docs(security): add approval gate contract [skip ci]

2026-05-13 12:54:51 +08:00
parent f3f4966ea9
commit 728f3c121a
23 changed files with 701 additions and 61 deletions
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -1,3 +1,25 @@
+## 2026-05-13 | 資安供應鏈 S3.0：人工批准 Gate 契約
+
+**背景**：S2.7 已建立 `security_mirror_status_rollup_v1`，讓 AwoooP 與 Security Supply Chain Session 有共同狀態摘要。本輪開始 S3，但只建立人工批准 gate 的決策語言與稽核格式，不把 approval queue 接成 runner。
+
+**本次交付**：
+- 新增 `docs/schemas/security_approval_gate_v1.schema.json`。
+- 新增 `docs/security/security-approval-gate.snapshot.json`，定義 8 個 gate items、批准範圍、決策選項與 follow-up runtime gate。
+- 新增 `docs/security/SECURITY-APPROVAL-GATE.md`，以繁體中文說明 S3.0 可做 / 不可做與階段定位。
+- 更新資安供應鏈 manifest，contract 數量從 27 增至 28。
+- 更新鏡像 readiness、接收計畫、事件範例、路由矩陣、驗收契約、隔離契約、dry-run、status rollup、AwoooP mirror-only checklist、AwoooP handoff 與整體進度。
+
+**累積狀態**：
+- 鏡像 readiness 目前為 28 個 contracts：25 個 ready for mirror、2 個 partial ready、1 個 contract-only、0 個 blocked。
+- S3 approval gate 目前 8 個 items：7 個 pending human decision、1 個 block candidate、0 個 approved。
+- 批准後仍不得自動執行；任何 runtime action 都需要 follow-up runtime gate。
+
+**邊界**：
+- 沒有新增 runtime endpoint、DB migration、model 或執行 action。
+- 沒有新增執行按鈕。
+- 沒有啟動 scan、呼叫 Kali `/execute`、建立 repo、修改 visibility、sync refs 或切 GitHub primary。
+- 沒有保存 raw secret、token、cookie、private key 或 exploit payload。
+
 ## 2026-05-13 | 資安供應鏈 S2.7：AwoooP 鏡像狀態彙整契約

