompt,尚無正式 coding task snapshot | 等 code review 產生實際 task 後再 mirror |
|
||||
|
||||
## 2. AwoooP 鏡像目的地
|
||||
@@ -82,7 +82,7 @@ AwoooP 可以將 ready / partial contracts mirror 到:
|
||||
14. 再 mirror `security_followup_runtime_gate_v1`,只顯示 runtime gate 準備模板、preflight checks 與 rollback / disable requirement。
|
||||
15. 再 mirror `source_control_primary_readiness_gate_v1`,只顯示 GitHub primary parity、owner、rollback 與人工批准缺口。
|
||||
16. 再 mirror `source_control_primary_rollback_adr_v1`,只顯示 7 個 in-scope repo 的 rollback ADR 草案、validation window 與 owner review;不執行 rollback、不切 primary。
|
||||
17. 再 mirror `gitea_repo_inventory_v1`、S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response 收件包,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則、5 個 owner scope decision items、response templates、intake preflight checks 與 outcome lanes;不保存 token value、不寫 Gitea、不 sync refs。
|
||||
17. 再 mirror `gitea_repo_inventory_v1`、S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response request packet / 收件包,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則、5 個 owner scope decision items、request packet、response templates、intake preflight checks 與 outcome lanes;不保存 token value、不寫 Gitea、不 sync refs。
|
||||
18. 再 mirror `source_control_workflow_secret_name_inventory_v1`、S4.2 local evidence 與 S4.3 redacted export request,只顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 local evidence 有 4 個 repos、31 個 workflow files、43 個 referenced secret names,export request 有 7 個 repos、5 類 lanes,不保存 secret value。
|
||||
19. 再 mirror `kali_integration_status_v1` 與 `kali_scan_scope_approval_v1`。
|
||||
20. 最後再 mirror source-control 其他 contracts。
|
||||
|
||||
@@ -30,7 +30,7 @@
|
||||
| Follow-up runtime gate templates | S3.4 已建立;8 個 templates、0 個 active runtime gates |
|
||||
| GitHub primary readiness gate | S4.0 已建立;8 個 candidate repos、7 個 in-scope blocked、0 個 primary ready;S4.10 已補 GitHub target owner decision response 收件包,7 個 response templates、owner response 0 筆;S4.11 已補 refs truth owner response 收件包,5 個 response templates、owner response 0 筆;S4.12 已補 workflow / secret 名稱 owner response 收件包,5 個 response templates、owner response 0 筆;S4.13 已補四包 owner response validation rollup,22 個 templates、received / accepted / rejected 皆為 0 |
|
||||
| GitHub primary rollback ADR | S4.4 已建立;7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed、0 個 active cutover |
|
||||
| Gitea inventory | S4.5 已補認證清冊匯出請求;S4.6 已補匯入驗收契約;S4.7 已補 owner coverage attestation;S4.8 已把既有 Gitea queue/gate/review packet/follow-up gate 對齊 attestation 先行;S4.9 已補 owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、owner response 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
|
||||
| Gitea inventory | S4.5 已補認證清冊匯出請求;S4.6 已補匯入驗收契約;S4.7 已補 owner coverage attestation;S4.8 已把既有 Gitea queue/gate/review packet/follow-up gate 對齊 attestation 先行;S4.9 已補 owner response request packet、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、owner response 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
|
||||
| Workflow / secret name inventory | S4.1 已建立;S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidence;S4.3 補 7 個 repos、5 類 lanes 的 redacted export request;S4.12 補 5 個 owner response templates;0 個 inventory complete、禁止收集 secret value、禁止 write token |
|
||||
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;4 條 missing response lanes、4 步 collection order 與 next collection candidate 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestation;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,不代表 owner response 已收到或任何執行授權 |
|
||||
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
| `security_mirror_status_rollup_v1` | mirror-only | AwoooP / Security Supply Chain 跨 Session 狀態總覽;S4.13 owner response validation rollup 與 next collection candidate | `security-mirror-status-rollup.snapshot.json` / `source-control-owner-response-validation-rollup.snapshot.json` |
|
||||
| `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot |
|
||||
| `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi`、`clawbot-v5`、`wooo-aiops` |
|
||||
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation,S4.9 已補 owner response 收件包、intake preflight checks 與 outcome lanes | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance / S4.7 coverage attestation / S4.9 response snapshots |
|
||||
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation,S4.9 已補 owner response request packet、owner response 收件包、intake preflight checks 與 outcome lanes | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance / S4.7 coverage attestation / S4.9 response snapshots |
|
||||
| `local_git_remote_inventory_v1` | mirror-only | 本機 remote coverage | `local-git-remote-inventory.snapshot.json` |