 **背景**：S2.6 已建立 `security_mirror_dry_run_v1`，讓 AwoooP 未來可回報 mirror-only 接入演練。本輪補上 `security_mirror_status_rollup_v1`，讓 AwoooP 主線與 Security Supply Chain Session 用同一份狀態摘要同步目前階段、下一個 gate 與禁止事項，避免把 dry-run、approval queue 或 readiness 誤讀成執行授權。
--- a/docs/schemas/security_approval_gate_v1.schema.json
+++ b/docs/schemas/security_approval_gate_v1.schema.json
@@ -0,0 +1,196 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "urn:awoooi:security-approval-gate-v1",
+  "title": "資安供應鏈人工批准 Gate 契約 v1",
+  "description": "定義 Security Supply Chain 進入 S3 時，AwoooP 如何顯示、記錄與限制人工批准。此契約不授權 runtime execution。",
+  "type": "object",
+  "required": [
+    "schema_version",
+    "status",
+    "date",
+    "mode",
+    "runtime_execution_authorized",
+    "source_indexes",
+    "summary",
+    "gate_items",
+    "decision_recording_rules",
+    "forbidden_actions"
+  ],
+  "properties": {
+    "schema_version": {
+      "const": "security_approval_gate_v1"
+    },
+    "status": {
+      "type": "string",
+      "enum": ["draft"]
+    },
+    "date": {
+      "type": "string"
+    },
+    "mode": {
+      "type": "string",
+      "enum": ["approval_gate_only"]
+    },
+    "runtime_execution_authorized": {
+      "type": "boolean",
+      "const": false
+    },
+    "source_indexes": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "minItems": 1
+    },
+    "summary": {
+      "type": "object",
+      "required": [
+        "total_gate_items",
+        "pending_human_decision_count",
+        "block_candidate_count",
+        "approved_count",
+        "runtime_actions_authorized",
+        "immediate_execution_after_approval_allowed",
+        "raw_secret_storage_authorized"
+      ],
+      "properties": {
+        "total_gate_items": {
+          "type": "integer",
+          "minimum": 0
+        },
+        "pending_human_decision_count": {
+          "type": "integer",
+          "minimum": 0
+        },
+        "block_candidate_count": {
+          "type": "integer",
+          "minimum": 0
+        },
+        "approved_count": {
+          "type": "integer",
+          "minimum": 0
+        },
+        "runtime_actions_authorized": {
+          "type": "boolean",
+          "const": false
+        },
+        "immediate_execution_after_approval_allowed": {
+          "type": "boolean",
+          "const": false
+        },
+        "raw_secret_storage_authorized": {
+          "type": "boolean",
+          "const": false
+        }
+      },
+      "additionalProperties": false
+    },
+    "gate_items": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": [
+          "gate_id",
+          "source_queue_item_id",
+          "source_contract",
+          "risk",
+          "gate_state",
+          "approval_scope",
+          "required_reviewers",
+          "decision_options",
+          "allowed_after_approval",
+          "still_forbidden",
+          "requires_followup_runtime_gate",
+          "evidence_refs"
+        ],
+        "properties": {
+          "gate_id": {
+            "type": "string"
+          },
+          "source_queue_item_id": {
+            "type": "string"
+          },
+          "source_contract": {
+            "type": "string"
+          },
+          "risk": {
+            "type": "string",
+            "enum": ["MEDIUM", "HIGH", "CRITICAL"]
+          },
+          "gate_state": {
+            "type": "string",
+            "enum": ["pending_human_decision", "block_candidate", "approved", "rejected", "expired"]
+          },
+          "approval_scope": {
+            "type": "string",
+            "enum": [
+              "design_or_draft_only",
+              "read_only_inventory_only",
+              "low_noise_scan_scope_only",
+              "manual_exception_only",
+              "blocked_by_default"
+            ]
+          },
+          "required_reviewers": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "minItems": 1,
+            "uniqueItems": true
+          },
+          "decision_options": {
+            "type": "array",
+            "items": {
+              "type": "string",
+              "enum": ["approve_scope", "reject", "defer", "request_more_evidence", "keep_blocked"]
+            },
+            "minItems": 1
+          },
+          "allowed_after_approval": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "minItems": 1
+          },
+          "still_forbidden": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "minItems": 1
+          },
+          "requires_followup_runtime_gate": {
+            "type": "boolean",
+            "const": true
+          },
+          "evidence_refs": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "minItems": 1
+          }
+        },
+        "additionalProperties": false
+      }
+    },
+    "decision_recording_rules": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "minItems": 1
+    },
+    "forbidden_actions": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "minItems": 1
+    }
+  },
+  "additionalProperties": false
+}
--- a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md
+++ b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md
@@ -29,6 +29,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
 | `kali_integration_status_v1` | 192.168.0.112 live health / update / gap evidence | Security posture、Operator Console、Approval candidate | mirror-only | 不保存 SSH 密碼或 API key、不直接啟動 scan 或 `/execute` |
 | `kali_scan_scope_approval_v1` | Kali 112 scan scope、111/168 observe-only、safe/active/credentialed/execute/full-upgrade gates | Approval queue、Operator Console、Audit | approval-only | 只顯示 scope 與 gate，不啟動 scan、不呼叫 `/execute` |
 | `security_approval_queue_v1` | Security Supply Chain pending approval / block candidate 集中隊列 | Approval queue、Operator Console、Audit | approval-only | 只顯示 review order 與 blocked reason，不執行 queue item |
+| `security_approval_gate_v1` | S3 人工批准 gate | Approval queue、Operator Console、Audit | approval-only | 只記錄人工決策、批准範圍與 follow-up runtime gate，不執行 gate item |
 | `security_mirror_readiness_v1` | Security Supply Chain contract mirror readiness index | Operator Console、Runtime State、Channel Event、Audit | mirror-only | 只顯示 ready / partial / contract-only，不執行 mirror item |
 | `security_mirror_intake_plan_v1` | AwoooP mirror-only intake waves / destinations / acceptance gates | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 只照 wave 讀取與顯示，不執行 intake item |
 | `security_mirror_event_v1` | AwoooP mirror-only event envelope | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 每筆 event 必須 `execution_authorized=false`、`action_buttons_allowed=false` |
@@ -87,7 +88,8 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
 | `kali_integration_status_v1.status=partial_runtime_health_integrated` | `observe` | 顯示 Kali 112 health、更新紀錄、缺口與 approval gates；不得直接掃描 |
 | `kali_scan_scope_approval_v1.status=draft_waiting_approval` | `approve_required` | 顯示 Kali 112、111/168、核心主機、公開網站 scope 與 gate；不得執行 scan |
 | `security_approval_queue_v1.status=draft` | `approve_required` | 顯示 8 個 queue items、review order 與 blocked reason；不得執行 item |
-| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 27 個 contracts 的 readiness；不得把 readiness 當 execution authorization |
+| `security_approval_gate_v1.mode=approval_gate_only` | `approve_required` | 顯示 8 個 gate items、批准範圍與 follow-up runtime gate；批准後不得自動執行 |
+| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 28 個 contracts 的 readiness；不得把 readiness 當 execution authorization |
 | `security_mirror_intake_plan_v1.status=draft` | `observe` | 顯示 5 個 intake waves 與 4 個 acceptance gates；不得執行 wave |
 | `security_mirror_event_v1.execution_authorized=false` | `observe` | 只包裝鏡像 payload，明確不授權執行、不顯示執行按鈕 |
 | `security_mirror_route_v1.status=draft` | `observe` | 顯示 5 個 route groups、channel policy 與 review lane；不得轉成 execution router |
@@ -159,6 +161,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
 | Security finding contract | `docs/security/security-finding-kali-sample.snapshot.json` / `docs/security/SECURITY-FINDING-CONTRACT.md` |
 | Kali scan scope approval package | `docs/security/kali-scan-scope-approval.snapshot.json` / `docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` |
 | Security approval queue | `docs/security/security-approval-queue.snapshot.json` / `docs/security/SECURITY-APPROVAL-QUEUE.md` |
+| Security approval gate | `docs/security/security-approval-gate.snapshot.json` / `docs/security/SECURITY-APPROVAL-GATE.md` |
 | Security mirror readiness | `docs/security/security-mirror-readiness.snapshot.json` / `docs/security/SECURITY-MIRROR-READINESS.md` |
 | Security mirror intake plan | `docs/security/security-mirror-intake-plan.snapshot.json` / `docs/security/SECURITY-MIRROR-INTAKE-PLAN.md` |
 | 資安鏡像事件契約 | `docs/security/security-mirror-event-sample.snapshot.json` / `docs/security/SECURITY-MIRROR-EVENT-CONTRACT.md` |
--- a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md
+++ b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md
@@ -73,7 +73,7 @@
 ```text
 Kali / Code Review / GitHub / Gitea / Codex
  -> security_supply_chain_contract_manifest_v1
-  -> security_mirror_readiness_v1 / security_mirror_intake_plan_v1 / security_mirror_event_v1 / security_mirror_route_v1 / security_mirror_acceptance_v1 / security_mirror_quarantine_v1 / security_mirror_dry_run_v1 / security_mirror_status_rollup_v1 / security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
+  -> security_mirror_readiness_v1 / security_mirror_intake_plan_v1 / security_mirror_event_v1 / security_mirror_route_v1 / security_mirror_acceptance_v1 / security_mirror_quarantine_v1 / security_mirror_dry_run_v1 / security_mirror_status_rollup_v1 / security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / security_approval_gate_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
  -> AWOOOI ingestion / asset_inventory / AIOps KPI / AOL
  -> mirror 到 AwoooP Runtime State / Channel Event / Audit
  -> AwoooP Policy / Approval / Exception / Operator Console
@@ -135,6 +135,18 @@ Snapshot：`docs/security/security-approval-queue.snapshot.json`

 AwoooP 初期處理方式：只顯示 review order、blocked reason、required reviewers 與 evidence refs，可建立 approval candidate，但不得執行 queue item。

+### `security_approval_gate_v1`
+
+用途：定義 S3 人工批准 gate 的決策語言、批准範圍、required reviewers、仍然禁止事項與 follow-up runtime gate。
+
+Schema：`docs/schemas/security_approval_gate_v1.schema.json`
+
+Snapshot：`docs/security/security-approval-gate.snapshot.json`
+
+目前 gate：8 items，7 個 pending human decision，1 個 block candidate，0 個 approved。批准後仍不得自動執行。
+
+AwoooP 初期處理方式：只記錄人工決策、audit evidence 與批准範圍；不得把 gate item 接成 runner，不得在批准後自動啟動 scan、repo、refs、deploy 或 secret 類動作。
+
 ### `security_mirror_readiness_v1`

 用途：集中整理 Security Supply Chain contracts 的 mirror readiness，讓 AwoooP 先知道哪些可 mirror、哪些 partial、哪些 contract-only。
@@ -143,7 +155,7 @@ Schema：`docs/schemas/security_mirror_readiness_v1.schema.json`

 Snapshot：`docs/security/security-mirror-readiness.snapshot.json`

-目前 readiness：27 個 contracts，24 個 ready for mirror，2 個 partial ready，1 個 contract-only，0 個 blocked。所有 contract 都是 `execution_allowed=false`。
+目前 readiness：28 個 contracts，25 個 ready for mirror，2 個 partial ready，1 個 contract-only，0 個 blocked。所有 contract 都是 `execution_allowed=false`。

 AwoooP 初期處理方式：先 mirror readiness index，再依 readiness 分批 mirror 其他 snapshots；不得把 readiness 當 execution authorization。

@@ -179,7 +191,7 @@ Schema：`docs/schemas/security_mirror_route_v1.schema.json`

 Snapshot：`docs/security/security-mirror-route.snapshot.json`

-目前 route：5 個 route groups，涵蓋 27 個 contracts；所有 route 都是 `runtime_execution_authorized=false`。
+目前 route：5 個 route groups，涵蓋 28 個 contracts；所有 route 都是 `runtime_execution_authorized=false`。

 AwoooP 初期處理方式：只依 route group 顯示 Operator Console / Runtime State / Channel Event / Audit / Approval Queue，不把 route 轉成 execution router。

@@ -227,7 +239,7 @@ Schema：`docs/schemas/security_mirror_status_rollup_v1.schema.json`

 Snapshot：`docs/security/security-mirror-status-rollup.snapshot.json`

-目前 rollup：`framework_ready_waiting_approval`；27 個 contracts、24 ready、2 partial、1 contract-only、0 blocked；approval queue 仍為 8 items，其中 7 pending approval、1 block candidate。
+目前 rollup：`framework_ready_waiting_approval`；28 個 contracts、25 ready、2 partial、1 contract-only、0 blocked；approval queue 仍為 8 items，其中 7 pending approval、1 block candidate。

 AwoooP 初期處理方式：只顯示階段狀態、下一個 gate 與禁止事項，可寫入 Audit evidence；不得把 rollup 當 runtime authorization。

@@ -263,7 +275,7 @@ Schema：`docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`
  "schema_version": "security_supply_chain_contract_manifest_v1",
  "status": "draft",
  "default_enforcement_level": "mirror_only",
-  "contract_count": 27
+  "contract_count": 28
 }
 ```

@@ -678,7 +690,7 @@ Console 初期不提供高風險執行按鈕。

 2026-05-12 contract manifest 追加：已新增 `docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`、`docs/security/security-supply-chain-contract-manifest.snapshot.json` 與 `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md`。AwoooP 應先讀 manifest 作為 mirror-only contract registry，不把 manifest 當 execution router。

-2026-05-13 mirror route 追加：已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 27 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue；route 只決定目的地、channel policy 與 review lane，不是 execution router。
+2026-05-13 mirror route 追加：已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 28 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue；route 只決定目的地、channel policy 與 review lane，不是 execution router。

 2026-05-13 mirror acceptance 追加：已新增 `docs/schemas/security_mirror_acceptance_v1.schema.json`、`docs/security/security-mirror-acceptance.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ACCEPTANCE.md`。AwoooP 可用 7 個 acceptance checks 驗收 mirror ingestion；blocking checks 只針對 contract count mismatch、缺 event envelope、route coverage 不完整或未脫敏 evidence，不得阻擋 runtime 流程。

@@ -686,7 +698,9 @@ Console 初期不提供高風險執行按鈕。

 2026-05-13 mirror dry-run 追加：已新增 `docs/schemas/security_mirror_dry_run_v1.schema.json`、`docs/security/security-mirror-dry-run.snapshot.json` 與 `docs/security/SECURITY-MIRROR-DRY-RUN.md`。AwoooP 未來可用 6 個 dry-run steps 回報接入演練結果；本 snapshot 狀態為 `contract_defined_not_executed`，不得視為 production ingestion 已啟用。

-2026-05-13 mirror status rollup 追加：已新增 `docs/schemas/security_mirror_status_rollup_v1.schema.json`、`docs/security/security-mirror-status-rollup.snapshot.json` 與 `docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md`。AwoooP 與 Security Supply Chain Session 可用同一份 rollup 同步 S0-S4、27 個 contracts、approval queue summary 與下一個安全 gate；本契約不授權任何 runtime action。
+2026-05-13 mirror status rollup 追加：已新增 `docs/schemas/security_mirror_status_rollup_v1.schema.json`、`docs/security/security-mirror-status-rollup.snapshot.json` 與 `docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md`。AwoooP 與 Security Supply Chain Session 可用同一份 rollup 同步 S0-S4、28 個 contracts、approval queue summary 與下一個安全 gate；本契約不授權任何 runtime action。
+
+2026-05-13 S3 approval gate 追加：已新增 `docs/schemas/security_approval_gate_v1.schema.json`、`docs/security/security-approval-gate.snapshot.json` 與 `docs/security/SECURITY-APPROVAL-GATE.md`。AwoooP 可用 8 個 gate items 記錄人工批准、拒絕、延後或補 evidence；批准後仍需 follow-up runtime gate，不得直接執行。

 2026-05-13 Kali 112 live 整合狀態追加：已在授權下登入 `192.168.0.112` 做 read-only 盤點與低風險更新，並新增 `docs/schemas/kali_integration_status_v1.schema.json`、`docs/security/kali-integration-status.snapshot.json` 與 `docs/security/KALI-INTEGRATION-STATUS.md`。Kali Scanner API `/health` healthy、`kali-scanner.service` active/enabled、node-exporter 與 wg-easy container up；已 targeted update `nmap`、`nikto`、`nuclei`、`curl`、`openssl`、CA 套件，安裝 `jq`，時區改為 `Asia/Taipei`，更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence，但不得直接啟動 scan、credentialed scan 或 `/execute`。

@@ -740,6 +754,8 @@ Console 初期不提供高風險執行按鈕。
 - [security_supply_chain_contract_manifest_v1 snapshot](/Users/ogt/awoooi/docs/security/security-supply-chain-contract-manifest.snapshot.json)
 - [資安鏡像狀態彙整契約](/Users/ogt/awoooi/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md)
 - [security_mirror_status_rollup_v1 snapshot](/Users/ogt/awoooi/docs/security/security-mirror-status-rollup.snapshot.json)
+- [資安人工批准 Gate 契約](/Users/ogt/awoooi/docs/security/SECURITY-APPROVAL-GATE.md)
+- [security_approval_gate_v1 snapshot](/Users/ogt/awoooi/docs/security/security-approval-gate.snapshot.json)
 - [Source Control ref truth classification](/Users/ogt/awoooi/docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md)
 - [source_control_ref_truth_classification_v1 snapshot](/Users/ogt/awoooi/docs/security/source-control-ref-truth-classification.snapshot.json)
 - [本機 repo canonical lineage snapshot](/Users/ogt/awoooi/docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md)
@@ -769,6 +785,7 @@ Console 初期不提供高風險執行按鈕。
 - [security_rollout_policy_v1 schema](/Users/ogt/awoooi/docs/schemas/security_rollout_policy_v1.schema.json)
 - [security_supply_chain_contract_manifest_v1 schema](/Users/ogt/awoooi/docs/schemas/security_supply_chain_contract_manifest_v1.schema.json)
 - [security_mirror_status_rollup_v1 schema](/Users/ogt/awoooi/docs/schemas/security_mirror_status_rollup_v1.schema.json)
+- [security_approval_gate_v1 schema](/Users/ogt/awoooi/docs/schemas/security_approval_gate_v1.schema.json)
 - [source_control_ref_truth_classification_v1 schema](/Users/ogt/awoooi/docs/schemas/source_control_ref_truth_classification_v1.schema.json)
 - [local_repo_canonical_probe_v1 schema](/Users/ogt/awoooi/docs/schemas/local_repo_canonical_probe_v1.schema.json)
 - [git_remote_refs_probe_v1 schema](/Users/ogt/awoooi/docs/schemas/git_remote_refs_probe_v1.schema.json)
--- a/docs/security/SECURITY-APPROVAL-GATE.md
+++ b/docs/security/SECURITY-APPROVAL-GATE.md
@@ -0,0 +1,66 @@
+# 資安人工批准 Gate 契約
+
+| 項目 | 內容 |
+|------|------|
+| 日期 | 2026-05-13 |
+| 狀態 | 草案 |
+| Schema | `docs/schemas/security_approval_gate_v1.schema.json` |
+| Snapshot | `docs/security/security-approval-gate.snapshot.json` |
+| 模式 | `approval_gate_only` |
+| runtime 執行授權 | `false` |
+
+## 0. 核心結論
+
+`security_approval_gate_v1` 是 S3 的第一個框架契約。
+
+它讓 AwoooP 能顯示、排序、記錄人工批准，但不讓批准自動變成執行。
+
+批准後最多只能進入下一步設計、草案、只讀 inventory、低噪音 scope 或人工 exception；任何真正 runtime action 都還需要後續 runtime gate。
+
+## 1. 目前 Gate 狀態
+
+| 指標 | 數量 |
+|------|------|
+| Gate items | 8 |
+| Pending human decision | 7 |
+| Block candidate | 1 |
+| Approved | 0 |
+| Runtime actions authorized | `false` |
+| Immediate execution after approval | `false` |
+| Raw secret storage authorized | `false` |
+
+## 2. 建議審查順序
+
+| 順序 | Gate | 初期批准範圍 |
+|------|------|--------------|
+| 1 | Redacted finding ingestion | 只批准設計或 draft PR |
+| 2 | Safe web crawl | 只批准低噪音 scope 定義 |
+| 3 | Gitea read-only inventory | 只批准只讀 inventory 或 redacted admin export |
+| 4 | GitHub target decisions | 只批准逐 repo 決策草案 |
+| 5 | Ref truth review | 只批准人工分類與 reconcile 草案 |
+| 6 | Credentialed scan | 只允許人工 exception 設計，仍需 runtime gate |
+| 7 | Kali full-upgrade / reboot | 只允許維護窗口與 rollback 規劃 |
+| 8 | Kali `/execute` | 預設維持 block candidate |
+
+## 3. AwoooP 可做
+
+1. 顯示 gate item、risk、required reviewers 與 evidence refs。
+2. 記錄 approve / reject / defer / request more evidence / keep blocked。
+3. 將人工決策寫入 Audit evidence。
+4. 顯示批准範圍與仍然禁止事項。
+5. 提醒哪些項目需要 follow-up runtime gate。
+
+## 4. AwoooP 不可做
+
+1. 不自動批准。
+2. 不在批准後自動執行。
+3. 不把 approval queue 接成 runner。
+4. 不啟動 scan、credentialed scan 或 Kali `/execute`。
+5. 不建立 GitHub repo、不改 visibility、不 sync refs、不切 GitHub primary。
+6. 不保存 raw secret、token、cookie、private key 或 exploit payload。
+
+## 5. 階段定位
+
+S3.0 只讓人工批准有一致語言與可稽核格式。
+
+它仍然不是 runtime enforcement，也不是一次把資安等級拉滿。低風險與中風險觀察仍以 observe / warn 為主；只有不可逆或高風險動作才進 gate。
--- a/docs/security/SECURITY-APPROVAL-QUEUE.md
+++ b/docs/security/SECURITY-APPROVAL-QUEUE.md
@@ -15,6 +15,8 @@