|
||||
| `github_target_probe_v1` | mirror-only | GitHub target visibility | `github-target-probe.snapshot.json` |
|
||||
| `github_target_decision_v1` | mirror-only | GitHub target 決策;S4.10 已補 owner decision response 收件包 | `github-target-decision.snapshot.json` / `github-target-owner-decision-response.snapshot.json` |
|
||||
@@ -62,7 +62,7 @@
|
||||
3. 將 snapshot mirror 成 Runtime State / Channel Event / Audit evidence。
|
||||
4. 讀到 `source-control-ref-truth-owner-response.snapshot.json` 時,只顯示 S4.11 response templates、acceptance checks 與 rejection rules;不得新增 refs action。
|
||||
5. 讀到 `source-control-owner-response-validation-rollup.snapshot.json` 時,只顯示 S4.9/S4.10/S4.11/S4.12 四個 response packets 的總覽:22 個 templates、received / accepted / rejected 皆為 0、cross-packet checks 10 個;不得把 rollup 當成 approval 或 execution authorization。
|
||||
6. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display;`github_target_decision_v1` 只能顯示 S4.10 owner decision response templates、received_response_count=0、acceptance checks 與 rejection rules,不得觸發 repo creation、visibility change、refs sync 或 primary switch;`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation request、S4.9 owner response 收件包、intake preflight checks、outcome lanes 與覆蓋缺口,不得觸發 token collection 或 Gitea write。
|
||||
6. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display;`github_target_decision_v1` 只能顯示 S4.10 owner decision response templates、received_response_count=0、acceptance checks 與 rejection rules,不得觸發 repo creation、visibility change、refs sync 或 primary switch;`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation request、S4.9 owner response request packet、owner response 收件包、intake preflight checks、outcome lanes 與覆蓋缺口,不得觸發 token collection 或 Gitea write。
|
||||
7. 不新增執行按鈕,不做 runtime enforcement。
|
||||
|
||||
## 3. 永久禁止
|
||||
|
||||
@@ -65,7 +65,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
| S4.6 Gitea 認證清冊匯入驗收契約 | 完成草案 | 已建立匯入驗收 schema / snapshot / 人讀版;目前 received payload 0、accepted 0、rejected 0;定義 10 個驗收檢查、10 個拒收規則與 4 個 quarantine lanes | owner 提供脫敏 payload 後先驗收 / 拒收 / 隔離;仍不可把驗收當 primary approval |
|
||||
| S4.7 Gitea 清冊覆蓋 Owner Attestation | 完成草案 | 已建立 coverage attestation schema / snapshot / 人讀版;5 個 owner decision items、received attestation 0、accepted 0、execution authorized=false | owner 判定 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition;仍不可把 attestation 當 migration approval |
|
||||
| S4.8 Gitea Owner Attestation Approval Lane 對齊 | 完成草案 | 已將既有 Gitea approval queue / gate / review packet / follow-up runtime gate 對齊 S4.7 先行條件;queue items 維持 8、review packets 維持 8、active runtime gates 維持 0 | AwoooP 先顯示 5 個 attestation items,owner decision 接受前不得執行 read-only inventory 或標記 complete |
|
||||
| S4.9 Gitea Owner Attestation Response 收件包 | 完成草案 | 已建立 owner response schema / snapshot / 人讀版;5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false | owner 依模板回覆 S4.7 五個 items;AwoooP 先用 preflight / outcome lanes 判斷可審、補證、隔離、拒收或等待;response 通過只更新 read-only matrix / decision table / readiness gate,不代表 inventory 執行或 primary approval |
|
||||
| S4.9 Gitea Owner Attestation Response 收件包 | 完成草案 | 已建立 owner response schema / snapshot / 人讀版;1 個 owner response request packet、5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false | owner 依 request packet 與模板回覆 S4.7 五個 items;AwoooP 先用 preflight / outcome lanes 判斷可審、補證、隔離、拒收或等待;response 通過只更新 read-only matrix / decision table / readiness gate,不代表 inventory 執行或 primary approval |
|
||||
| S4.10 GitHub Target Owner Decision Response 收件包 | 完成草案 | 已建立 owner decision response schema / snapshot / 人讀版;7 個 response templates、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false | owner 依模板回覆 7 個 GitHub target 的 owner / visibility / canonical;response 通過只更新 read-only decision table / approval package / approval board / readiness gate,不代表 repo creation、visibility change、refs sync 或 primary approval |
|
||||
| S4.11 Source Control Ref Truth Owner Response 收件包 | 完成草案 | 已建立 owner response schema / snapshot / 人讀版;5 個 response templates、8 個 acceptance checks、10 個 rejection rules、total ref review items 141、received response 0、accepted 0、execution authorized=false | owner 依模板回覆 main/dev truth、deprecated drift、release tag、GitHub-only refs;response 通過只更新 read-only classification / reconcile / readiness wording,不代表 refs sync、delete、force push 或 primary approval |
|
||||
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證,rollback ADR 仍待 owner approval | SHA/tag/workflow parity、rollback ADR owner approval 與 runtime gate |
|
||||
@@ -188,6 +188,6 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