 它不是授權清單。所有 queue item 都只能顯示、排序、建立 approval candidate，不能直接執行。

+S3.0 開始，實際人工決策格式由 `security_approval_gate_v1` 承接。Queue 負責排序候選；Gate 負責記錄批准範圍、reviewers、決策結果與 follow-up runtime gate。
+
 目前狀態：

 | 指標 | 數量 |
@@ -46,6 +48,7 @@
 3. 建立 approval candidate。
 4. 保存人工決策結果與 audit evidence。
 5. 依 review order 提醒下一個低摩擦 gate。
+6. 將決策寫入 `security_approval_gate_v1`，但不觸發執行。

 ## 3. AwoooP 不可以做

--- a/docs/security/SECURITY-MIRROR-ACCEPTANCE.md
+++ b/docs/security/SECURITY-MIRROR-ACCEPTANCE.md
@@ -27,7 +27,7 @@

 | Check | 目的 | 失敗時是否阻擋鏡像 |
 |-------|------|--------------------|
-| `CONTRACT_COUNT_MATCH` | 確認 manifest、readiness、route coverage 對齊 27 個 contracts | 是 |
+| `CONTRACT_COUNT_MATCH` | 確認 manifest、readiness、route coverage 對齊 28 個 contracts | 是 |
 | `EVENT_ENVELOPE_REQUIRED` | 確認每筆 payload 都不可執行、不可顯示執行按鈕 | 是 |
 | `ROUTE_GROUP_COVERAGE` | 確認 5 個 route groups 覆蓋所有 contracts | 是 |
 | `REDACTION_ONLY` | 確認不保存 raw sensitive value | 是 |
--- a/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md
+++ b/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md
@@ -19,10 +19,10 @@

 | Wave | 目的 | 主要 contracts | Exit gate |
 |------|------|----------------|-----------|
-| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣、驗收契約、隔離契約、dry-run 報告格式與 status rollup | readiness / manifest / rollout policy / mirror event / mirror route / acceptance / quarantine / dry-run / status rollup | 顯示 27 個 contract 且 `execution_allowed=false` |
+| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣、驗收契約、隔離契約、dry-run 報告格式、status rollup 與 approval gate | readiness / manifest / rollout policy / mirror event / mirror route / acceptance / quarantine / dry-run / status rollup / approval gate | 顯示 28 個 contract 且 `execution_allowed=false` |
 | `M1_kali_visibility` | 顯示 Kali 112、scan scope、approval queue | Kali status / scan scope / approval queue / finding sample | 顯示 5 個 scope groups 與 8 個 queue items，沒有執行按鈕 |
 | `M2_source_control_visibility` | 顯示 Gitea/GitHub source-control evidence | migration / inventory / refs / approval board | 顯示 blocking reasons，repo/refs actions 全 disabled |
-| `M3_approval_candidates` | 顯示 approval candidates 與人工決策留痕 | approval events / approval queue / source-control board | 可留痕，不可自動批准或執行 |
+| `M3_approval_candidates` | 顯示 approval candidates、S3 gate 與人工決策留痕 | approval events / approval queue / approval gate / source-control board | 可留痕，不可自動批准或執行 |
 | `M4_patch_only_backlog` | 顯示 Codex patch-only backlog lane | coding task | 只顯示 lane，不接 Codex runner action |

 ## 2. AwoooP 可做
@@ -36,8 +36,9 @@
 7. 使用 `security_mirror_status_rollup_v1` 顯示跨 Session 狀態與下一個 gate。
 8. 將 ready / partial contracts mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence。
 9. 將 approval-only contracts mirror 到 Approval Queue。
-10. 顯示 required reviewers、blocked reason、evidence refs、review order。
-11. 記錄人工決策結果，但不自動執行後續動作。
+10. 使用 `security_approval_gate_v1` 顯示批准範圍與 follow-up runtime gate。
+11. 顯示 required reviewers、blocked reason、evidence refs、review order。
+12. 記錄人工決策結果，但不自動執行後續動作。

 ## 3. AwoooP 不可做

--- a/docs/security/SECURITY-MIRROR-READINESS.md
+++ b/docs/security/SECURITY-MIRROR-READINESS.md
@@ -23,7 +23,7 @@

 | 狀態 | 數量 | 說明 |
 |------|------|------|
-| `ready_for_mirror` | 24 | 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence |
+| `ready_for_mirror` | 25 | 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence |
 | `partial_ready` | 2 | 可 mirror，但 evidence 仍不完整 |
 | `contract_only` | 1 | 有 schema / handoff，尚無正式 snapshot |
 | `blocked` | 0 | 目前沒有禁止 mirror 的 contract |
@@ -75,7 +75,8 @@ AwoooP 可以將 ready / partial contracts mirror 到：
 7. 再 mirror `security_mirror_status_rollup_v1`，顯示跨 Session 狀態與下一個 gate。
 8. 再 mirror `security_mirror_intake_plan_v1`，照 wave 執行 read-only intake。
 9. 再 mirror `security_approval_queue_v1`，只顯示 review order。
-10. 再 mirror `kali_integration_status_v1` 與 `kali_scan_scope_approval_v1`。
-11. 最後再 mirror source-control 相關 contracts。
+10. 再 mirror `security_approval_gate_v1`，只記錄人工決策與 follow-up runtime gate。
+11. 再 mirror `kali_integration_status_v1` 與 `kali_scan_scope_approval_v1`。
+12. 最後再 mirror source-control 相關 contracts。

 整個 S2 不新增 execution router、不新增執行按鈕、不新增 runtime blocker。
--- a/docs/security/SECURITY-MIRROR-ROUTE.md
+++ b/docs/security/SECURITY-MIRROR-ROUTE.md
@@ -28,7 +28,7 @@
 | `M0_index_bootstrap` | 載入 readiness、manifest、policy、event、intake、route、acceptance、quarantine、dry-run、status rollup | `no_channel_event` | `observe` |
 | `M1_kali_visibility` | 顯示 Kali 112、111 / 168 scope、approval queue 與 finding sample | `approval_required_only` | `approval_required` |
 | `M2_source_control_visibility` | 顯示 Gitea / GitHub repo、branch、tag、canonical 差異 | `low_noise_status` | `source_control_review` |
-| `M3_approval_candidates` | 顯示人工批准候選與留痕 | `approval_required_only` | `approval_required` |
+| `M3_approval_candidates` | 顯示人工批准候選、S3 gate 與留痕 | `approval_required_only` | `approval_required` |
 | `M4_patch_only_backlog` | 顯示 Code Review 後的 Codex patch-only backlog lane | `no_channel_event` | `patch_only` |

 ## 2. AwoooP 可做
@@ -52,7 +52,7 @@

 S2.7 後，AwoooP 主線只需要能讀到：

-1. 27 個 contracts。
+1. 28 個 contracts。
 2. 5 個 route groups。
 3. 所有 route group 都是 `runtime_execution_authorized=false`。
 4. Channel Event 初期低噪音。
--- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
+++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
@@ -19,9 +19,10 @@

 | 類型 | 狀態 |
 |------|------|
-| Contract manifest | 27 個 contracts |
-| Mirror readiness | 24 ready、2 partial、1 contract-only、0 blocked |
+| Contract manifest | 28 個 contracts |
+| Mirror readiness | 25 ready、2 partial、1 contract-only、0 blocked |
 | Approval queue | 8 items：7 pending approval、1 block candidate |
+| Approval gate | S3.0 已建立；0 approved、7 pending、1 block candidate |
 | Dry-run | `contract_defined_not_executed` |
 | Runtime actions | `false` |
 | Payload ingestion | `false` |
@@ -29,7 +30,7 @@
 ## 2. AwoooP 可做