5. 依 S4.13 `SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md` 集中檢查 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets;rollup 通過也只更新 read-only wording,不代表 approval 或 execution authorization。
|
||||
6. 對 `ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
|
||||
7. 依 `KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`。
|
||||
8. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1`、`security_mirror_status_rollup_v1`、S4.13 `source_control_owner_response_validation_rollup_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response 收件包,GitHub target 決策需同時顯示 S4.10 owner decision response templates,refs truth 需同時顯示 S4.11 owner response templates,workflow / secret inventory 需同時顯示 S4.3 redacted export request 與 S4.12 owner response templates,primary readiness 需同時顯示 S4.4 rollback ADR 草案。
|
||||
8. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1`、`security_mirror_status_rollup_v1`、S4.13 `source_control_owner_response_validation_rollup_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response request packet / 收件包,GitHub target 決策需同時顯示 S4.10 owner decision response templates,refs truth 需同時顯示 S4.11 owner response templates,workflow / secret inventory 需同時顯示 S4.3 redacted export request 與 S4.12 owner response templates,primary readiness 需同時顯示 S4.4 rollback ADR 草案。
|
||||
9. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy,不做 runtime blocking。
|
||||
10. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1`、`source_control_workflow_secret_name_inventory_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、S4.9 owner response templates、S4.10 GitHub target owner response templates、S4.11 refs truth owner response templates、S4.12 workflow / secret 名稱 owner response templates、S4.13 owner response validation rollup、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。
|
||||
10. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1`、`source_control_workflow_secret_name_inventory_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、S4.9 owner response request packet、S4.9 owner response templates、S4.10 GitHub target owner response templates、S4.11 refs truth owner response templates、S4.12 workflow / secret 名稱 owner response templates、S4.13 owner response validation rollup、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。
|
||||
|
||||
@@ -92,7 +92,7 @@ S4.13 不新增第 36 個主 contract,不新增 approval item,不啟用 runt
|
||||
|
||||
`next_collection_candidate` 只讓 AwoooP Operator Console 顯示「現在先收 S4.9」。它不是批准、不是執行排程,也不是後續 S4.10 / S4.11 / S4.12 已可接受的訊號。
|
||||
|
||||
AwoooP 顯示 S4.9 時,應同步讀取 `gitea-inventory-owner-attestation-response.snapshot.json` 的 6 個 intake preflight checks 與 5 個 outcome lanes;preflight / outcome 只分類可審、補證、隔離、拒收或等待,不代表 owner response accepted。
|
||||
AwoooP 顯示 S4.9 時,應同步讀取 `gitea-inventory-owner-attestation-response.snapshot.json` 的 1 個 owner response request packet、6 個 intake preflight checks 與 5 個 outcome lanes;request packet 只提示 owner 要填什麼與不得貼什麼,preflight / outcome 只分類可審、補證、隔離、拒收或等待,不代表 owner response accepted。
|
||||
|
||||
## 3. Cross-Packet 驗收規則
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@
|
||||
|
||||
| Gate | 目前狀態 | 說明 |
|
||||
|------|----------|------|
|
||||
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成;S4.7 owner coverage attestation 與 S4.9 owner response 仍未收到;S4.13 已集中顯示四包 owner response validation,但 total accepted response 仍為 0 |
|
||||
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成;S4.9 owner response request packet 已可顯示,但 S4.7 owner coverage attestation response 仍未收到;S4.13 已集中顯示四包 owner response validation,但 total accepted response 仍為 0 |
|
||||
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs drift;S4.11 已補 refs truth owner response 收件包,received / accepted response 皆為 0 |
|
||||
| workflow / runner / secret name parity | missing evidence | S4.1 已建立 inventory 契約;S4.12 已補 owner response 收件包,received / accepted response 皆為 0;尚未有實際 redacted workflow、webhook、runner、secret 名稱 snapshot |
|
||||
| owner / visibility / canonical | pending review | 7 個 in-scope targets 仍需人工決策;S4.10 已補 owner response 收件包,received / accepted response 皆為 0 |
|
||||
@@ -48,7 +48,7 @@
|
||||
1. 顯示每個 repo 的 readiness state、blockers 與 evidence refs。
|
||||
2. 顯示 `primary_ready_count=0`。
|
||||
3. 將 7 個 in-scope repos 維持在 approval / review lane。
|
||||
4. 顯示哪些 evidence 仍缺:Gitea authenticated inventory、S4.7 owner coverage attestation、S4.9 owner response、S4.10 GitHub target owner response、S4.11 refs truth owner response、S4.12 workflow / secret name owner response、S4.13 validation rollup、workflow/runner/secret name inventory、rollback ADR。
|
||||
4. 顯示哪些 evidence 仍缺:Gitea authenticated inventory、S4.7 owner coverage attestation、S4.9 owner response request packet / owner response、S4.10 GitHub target owner response、S4.11 refs truth owner response、S4.12 workflow / secret name owner response、S4.13 validation rollup、workflow/runner/secret name inventory、rollback ADR。