 1. 顯示 S0 到 S4 的階段狀態。
-2. 顯示 contract readiness、approval queue summary 與下一個 gate。
+2. 顯示 contract readiness、approval queue summary、approval gate summary 與下一個 gate。
 3. 將彙整結果寫入 Audit evidence。
 4. 低噪音通知階段完成、blocked reason 或人工批准必要事件。
 5. 把下一步限制在 `observe` / `approval_required` / `block_candidate`。
@@ -46,7 +47,7 @@

 下一步仍不是 runtime enforcement。

-建議先讓 AwoooP 主線只讀消費本 rollup，並由人工依序 review：
+建議先讓 AwoooP 主線只讀消費本 rollup 與 `security_approval_gate_v1`，並由人工依序 review：

 1. redacted finding ingestion adapter。
 2. safe web crawl scope。
--- a/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md
+++ b/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md
@@ -11,7 +11,7 @@

 ## 0. 核心結論

-目前 Security Supply Chain 已有 27 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口，避免不同 Session 各自解讀。
+目前 Security Supply Chain 已有 28 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口，避免不同 Session 各自解讀。

 初期預設仍是 `mirror_only`。Manifest 不授權 runtime enforcement、不授權 GitHub/Gitea 主控切換、不授權 repo 建立或 refs sync。

@@ -24,6 +24,7 @@
 | `kali_integration_status_v1` | mirror-only | Kali 112 live health / update / gap evidence | `kali-integration-status.snapshot.json` |
 | `kali_scan_scope_approval_v1` | approval-only | Kali scan scope、111/168 observe-only、active/credentialed/execute gate | `kali-scan-scope-approval.snapshot.json` |
 | `security_approval_queue_v1` | approval-only | AwoooP 可 mirror 的 Security Supply Chain approval queue | `security-approval-queue.snapshot.json` |
+| `security_approval_gate_v1` | approval-only | S3 人工批准 gate 與 follow-up runtime gate 邊界 | `security-approval-gate.snapshot.json` |
 | `security_mirror_readiness_v1` | mirror-only | AwoooP mirror/read-only readiness index | `security-mirror-readiness.snapshot.json` |
 | `security_mirror_intake_plan_v1` | mirror-only | AwoooP mirror-only intake waves 與 acceptance gates | `security-mirror-intake-plan.snapshot.json` |
 | `security_mirror_event_v1` | mirror-only | AwoooP mirror event envelope | `security-mirror-event-sample.snapshot.json` |
--- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
+++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
@@ -4,7 +4,7 @@
 |------|------|
 | 日期 | 2026-05-13 |
 | 狀態 | S0/S1 read-only evidence 建置中 |
-| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
+| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
 | 原則 | 低摩擦分階段；文件、schema、read-only evidence 優先；不做 runtime enforcement、不切 primary |

 ## 0. 本階段完成後整體進度
@@ -20,11 +20,11 @@
 | S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff；已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs |
 | S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類：4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs | repo owner 單 ref / 單 repo 判定 |
 | S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立 | AwoooP read-only policy 消費 |
-| S1.4 契約索引 | 完成草案 | 27 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
+| S1.4 契約索引 | 完成草案 | 28 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
 | S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + `/execute` high-risk gate |
 | S1.6 Kali finding / scan scope approval | 完成草案 | `security_finding_v1` sample snapshot 與 `kali_scan_scope_approval_v1` approval package 已建立；111/168 已納入 observe-only scope | 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate |
 | S1.7 Security approval queue | 完成草案 | 8 個 approval queue items 已集中：7 pending approval、1 block candidate；AwoooP 可 mirror 但不得執行 | 先 review redacted finding ingestion，再 review safe crawl / Gitea inventory |
-| S2 AwoooP mirror-only readiness | 完成草案 | `security_mirror_readiness_v1` 已整理 27 個 contracts：24 ready、2 partial、1 contract-only、0 blocked | AwoooP 主線建立只讀入口 |
+| S2 AwoooP mirror-only readiness | 完成草案 | `security_mirror_readiness_v1` 已整理 28 個 contracts：25 ready、2 partial、1 contract-only、0 blocked | AwoooP 主線建立只讀入口 |
 | S2.1 AwoooP mirror-only intake plan | 完成草案 | `security_mirror_intake_plan_v1` 已建立 5 個 intake waves 與 4 個 acceptance gates | AwoooP 主線照 wave mirror，不新增 execution router |
 | S2.2 AwoooP 鏡像事件信封 | 完成草案 | `security_mirror_event_v1` 已建立，要求每筆鏡像 payload 標示 `execution_authorized=false` 與 `action_buttons_allowed=false` | AwoooP 鏡像 payload 統一信封 |
 | S2.3 AwoooP 鏡像路由矩陣 | 完成草案 | `security_mirror_route_v1` 已建立 5 個 route groups，定義目的地、channel policy 與 review lane | AwoooP 消費時不猜路由、不新增執行入口 |
@@ -32,7 +32,8 @@
 | S2.5 AwoooP 鏡像隔離契約 | 完成草案 | `security_mirror_quarantine_v1` 已建立 5 個 quarantine lanes；失敗 payload 必須等新 snapshot commit 後才能 retry | AwoooP 可隔離壞資料，不阻擋 runtime |
 | S2.6 AwoooP 鏡像 dry-run 報告契約 | 完成草案 | `security_mirror_dry_run_v1` 已建立 6 個 dry-run steps；目前狀態為 contract defined not executed | AwoooP 未來可回報演練結果，但不啟動 production ingestion |
 | S2.7 AwoooP 鏡像狀態彙整契約 | 完成草案 | `security_mirror_status_rollup_v1` 已建立，彙整 S0-S4、approval queue summary 與下一個安全 gate | 兩個 Session 用同一份 rollup 同步，不誤啟執行面 |
-| S3 approval gate | 未開始 | 已定義哪些動作要進 approval | 不得繞過人工批准 |
+| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items：7 pending、1 block candidate、0 approved | 不得繞過人工批准；批准後仍需 follow-up runtime gate |
+| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策，不可執行 gate item |
 | S4 migration execution | 未開始 | GitHub primary 長期方向已確認，但 refs / tags / workflow / secret 名稱尚未全量驗證 | SHA/tag/workflow parity 與 rollback ADR |

 ## 1. 已建立的主要 evidence
@@ -69,6 +70,8 @@
 | Kali scan scope approval JSON | `docs/security/kali-scan-scope-approval.snapshot.json` |
 | Security approval queue | `docs/security/SECURITY-APPROVAL-QUEUE.md` |
 | Security approval queue JSON | `docs/security/security-approval-queue.snapshot.json` |
+| Security approval gate | `docs/security/SECURITY-APPROVAL-GATE.md` |
+| Security approval gate JSON | `docs/security/security-approval-gate.snapshot.json` |
 | Security mirror readiness | `docs/security/SECURITY-MIRROR-READINESS.md` |
 | Security mirror readiness JSON | `docs/security/security-mirror-readiness.snapshot.json` |
 | Security mirror intake plan | `docs/security/SECURITY-MIRROR-INTAKE-PLAN.md` |
@@ -114,6 +117,6 @@
 3. 依 `SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md` 對 `awoooi`、`clawbot-v5`、`wooo-aiops` 做單 repo / 單 ref owner 判定；仍不得 push refs。
 4. 對 `ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
 5. 依 `KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准；不得直接接 `/execute`。
-6. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1` 與 `security_mirror_status_rollup_v1`，只建立 mirror-only / read-only policy 入口，不新增執行按鈕。
+6. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1`、`security_mirror_status_rollup_v1` 與 `security_approval_gate_v1`，只建立 mirror-only / read-only policy 入口，不新增執行按鈕。
 7. AwoooP 主線消費 `security_rollout_policy_v1` 時，只做 read-only policy，不做 runtime blocking。
-8. AwoooP 主線再讀 `security_approval_queue_v1` 與 `security_supply_chain_contract_manifest_v1`，顯示 review order 與 blocked reason，不新增 execution router。
+8. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1` 與 `security_supply_chain_contract_manifest_v1`，顯示 review order、批准範圍與 blocked reason，不新增 execution router。
--- a/docs/security/security-approval-gate.snapshot.json
+++ b/docs/security/security-approval-gate.snapshot.json
@@ -0,0 +1,289 @@
+{
+  "schema_version": "security_approval_gate_v1",
+  "status": "draft",
+  "date": "2026-05-13",
+  "mode": "approval_gate_only",
+  "runtime_execution_authorized": false,
+  "source_indexes": [
+    "docs/security/security-approval-queue.snapshot.json",
+    "docs/security/security-mirror-status-rollup.snapshot.json",
+    "docs/security/security-rollout-policy.snapshot.json",
+    "docs/security/kali-scan-scope-approval.snapshot.json",
+    "docs/security/source-control-approval-board.snapshot.json",
+    "docs/security/source-control-ref-truth-classification.snapshot.json"
+  ],
+  "summary": {
+    "total_gate_items": 8,
+    "pending_human_decision_count": 7,
+    "block_candidate_count": 1,
+    "approved_count": 0,
+    "runtime_actions_authorized": false,
+    "immediate_execution_after_approval_allowed": false,
+    "raw_secret_storage_authorized": false
+  },
+  "gate_items": [
+    {
+      "gate_id": "gate-redacted-finding-ingestion-20260513",
+      "source_queue_item_id": "kali-finding-runtime-ingestion-approval-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "MEDIUM",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "design_or_draft_only",
+      "required_reviewers": [
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "設計 redacted security_finding_v1 ingestion adapter",
+        "建立 draft PR 或 patch-only backlog",
+        "只定義摘要欄位與 evidence_ref"
+      ],
+      "still_forbidden": [
+        "保存 raw secret/token/cookie/private key/exploit payload",
+        "讓 AwoooP 直接啟動 scan",
+        "自動修復或自動封鎖 deploy"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/SECURITY-FINDING-CONTRACT.md",
+        "docs/security/security-finding-kali-sample.snapshot.json",
+        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
+      ]
+    },
+    {
+      "gate_id": "gate-safe-web-crawl-20260513",
+      "source_queue_item_id": "kali-safe-web-crawl-approval-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "MEDIUM",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "low_noise_scan_scope_only",
+      "required_reviewers": [
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "定義 TLS/header/basic crawl 的目標清單",
+        "限制掃描頻率與時間窗",
+        "只輸出 redacted findings"
+      ],
+      "still_forbidden": [
+        "active DAST fuzz",
+        "auth flow 改狀態測試",
+        "credentialed scan",
+        "阻擋 release"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
+        "docs/security/KALI-SECURITY-MESH-BLUEPRINT.md"
+      ]
+    },
+    {
+      "gate_id": "gate-gitea-readonly-inventory-20260513",
+      "source_queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "MEDIUM",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "read_only_inventory_only",
+      "required_reviewers": [
+        "migration-engineer",
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "使用 read-only token 或 redacted admin export 補齊 repo list",
+        "只保存 token_present=true/false",
+        "更新 migration matrix 與 repo decision table"
+      ],
+      "still_forbidden": [
+        "保存 token value",
+        "使用 write-capable token",
+        "建立 GitHub repo",
+        "sync refs",
+        "切 GitHub primary"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
+        "docs/security/gitea-readonly-inventory-approval.snapshot.json",
+        "docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md"
+      ]
+    },
+    {
+      "gate_id": "gate-github-target-decisions-20260513",
+      "source_queue_item_id": "source-control-target-repo-approval-bundle-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "HIGH",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "design_or_draft_only",
+      "required_reviewers": [
+        "migration-engineer",
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "逐 repo 更新 owner/visibility/canonical decision",
+        "產生 draft reconcile plan 或 ADR",
+        "更新 GitHub target decision snapshot"
+      ],
+      "still_forbidden": [
+        "建立 repo",
+        "修改 visibility",
+        "push refs",
+        "delete refs",
+        "切 GitHub primary"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md",
+        "docs/security/source-control-approval-board.snapshot.json",
+        "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md"
+      ]
+    },
+    {
+      "gate_id": "gate-ref-truth-review-20260513",
+      "source_queue_item_id": "source-control-ref-truth-review-bundle-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "HIGH",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "design_or_draft_only",
+      "required_reviewers": [
+        "migration-engineer",
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "標記單 ref 真相來源",
+        "更新 source control reconcile plan",
+        "產生人工 review checklist"
+      ],
+      "still_forbidden": [
+        "push refs",
+        "delete refs",
+        "force push",
+        "切 GitHub primary"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md",
+        "docs/security/source-control-ref-truth-classification.snapshot.json",
+        "docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"
+      ]
+    },
+    {
+      "gate_id": "gate-credentialed-scan-20260513",
+      "source_queue_item_id": "kali-credentialed-scan-approval-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "HIGH",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "manual_exception_only",
+      "required_reviewers": [
+        "security-commander",
+        "vuln-verifier",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "先定義 credential source、scope、audit trail 與停用方式",
+        "限制到批准 asset",
+        "只保存 redacted finding summary"
+      ],
+      "still_forbidden": [
+        "保存 credential value",
+        "擴大到未批准資產",
+        "自動修復",
+        "改 firewall/RBAC/NetworkPolicy"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
+        "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
+      ]
+    },
+    {
+      "gate_id": "gate-kali-full-upgrade-reboot-20260513",
+      "source_queue_item_id": "kali-full-upgrade-reboot-approval-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "HIGH",