|
||||
5. 連到 S4.10 `github_target_owner_decision_response_v1` 顯示 7 個 owner decision response templates、8 個 acceptance checks、10 個 rejection rules,且 received / accepted response 皆為 0。
|
||||
6. 連到 S4.11 `source_control_ref_truth_owner_response_v1` 顯示 5 個 refs owner response templates、8 個 acceptance checks、10 個 rejection rules,且 received / accepted response 皆為 0。
|
||||
7. 連到 `source_control_workflow_secret_name_inventory_v1` 顯示 8 個 candidate repos 的 inventory lane 缺口與 S4.2 local evidence;只保存 secret 名稱與 owner,不保存 value。
|
||||
@@ -71,6 +71,6 @@
|
||||
|
||||
S4.0 只是把「切換前一定要看見什麼」先定義清楚。
|
||||
|
||||
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。S4.7 已補上 Gitea coverage owner attestation,S4.9 已補上 Gitea owner response 收件包、preflight 與 outcome lanes,S4.10 已補上 GitHub target owner decision response 收件包,S4.11 已補上 refs truth owner response 收件包,S4.12 已補上 workflow / secret 名稱 owner response 收件包,S4.13 已補上四包 owner response validation rollup;它們只是 scope decision、response 收件與驗收框架,不是 migration approval、repo creation approval、visibility change approval、refs sync approval、delete approval、force-push approval、secret value collection approval、workflow modification approval 或 primary approval。`owner_approved_count=0`、`dry_run_completed_count=0`、`active_cutover_count=0`。
|
||||
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。S4.7 已補上 Gitea coverage owner attestation,S4.9 已補上 Gitea owner response request packet、收件包、preflight 與 outcome lanes,S4.10 已補上 GitHub target owner decision response 收件包,S4.11 已補上 refs truth owner response 收件包,S4.12 已補上 workflow / secret 名稱 owner response 收件包,S4.13 已補上四包 owner response validation rollup;它們只是 scope decision、response 收件提示與驗收框架,不是 migration approval、repo creation approval、visibility change approval、refs sync approval、delete approval、force-push approval、secret value collection approval、workflow modification approval 或 primary approval。`owner_approved_count=0`、`dry_run_completed_count=0`、`active_cutover_count=0`。
|
||||
|
||||
這讓長期回到 GitHub 的方向可以繼續往前,但仍維持低摩擦:目前只 mirror、只顯示、只留痕,不執行。
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
"accepted_response_count": 0,
|
||||
"rejected_response_count": 0,
|
||||
"response_template_count": 5,
|
||||
"owner_response_request_packet_count": 1,
|
||||
"intake_preflight_check_count": 6,
|
||||
"intake_outcome_lane_count": 5,
|
||||
"acceptance_check_count": 8,
|
||||
@@ -240,6 +241,64 @@
|
||||
"execution_authorized": false
|
||||
}
|
||||
],
|
||||
"owner_response_request_packet": {
|
||||
"request_id": "s4_9_gitea_owner_attestation_response_request",
|
||||
"display_status": "ready_to_request_owner_response",
|
||||
"requested_packet": "docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md",
|
||||
"required_response_item_count": 5,
|
||||
"requested_template_ids": [
|
||||
"response-public-only-vs-local-gitea-gap",
|
||||
"response-org-user-endpoint-identity",
|
||||
"response-internal-110-adjacent-scope",
|
||||
"response-repo-owner-canonical-scope",
|
||||
"response-legacy-or-inaccessible-disposition"
|
||||
],
|
||||
"owner_instruction_summary": "請 owner 只依 S4.9 五個 templates 回覆 scope / canonical / disposition 判定,並只引用脫敏 evidence refs;不要貼 token、secret、DB dump、git object 或任何可執行 payload。",
|
||||
"allowed_response_fields": [
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_repos_or_sources_or_namespace",
|
||||
"canonical_source_or_namespace",
|
||||
"github_target_candidate",
|
||||
"visibility_review_owner",
|
||||
"evidence_refs",
|
||||
"followup_owner"
|
||||
],
|
||||
"evidence_ref_rules": [
|
||||
"只允許 repo 內既有文件或 snapshot 路徑",
|
||||
"owner 外部 evidence 必須先脫敏並只提供 metadata pointer",
|
||||
"不得提供 token value、secret value、private clone URL credential、cookie、session 或截圖中的敏感值",
|
||||
"不確定是否含敏感值時先走 quarantine,不得直接貼入 response"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"token_value",
|
||||
"secret_value",
|
||||
"private_key",
|
||||
"cookie_or_session",
|
||||
"db_dump",
|
||||
"git_object_pack",
|
||||
"repo_archive",
|
||||
"write_or_admin_api_request",
|
||||
"repo_or_refs_execution_request",
|
||||
"workflow_secret_runner_execution_request"
|
||||
],
|
||||
"allowed_submission_modes": [
|
||||
"read_only_markdown_response",
|
||||
"redacted_metadata_pointer",
|
||||
"request_more_evidence"
|
||||
],
|
||||
"awooop_display_mode": "display_owner_response_request_only",
|
||||
"execution_authorized": false,
|
||||
"not_approval": true,
|
||||
"still_forbidden": [
|
||||
"store_token_value",
|
||||
"write_gitea_repo",
|
||||
"create_github_repo",
|
||||
"sync_refs",
|
||||
"switch_github_primary"
|
||||
]
|
||||