+      "gate_state": "pending_human_decision",
+      "approval_scope": "manual_exception_only",
+      "required_reviewers": [
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "先排維護窗口",
+        "先確認 snapshot 與 rollback",
+        "定義 post-health gate"
+      ],
+      "still_forbidden": [
+        "未排窗口直接 reboot",
+        "未 snapshot 直接 full-upgrade",
+        "未驗證 scanner health 就宣告完成"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/KALI-INTEGRATION-STATUS.md",
+        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
+      ]
+    },
+    {
+      "gate_id": "gate-kali-execute-endpoint-20260513",
+      "source_queue_item_id": "kali-execute-endpoint-approval-20260513",
+      "source_contract": "security_approval_queue_v1",
+      "risk": "CRITICAL",
+      "gate_state": "block_candidate",
+      "approval_scope": "blocked_by_default",
+      "required_reviewers": [
+        "critic",
+        "security-commander",
+        "human-owner"
+      ],
+      "decision_options": ["keep_blocked", "defer", "request_more_evidence"],
+      "allowed_after_approval": [
+        "僅設計 disable/allowlist/audit gate",
+        "只在人工 exception 下測試",
+        "維持 AwoooP runtime 不可直接呼叫"
+      ],
+      "still_forbidden": [
+        "AwoooP runtime 直接呼叫 /execute",
+        "把 /execute 當成一般 MCP action",
+        "執行 shell command 自動修復",
+        "保存 command 中可能含有的敏感輸出"
+      ],
+      "requires_followup_runtime_gate": true,
+      "evidence_refs": [
+        "docs/security/KALI-INTEGRATION-STATUS.md",
+        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
+      ]
+    }
+  ],
+  "decision_recording_rules": [
+    "每個 gate item 必須記錄人工決策、reviewer、時間、evidence refs 與批准範圍。",
+    "批准只代表該 scope 可進下一步設計、草案、只讀 inventory 或人工 exception；不代表可立即執行 runtime action。",
+    "任何 scan、/execute、repo、refs、deploy、secret、RBAC、NetworkPolicy、firewall 變更都需要 follow-up runtime gate。",
+    "拒絕、延後或要求補 evidence 時，只更新 gate 狀態與 audit evidence，不觸發修復。"
+  ],
+  "forbidden_actions": [
+    "execute_gate_item",
+    "auto_approve",
+    "execute_after_approval_without_runtime_gate",
+    "start_kali_scan",
+    "call_kali_execute_endpoint",
+    "run_credentialed_scan",
+    "create_github_repo",
+    "change_repo_visibility",
+    "sync_git_refs",
+    "switch_github_primary",
+    "auto_merge",
+    "production_deploy",
+    "store_secret_token_cookie_private_key_or_exploit_payload",
+    "turn_low_medium_observations_into_blocking_gates"
+  ]
+}
--- a/docs/security/security-mirror-acceptance.snapshot.json
+++ b/docs/security/security-mirror-acceptance.snapshot.json
@@ -11,8 +11,8 @@
    "docs/security/security-mirror-route.snapshot.json"
  ],
  "summary": {
-    "total_contracts": 27,
-    "ready_for_mirror_count": 24,
+    "total_contracts": 28,
+    "ready_for_mirror_count": 25,
    "route_group_count": 5,
    "acceptance_check_count": 7,
    "blocking_check_count": 4
@@ -21,7 +21,7 @@
    {
      "check_id": "CONTRACT_COUNT_MATCH",
      "title": "契約數量一致",
-      "expected_result": "AwoooP 讀到 27 個 contracts，且 manifest、readiness、route coverage 的 contract 集合一致。",
+      "expected_result": "AwoooP 讀到 28 個 contracts，且 manifest、readiness、route coverage 的 contract 集合一致。",
      "evidence_refs": [
        "docs/security/security-supply-chain-contract-manifest.snapshot.json",
        "docs/security/security-mirror-readiness.snapshot.json",
@@ -60,7 +60,7 @@
    {
      "check_id": "ROUTE_GROUP_COVERAGE",
      "title": "路由群組覆蓋",
-      "expected_result": "5 個 route groups 合併後涵蓋 manifest 27 個 contracts，且每個 group 都有 destinations、channel_policy 與 review_lane。",
+      "expected_result": "5 個 route groups 合併後涵蓋 manifest 28 個 contracts，且每個 group 都有 destinations、channel_policy 與 review_lane。",
      "evidence_refs": [
        "docs/security/security-mirror-route.snapshot.json",
        "docs/security/SECURITY-MIRROR-ROUTE.md"
--- a/docs/security/security-mirror-dry-run.snapshot.json
+++ b/docs/security/security-mirror-dry-run.snapshot.json
@@ -14,8 +14,8 @@
    "docs/security/security-mirror-quarantine.snapshot.json"
  ],
  "summary": {
-    "total_contracts": 27,
-    "ready_for_mirror_count": 24,
+    "total_contracts": 28,
+    "ready_for_mirror_count": 25,
    "route_group_count": 5,
    "acceptance_check_count": 7,
    "quarantine_lane_count": 5,
@@ -30,7 +30,7 @@
        "docs/security/security-supply-chain-contract-manifest.snapshot.json",
        "docs/security/security-mirror-readiness.snapshot.json"
      ],
-      "pass_condition": "看到 27 個 contracts、24 個 ready for mirror，且所有 contract execution_allowed=false。",
+      "pass_condition": "看到 28 個 contracts、25 個 ready for mirror，且所有 contract execution_allowed=false。",
      "execution_allowed": false,
      "blocked_actions": [
        "execute_contract",
@@ -60,7 +60,7 @@
        "docs/security/security-mirror-route.snapshot.json",
        "docs/security/SECURITY-MIRROR-ROUTE.md"
      ],
-      "pass_condition": "route groups 合併後涵蓋 27 個 contracts，沒有未知 execution route。",
+      "pass_condition": "route groups 合併後涵蓋 28 個 contracts，沒有未知 execution route。",
      "execution_allowed": false,
      "blocked_actions": [
        "fallback_to_execution_route",
--- a/docs/security/security-mirror-event-sample.snapshot.json
+++ b/docs/security/security-mirror-event-sample.snapshot.json
@@ -16,8 +16,8 @@
  "risk": "LOW",
  "summary": "AwoooP 可 mirror Security Supply Chain readiness index，但不得把 readiness 視為執行授權。",
  "payload_summary": {
-    "total_contracts": 27,
-    "ready_for_mirror_count": 24,
+    "total_contracts": 28,
+    "ready_for_mirror_count": 25,
    "partial_ready_count": 2,
    "contract_only_count": 1,
    "blocked_count": 0,
@@ -31,7 +31,8 @@
    "docs/security/SECURITY-MIRROR-ACCEPTANCE.md",
    "docs/security/SECURITY-MIRROR-QUARANTINE.md",
    "docs/security/SECURITY-MIRROR-DRY-RUN.md",
-    "docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md"
+    "docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md",
+    "docs/security/SECURITY-APPROVAL-GATE.md"
  ],
  "blocked_actions": [
    "execute_mirror_item",
@@ -43,7 +44,7 @@
    "store_secret_value"
  ],
  "labels": {
-    "phase": "S2.7",
+    "phase": "S3.0",
    "redacted": "true",
    "action_surface": "none",
    "mirror_only": "true"
--- a/docs/security/security-mirror-intake-plan.snapshot.json
+++ b/docs/security/security-mirror-intake-plan.snapshot.json
@@ -13,7 +13,8 @@
    "docs/security/security-mirror-acceptance.snapshot.json",
    "docs/security/security-mirror-quarantine.snapshot.json",
    "docs/security/security-mirror-dry-run.snapshot.json",
-    "docs/security/security-mirror-status-rollup.snapshot.json"
+    "docs/security/security-mirror-status-rollup.snapshot.json",
+    "docs/security/security-approval-gate.snapshot.json"
  ],
  "intake_waves": [
    {
@@ -51,7 +52,7 @@
        "execution_router",
        "blocking_gate"
      ],
-      "exit_gate": "Operator Console 能顯示 27 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps 與 status rollup，且 mirror event envelope action_buttons_allowed=false。"
+      "exit_gate": "Operator Console 能顯示 28 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps、status rollup 與 approval gate，且 mirror event envelope action_buttons_allowed=false。"
    },
    {
      "wave_id": "M1_kali_visibility",
@@ -127,6 +128,7 @@
      "contracts": [
        "approval_required_event_v1",
        "security_approval_queue_v1",
+        "security_approval_gate_v1",
        "github_target_repo_approval_package_v1",
        "source_control_approval_board_v1",
        "kali_scan_scope_approval_v1"
@@ -139,6 +141,7 @@
      "allowed_processing": [
        "create_approval_candidate",
        "record_human_decision",
+        "display_followup_runtime_gate",
        "display_required_reviewers",
        "display_blocked_until_approved"
      ],
@@ -147,7 +150,7 @@
        "execute_after_approval_without_new_runtime_gate",
        "store_secret_value"
      ],
-      "exit_gate": "Approval candidate 可顯示與留痕，但任何批准後執行仍需要下一階段 runtime gate。"
+      "exit_gate": "Approval candidate 與 S3 approval gate 可顯示與留痕，但任何批准後執行仍需要下一階段 runtime gate。"
    },
    {
      "wave_id": "M4_patch_only_backlog",
--- a/docs/security/security-mirror-quarantine.snapshot.json
+++ b/docs/security/security-mirror-quarantine.snapshot.json
@@ -11,7 +11,7 @@
    "docs/security/security-supply-chain-contract-manifest.snapshot.json"
  ],
  "summary": {
-    "total_contracts": 27,
+    "total_contracts": 28,
    "quarantine_lane_count": 5,
    "auto_retry_allowed": false,
    "runtime_blocking_allowed": false
--- a/docs/security/security-mirror-readiness.snapshot.json
+++ b/docs/security/security-mirror-readiness.snapshot.json
@@ -5,8 +5,8 @@
  "default_enforcement_level": "mirror_only",
  "runtime_execution_authorized": false,
  "summary": {
-    "total_contracts": 27,
-    "ready_for_mirror_count": 24,
+    "total_contracts": 28,
+    "ready_for_mirror_count": 25,
    "partial_ready_count": 2,
    "contract_only_count": 1,
    "blocked_count": 0
@@ -69,6 +69,16 @@
      "human_docs": ["docs/security/SECURITY-APPROVAL-QUEUE.md"],
      "notes": "可 mirror 8 個 queue items、review order、blocked reason 與 required reviewers。"
    },
+    {
+      "contract": "security_approval_gate_v1",
+      "readiness": "ready_for_mirror",
+      "consumption_mode": "approval_only",
+      "mirror_allowed": true,
+      "execution_allowed": false,
+      "snapshot_paths": ["docs/security/security-approval-gate.snapshot.json"],
+      "human_docs": ["docs/security/SECURITY-APPROVAL-GATE.md"],
+      "notes": "可 mirror S3 人工批准 gate、決策範圍與 follow-up runtime gate；不得執行 gate item。"
+    },
    {
      "contract": "security_mirror_readiness_v1",
      "readiness": "ready_for_mirror",
--- a/docs/security/security-mirror-route.snapshot.json
+++ b/docs/security/security-mirror-route.snapshot.json
@@ -11,7 +11,7 @@
    "docs/security/security-mirror-event-sample.snapshot.json"
  ],
  "summary": {
-    "total_contracts": 27,
+    "total_contracts": 28,
    "route_group_count": 5,
    "channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件；LOW / MEDIUM observation 不發阻擋事件。",
    "approval_queue_policy": "只有 approval-only、suggest-only 或 blocked-until-approved 項目可進 approval queue；approval queue 不代表可執行。"
@@ -54,7 +54,7 @@
        "runtime blocking",
        "自動批准任何 queue item"
      ],
-      "exit_gate": "AwoooP 可顯示 27 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps 與 status rollup，且所有 route 都維持 runtime_execution_authorized=false。"
+      "exit_gate": "AwoooP 可顯示 28 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps、status rollup 與 approval gate，且所有 route 都維持 runtime_execution_authorized=false。"
    },
    {
      "wave_id": "M1_kali_visibility",
@@ -136,6 +136,7 @@
      "contracts": [
        "approval_required_event_v1",
        "security_approval_queue_v1",
+        "security_approval_gate_v1",
        "github_target_repo_approval_package_v1",
        "source_control_approval_board_v1",
        "kali_scan_scope_approval_v1"
@@ -149,6 +150,7 @@
      "review_lane": "approval_required",
      "allowed_processing": [
        "建立 approval candidate",
+        "顯示 S3 approval gate 與 follow-up runtime gate",
        "顯示 required reviewers",
        "顯示 blocked_until_approved",
        "記錄人工決策結果"
@@ -159,7 +161,7 @@
        "把人工批准記錄轉成 runtime executor",
        "保存 token 或 secret value"
      ],
-      "exit_gate": "Approval candidate 可顯示與留痕，但批准後執行仍需要下一階段 runtime gate。"
+      "exit_gate": "Approval candidate 與 S3 approval gate 可顯示與留痕，但批准後執行仍需要下一階段 runtime gate。"
    },
    {
      "wave_id": "M4_patch_only_backlog",
@@ -191,7 +193,7 @@
  "acceptance_gates": [
    {
      "gate_id": "ROUTE_COVERS_ALL_CONTRACTS",
-      "requirement": "route_groups 合併後必須涵蓋 manifest 的 27 個 contracts。"
+      "requirement": "route_groups 合併後必須涵蓋 manifest 的 28 個 contracts。"
    },
    {
      "gate_id": "NO_EXECUTION_SURFACE",
--- a/docs/security/security-mirror-status-rollup.snapshot.json
+++ b/docs/security/security-mirror-status-rollup.snapshot.json
@@ -14,11 +14,12 @@
    "docs/security/security-mirror-quarantine.snapshot.json",
    "docs/security/security-mirror-dry-run.snapshot.json",
    "docs/security/security-approval-queue.snapshot.json",
+    "docs/security/security-approval-gate.snapshot.json",
    "docs/security/security-rollout-policy.snapshot.json"
  ],
  "summary": {
-    "total_contracts": 27,
-    "ready_for_mirror_count": 24,
+    "total_contracts": 28,
+    "ready_for_mirror_count": 25,
    "partial_ready_count": 2,
    "contract_only_count": 1,
    "blocked_count": 0,
@@ -50,9 +51,9 @@
    },
    {
      "phase_id": "S3_approval_gate",
-      "state": "not_started",
-      "current_result": "Approval queue 已列出 8 個候選，其中 7 pending approval、1 block candidate。",
-      "next_gate": "先 review redacted finding ingestion、safe crawl 與 Gitea read-only inventory。"
+      "state": "draft_ready",
+      "current_result": "Approval queue 已列出 8 個候選，且 security_approval_gate_v1 已定義人工決策、批准範圍與 follow-up runtime gate。",
+      "next_gate": "先 review redacted finding ingestion、safe crawl 與 Gitea read-only inventory；批准後仍不得自動執行。"
    },
    {
      "phase_id": "S4_migration_execution",
@@ -84,7 +85,7 @@
      "mode": "approval_required",
      "source_contract": "security_approval_queue_v1",
      "allowed_processing": [
-        "人工審查是否可設計 redacted security_finding_v1 ingestion",
+        "依 security_approval_gate_v1 人工審查是否可設計 redacted security_finding_v1 ingestion",
        "維持只接收摘要與 evidence_ref",
        "保留 patch-only / review gate"
      ],
@@ -146,8 +147,8 @@
  ],
  "session_sync_notes": [
    "本 rollup 是跨 Session 的共同讀取入口，避免 AwoooP 主線與 Security Supply Chain Session 對進度與 gate 判讀不一致。",
-    "S2.7 仍屬框架期；它讓狀態可見，不代表 production ingestion、scan、repo migration 或 runtime enforcement 已啟用。",
-    "下一個可安全推進的工作是 AwoooP read-only UI / audit evidence 消費，或人工 review queue；不可直接跳到執行面。"
+    "S2/S3 目前仍屬框架期；狀態與人工 gate 可見，不代表 production ingestion、scan、repo migration 或 runtime enforcement 已啟用。",
+    "S3.0 只新增人工批准 gate 的決策語言；批准後仍需要 follow-up runtime gate，不可直接跳到執行面。"
  ],
  "forbidden_actions": [
    "start_kali_scan",
--- a/docs/security/security-supply-chain-contract-manifest.snapshot.json
+++ b/docs/security/security-supply-chain-contract-manifest.snapshot.json
@@ -2,7 +2,7 @@
  "schema_version": "security_supply_chain_contract_manifest_v1",
  "status": "draft",
  "default_enforcement_level": "mirror_only",
-  "contract_count": 27,
+  "contract_count": 28,
  "contracts": [
    {
      "contract": "security_rollout_policy_v1",
@@ -85,6 +85,26 @@
      ],
      "notes": "集中整理 Kali、Gitea/GitHub、refs truth classification 等 pending approval / block candidate；不授權執行。"
    },
+    {
+      "contract": "security_approval_gate_v1",
+      "schema_path": "docs/schemas/security_approval_gate_v1.schema.json",
+      "snapshot_paths": ["docs/security/security-approval-gate.snapshot.json"],
+      "human_docs": ["docs/security/SECURITY-APPROVAL-GATE.md"],
+      "consumer": "AwoooP approval queue / Audit / Operator Console",
+      "consumption_mode": "approval_only",
+      "allowed_actions": ["mirror_approval_gate", "record_human_decision", "display_followup_runtime_gate"],
+      "forbidden_actions": [
+        "execute_gate_item",
+        "auto_approve",
+        "execute_after_approval_without_runtime_gate",
+        "start_scan",
+        "call_execute_endpoint",
+        "create_repo",
+        "sync_refs",
+        "store_secret_value"
+      ],
+      "notes": "定義 S3 人工批准 gate 的決策語言與留痕格式；批准後仍不得自動執行，必須有後續 runtime gate。"
+    },
    {
      "contract": "security_mirror_readiness_v1",
      "schema_path": "docs/schemas/security_mirror_readiness_v1.schema.json",
@@ -101,7 +121,7 @@
        "switch_github_primary",
        "store_secret_value"
      ],
-      "notes": "整理 27 個 Security Supply Chain contracts 的 mirror readiness，供 AwoooP 安全消費。"
+      "notes": "整理 28 個 Security Supply Chain contracts 的 mirror readiness，供 AwoooP 安全消費。"
    },
    {
      "contract": "security_mirror_intake_plan_v1",