},
|
||||
"intake_preflight_checks": [
|
||||
{
|
||||
"check_id": "preflight-known-attestation-item",
|
||||
|
||||
@@ -98,7 +98,7 @@
|
||||
],
|
||||
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
|
||||
"allowed_after_approval": [
|
||||
"先依 S4.9 收到並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response,保留 scope decision evidence",
|
||||
"先依 S4.9 request packet 要求 owner 回覆,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response,保留 scope decision evidence",
|
||||
"使用 read-only token 或 redacted admin export 補齊 repo list",
|
||||
"只保存 token_present=true/false",
|
||||
"更新 migration matrix 與 repo decision table"
|
||||
@@ -108,7 +108,7 @@
|
||||
"使用 write-capable token",
|
||||
"未完成 S4.7 owner attestation 就標記 inventory complete",
|
||||
"把 owner attestation 當成 repo migration 或 primary cutover approval",
|
||||
"把 S4.9 owner response packet 當成 inventory 執行授權",
|
||||
"把 S4.9 owner response request packet 或 response packet 當成 inventory 執行授權",
|
||||
"建立 GitHub repo",
|
||||
"sync refs",
|
||||
"切 GitHub primary"
|
||||
|
||||
@@ -82,7 +82,7 @@
|
||||
"risk": "MEDIUM",
|
||||
"state": "pending_approval",
|
||||
"recommended_awooop_mode": "approve_required",
|
||||
"requested_decision": "是否先要求 owner 依 S4.9 response 收件包完成 S4.7 coverage attestation,並在 scope decision 被接受後,批准使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
|
||||
"requested_decision": "是否先要求 owner 依 S4.9 owner response request packet / response 收件包完成 S4.7 coverage attestation,並在 scope decision 被接受後,批准使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
|
||||
"blocked_until_approved": true,
|
||||
"required_reviewers": [
|
||||
"migration-engineer",
|
||||
@@ -101,7 +101,7 @@
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
|
||||
],
|
||||
"allowed_after_approval": [
|
||||
"先依 S4.9 收到並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response,更新 migration matrix 與 decision table",
|
||||
"先依 S4.9 request packet 要求 owner 回覆,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response,更新 migration matrix 與 decision table",
|
||||
"使用 read-only token 或 redacted admin export 執行一次 inventory",
|
||||
"只保存 token_present=true/false",
|
||||
"更新 migration matrix 與 repo decision table"
|
||||
@@ -111,7 +111,7 @@
|
||||
"使用 write-capable token",
|
||||
"未完成 S4.7 owner attestation 就標記 inventory complete",
|
||||
"把 S4.7 owner attestation 當成 repo migration approval",
|
||||
"把 S4.9 owner response packet 當成 inventory 執行授權",
|
||||
"把 S4.9 owner response request packet 或 response packet 當成 inventory 執行授權",
|
||||
"建立 GitHub repo",
|
||||
"sync refs",
|
||||
"切 GitHub primary"
|
||||
|
||||
@@ -106,7 +106,7 @@
|
||||
"risk": "MEDIUM",
|
||||
"review_state": "ready_for_human_review",
|
||||
"review_lane": "read_only_inventory_review",
|
||||
"requested_decision": "是否先要求 owner 依 S4.9 response 收件包完成 S4.7 coverage attestation,並在 scope decision 被接受後,才允許 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
|
||||
"requested_decision": "是否先要求 owner 依 S4.9 owner response request packet / response 收件包完成 S4.7 coverage attestation,並在 scope decision 被接受後,才允許 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
|
||||
"required_reviewers": [
|
||||
"migration-engineer",
|
||||
"security-commander",
|
||||
@@ -127,12 +127,12 @@
|
||||
"allowed_pre_decision_actions": [
|
||||
"顯示 public-only 與 blocked endpoint evidence",
|
||||
"顯示 S4.7 的 5 個 owner attestation items 與 received_attestation_count=0",
|
||||
"顯示 S4.9 的 5 個 owner response templates、6 個 intake preflight checks、5 個 outcome lanes、received_response_count=0 與 rejection rules",
|
||||
"顯示 S4.9 的 1 個 owner response request packet、5 個 owner response templates、6 個 intake preflight checks、5 個 outcome lanes、received_response_count=0 與 rejection rules",
|
||||
"要求 owner 確認 read-only token 或 redacted export 來源",
|
||||
"不保存 token value"
|
||||
],
|
||||
"allowed_after_decision_actions": [
|
||||
"若 approve_scope,先依 S4.9 收到並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner response,再更新 attestation evidence 與 scope decision",
|
||||
"若 approve_scope,先依 S4.9 request packet 要求 owner 回覆,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner response,再更新 attestation evidence 與 scope decision",
|
||||
"若 approve_scope,只能做一次 read-only inventory 或匯入 redacted export",
|
||||
"更新 migration matrix 與 repo decision table"
|
||||
],
|
||||
@@ -141,7 +141,7 @@
|
||||
"使用 write-capable token",
|
||||
"未完成 owner attestation 就標記 inventory complete",
|
||||
"把 owner attestation 當成 repo migration 或 primary approval",
|
||||
"把 S4.9 owner response packet 當成 inventory 執行授權",
|
||||
"把 S4.9 owner response request packet 或 response packet 當成 inventory 執行授權",
|
||||
"建立 GitHub repo",
|
||||
"sync refs",
|
||||
"切 GitHub primary"
|
||||
|
||||
@@ -112,7 +112,7 @@
|
||||
"gate_state": "waiting_approved_scope",
|
||||
"applies_after_decision": "approve_scope",
|
||||
"minimum_required_evidence": [
|
||||
"S4.9 owner response 已完成 intake preflight、outcome lane 判定與驗收,且 S4.7 owner coverage attestation 的 5 個 items 都有 scope decision",
|
||||
"S4.9 owner response request packet 已顯示,owner response 已完成 intake preflight、outcome lane 判定與驗收,且 S4.7 owner coverage attestation 的 5 個 items 都有 scope decision",
|
||||
"read-only token scope 或 redacted admin export 來源",
|
||||
"token_present=true/false,不保存 token value",
|
||||
"allowed export fields checklist",
|
||||
@@ -124,7 +124,7 @@
|
||||
"human-owner"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"確認 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition 已依 S4.9 response template 由 owner 判定",
|
||||
"確認 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition 已依 S4.9 request packet / response template 由 owner 判定",
|
||||
"確認 token 不具 write 權限",
|
||||
"確認不保存 token value",
|
||||
"確認 export 不含 webhook secret / deploy key private key / repository secret value",
|
||||
@@ -140,7 +140,7 @@
|
||||
"rollback_or_disable_requirement": "read-only token 必須可撤銷;admin export 必須可刪除本地暫存原檔,只保留 redacted snapshot。",
|
||||
"still_forbidden": [
|
||||
"未完成 S4.7 owner attestation 就執行 inventory",
|
||||
"未完成 S4.9 owner response 驗收就執行 inventory",
|
||||
"未完成 S4.9 owner response request packet 顯示與 owner response 驗收就執行 inventory",
|
||||
"使用 write-capable token",
|
||||
"建立 GitHub repo",
|
||||
"sync refs",
|
||||
|
||||
@@ -107,7 +107,7 @@
|
||||
},
|
||||
{
|
||||
"step_id": "CHECK_OWNER_RESPONSE_GUARD",
|
||||
"expected_observation": "AwoooP dry-run 必須確認 S4.9 / S4.10 / S4.11 / S4.12 四包 owner response 仍為 waiting_owner_response,received / accepted 皆為 0,且 S4.9 intake preflight / outcome lanes 只分類可審、補證、隔離、拒收或等待,不能解鎖 repo、refs、workflow、secret、runner、GitHub primary 或 runtime action。",
|
||||
"expected_observation": "AwoooP dry-run 必須確認 S4.9 / S4.10 / S4.11 / S4.12 四包 owner response 仍為 waiting_owner_response,received / accepted 皆為 0,且 S4.9 owner response request packet / intake preflight / outcome lanes 只提示 owner、分類可審、補證、隔離、拒收或等待,不能解鎖 repo、refs、workflow、secret、runner、GitHub primary 或 runtime action。",
|
||||
"evidence_refs": [
|
||||
"docs/security/source-control-owner-response-validation-rollup.snapshot.json",
|
||||
"docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md",
|
||||
|
||||
@@ -251,7 +251,7 @@
|
||||
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md",
|
||||
"docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md"
|
||||
],
|
||||
"notes": "目前仍是 public-only / blocked endpoint evidence;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request,S4.9 已補 owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;private/internal 全量需 approval、脫敏 payload 驗收與 owner scope decision。"
|
||||
"notes": "目前仍是 public-only / blocked endpoint evidence;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request,S4.9 已補 owner response request packet、owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;private/internal 全量需 approval、脫敏 payload 驗收與 owner scope decision。"
|
||||
},
|
||||
{
|
||||
"contract": "local_git_remote_inventory_v1",
|
||||
|
||||
@@ -143,8 +143,8 @@
|
||||
{
|
||||
"phase_id": "S4_migration_execution",
|
||||
"state": "not_started",
|
||||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance;S4.7 已補 owner coverage attestation request;S4.9 已補 Gitea owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;S4.10 已補 GitHub target owner decision response intake packet;S4.11 已補 refs truth owner response intake packet;S4.12 已補 workflow / secret 名稱 owner response intake packet;S4.13 已補四包 owner response validation rollup,彙整 22 個 templates、received=0、accepted=0,並標示 next_collection_candidate=S4.9,但 inventory status 仍 partial,GitHub target / refs truth / workflow-secret response 仍 0 筆。",
|
||||
"next_gate": "依 S4.13 先集中檢查四包 owner response validation 狀態,AwoooP 只顯示 next_collection_candidate=S4.9 Gitea owner attestation;再依 S4.9 收到並驗收 S4.7 Gitea owner response、依 S4.10 收到並驗收 7 個 GitHub target owner / visibility / canonical response、依 S4.11 收到並驗收 5 個 refs truth owner response templates、依 S4.12 收到並驗收 5 個 workflow / secret 名稱 owner response templates、authenticated inventory payload 通過 S4.6 驗收、rollback ADR owner approval 與逐 repo 人工批准。"
|
||||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance;S4.7 已補 owner coverage attestation request;S4.9 已補 Gitea owner response request packet、owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;S4.10 已補 GitHub target owner decision response intake packet;S4.11 已補 refs truth owner response intake packet;S4.12 已補 workflow / secret 名稱 owner response intake packet;S4.13 已補四包 owner response validation rollup,彙整 22 個 templates、received=0、accepted=0,並標示 next_collection_candidate=S4.9,但 inventory status 仍 partial,GitHub target / refs truth / workflow-secret response 仍 0 筆。",
|
||||
"next_gate": "依 S4.13 先集中檢查四包 owner response validation 狀態,AwoooP 只顯示 next_collection_candidate=S4.9 Gitea owner attestation,並依 S4.9 owner response request packet 要求 owner 回覆;再依 S4.9 收到並驗收 S4.7 Gitea owner response、依 S4.10 收到並驗收 7 個 GitHub target owner / visibility / canonical response、依 S4.11 收到並驗收 5 個 refs truth owner response templates、依 S4.12 收到並驗收 5 個 workflow / secret 名稱 owner response templates、authenticated inventory payload 通過 S4.6 驗收、rollback ADR owner approval 與逐 repo 人工批准。"
|
||||
}
|
||||
],
|
||||
"next_safe_actions": [
|
||||
@@ -254,7 +254,7 @@
|
||||
"allowed_processing": [
|
||||
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation request 與 coverage gap",
|
||||
"顯示 5 個 owner attestation items、received_attestation_count=0 與 accepted_attestation_count=0",
|
||||
"顯示 S4.9 owner response templates、intake preflight checks、outcome lanes、received_response_count=0 與 rejection rules",
|
||||
"顯示 S4.9 owner response request packet、owner response templates、intake preflight checks、outcome lanes、received_response_count=0 與 rejection rules",
|
||||
"在 security_approval_queue_v1、security_approval_gate_v1、security_approval_review_packet_v1 與 security_followup_runtime_gate_v1 中顯示 S4.7 owner attestation 先行條件",
|
||||
"使用 read-only token 或 redacted admin export 補齊 repo list",
|
||||
"收到 payload 後只做 schema / redaction / coverage gap 驗收與隔離",
|
||||
@@ -265,7 +265,7 @@
|
||||
"保存 token value",
|
||||
"使用 write-capable token",
|
||||
"未完成 S4.7 owner attestation 就標記 inventory complete",
|
||||
"把 S4.9 owner response packet 當成 read-only inventory 已執行或 primary approval",
|
||||
"把 S4.9 owner response request packet 或 response packet 當成 read-only inventory 已執行或 primary approval",
|
||||
"把 S4.7 owner attestation request 當成 repo migration approval",
|
||||
"把 S4.6 payload 驗收當成 primary approval",
|
||||
"建立 GitHub repo 或 sync refs"
|
||||
@@ -397,7 +397,7 @@
|
||||
"S4.6 只新增 Gitea redacted import acceptance;received_payload_count=0、accepted_payload_count=0,不匯入 DB dump/git object、不寫 Gitea、不切 primary。",
|
||||
"S4.7 只新增 Gitea owner coverage attestation request;required_attestation_item_count=5、received_attestation_count=0,不把 attestation 當 migration approval。",
|
||||
"S4.8 只把既有 Gitea approval queue/gate/review packet/follow-up gate 對齊 S4.7 先行條件;approval_queue_total 仍為 8、active_runtime_gates 仍為 0,不新增執行入口。",
|
||||
"S4.9 只新增 Gitea owner attestation response 收件包;required_response_item_count=5、received_response_count=0、accepted_response_count=0,不把 response packet 當 inventory 執行或 primary approval。",
|
||||
"S4.9 只新增 Gitea owner attestation response request packet 與 response 收件包;owner_response_request_packet_count=1、required_response_item_count=5、received_response_count=0、accepted_response_count=0,不把 request packet 或 response packet 當 inventory 執行或 primary approval。",
|
||||
"S4.10 只新增 GitHub target owner decision response 收件包;response_template_count=7、received_response_count=0、accepted_response_count=0,不把 response packet 當 repo creation、visibility change、refs sync 或 GitHub primary approval。",
|
||||
"S4.11 只新增 refs truth owner response 收件包;response_template_count=5、received_response_count=0、accepted_response_count=0,不把 response packet 當 refs sync、delete、force push 或 GitHub primary approval。",
|
||||
"S4.12 只新增 workflow / secret 名稱 owner response 收件包;response_template_count=5、received_response_count=0、accepted_response_count=0,不把 response packet 當 secret value collection、workflow modification、GitHub hosted runner enablement 或 GitHub primary approval。",
|
||||
|
||||
@@ -408,7 +408,7 @@
|
||||
"display_owner_attestation_response_packet"
|
||||
],
|
||||
"forbidden_actions": ["store_token_value", "write_to_gitea", "delete_or_archive_repo"],
|
||||
"notes": "目前是 partial/public_only;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request,S4.9 已補 owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;private/internal 全量仍需批准後補齊。"
|
||||
"notes": "目前是 partial/public_only;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request,S4.9 已補 owner response request packet、owner response intake packet、6 個 intake preflight checks 與 5 個 outcome lanes;private/internal 全量仍需批准後補齊。"
|
||||
},
|
||||
{
|
||||
"contract": "local_git_remote_inventory_v1",
|
||||
|
||||
@@ -256,7 +256,7 @@
|
||||
"readiness_effects": [
|
||||
{
|
||||
"effect_id": "gitea_owner_response_accepted",
|
||||
"when_all_checks_pass": "S4.9 5 個 response templates 全部接受,且 S4.6 redacted payload 仍需另外驗收。",
|
||||
"when_all_checks_pass": "S4.9 request packet 已顯示且 5 個 response templates 全部接受,且 S4.6 redacted payload 仍需另外驗收。",
|
||||
"allowed_update": "只更新 Gitea coverage matrix、owner / canonical disposition 與 readiness wording;gitea_repo_inventory_v1 仍不得直接標記 ok。",
|
||||
"still_forbidden": [
|
||||
"store_token_value",
|
||||
@@ -317,7 +317,7 @@
|
||||
"received_response_count": 0,
|
||||
"accepted_response_count": 0,
|
||||
"current_status": "waiting_owner_response",
|
||||
"next_owner_action": "Owner 需依 S4.9 回覆 5 個 Gitea coverage attestation items,且只能引用脫敏 evidence refs。",
|
||||
"next_owner_action": "Owner 需依 S4.9 owner response request packet 回覆 5 個 Gitea coverage attestation items,且只能引用脫敏 evidence refs。",
|
||||
"awooop_display_mode": "observe_missing_response",
|
||||
"still_forbidden": [
|
||||
"store_token_value",
|
||||
|
||||
@@ -51,7 +51,7 @@
|
||||
"S4.5 已建立 authenticated/admin export request,但尚未取得 `gitea_repo_inventory_v1.status=ok` evidence",
|
||||
"S4.6 已建立 redacted import acceptance,但目前 received_payload_count=0、accepted_payload_count=0",
|
||||
"S4.7 已建立 owner coverage attestation request,但目前 received_attestation_count=0、accepted_attestation_count=0",
|
||||
"S4.9 已建立 owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes,但目前 received_response_count=0、accepted_response_count=0",
|
||||
"S4.9 已建立 owner response request packet、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes,但目前 received_response_count=0、accepted_response_count=0",
|
||||
"S4.13 validation rollup 已將 S4.9 納入四包 owner response 驗收總覽,但目前 total_received_response_count=0、total_accepted_response_count=0",
|
||||
"public-only API 只看到 2 個 repos,本機 remote inventory 看到 4 個 unique Gitea repos,gap 仍待 owner 解釋",
|
||||
"GITEA_READONLY_TOKEN 未提供",
|
||||
@@ -62,7 +62,7 @@
|
||||
"mirror S4.5 authenticated inventory export request",
|
||||
"mirror S4.6 redacted inventory import acceptance",
|
||||
"mirror S4.7 owner coverage attestation request",
|
||||
"mirror S4.9 owner attestation response templates、intake preflight checks 與 outcome lanes",
|
||||
"mirror S4.9 owner response request packet、owner attestation response templates、intake preflight checks 與 outcome lanes",
|
||||
"mirror S4.13 owner response validation rollup",
|
||||
"等待 read-only token 或 redacted admin export",
|
||||
"更新 approval board 與 decision table"
|
||||
|
||||
@@ -41,6 +41,7 @@ LANES = [
|
||||
"reject_execution_request",
|
||||
"keep_waiting_owner_response",
|
||||
],
|
||||
"expected_request_packet_id": "s4_9_gitea_owner_attestation_response_request",
|
||||
},
|
||||
{
|
||||
"lane_id": "s4_10_github_target_owner_decision_response",
|
||||
@@ -170,6 +171,45 @@ def validate(root: Path) -> None:
|
||||
assert_equal(f"{lane['lane_id']}.rejected_response_count", summary["rejected_response_count"], 0)
|
||||
assert_equal(f"{lane['lane_id']}.acceptance_check_count", summary["acceptance_check_count"], 8)
|
||||
assert_equal(f"{lane['lane_id']}.rejection_rule_count", summary["rejection_rule_count"], 10)
|
||||
expected_request_packet_id = lane.get("expected_request_packet_id")
|
||||
if expected_request_packet_id is not None:
|
||||
request_packet = snapshot["owner_response_request_packet"]
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_packet_count",
|
||||
summary["owner_response_request_packet_count"],
|
||||
1,
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_packet_id",
|
||||
request_packet["request_id"],
|
||||
expected_request_packet_id,
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_display_status",
|
||||
request_packet["display_status"],
|
||||
"ready_to_request_owner_response",
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_template_ids",
|
||||
request_packet["requested_template_ids"],
|
||||
[
|
||||
"response-public-only-vs-local-gitea-gap",
|
||||
"response-org-user-endpoint-identity",
|
||||
"response-internal-110-adjacent-scope",
|
||||
"response-repo-owner-canonical-scope",
|
||||
"response-legacy-or-inaccessible-disposition",
|
||||
],
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_awooop_display_mode",
|
||||
request_packet["awooop_display_mode"],
|
||||
"display_owner_response_request_only",
|
||||
)
|
||||
assert_false(
|
||||
f"{lane['lane_id']}.owner_response_request_execution_authorized",
|
||||
request_packet["execution_authorized"],
|
||||
)
|
||||
assert_true(f"{lane['lane_id']}.owner_response_request_not_approval", request_packet["not_approval"])
|
||||
expected_preflight_checks = lane.get("expected_preflight_checks")
|
||||
if expected_preflight_checks is not None:
|
||||
intake_preflight_checks = snapshot["intake_preflight_checks"]
|
||||
|
||||
Reference in New Issue
Block a user