From 75c1b113d5da495a70042288fbfb30271fa9bf9d Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 4 Jun 2026 19:30:10 +0800 Subject: [PATCH] docs(security): add workflow secret owner handoff [skip ci] --- docs/LOGBOOK.md | 35 +++++ ..._secret_name_owner_response_v1.schema.json | 116 +++++++++++++++- ...ROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md | 55 +++++++- ...w-secret-name-owner-response.snapshot.json | 124 +++++++++++++++++- ...026-06-04-iwooos-security-governance-p0.md | 10 +- 5 files changed, 328 insertions(+), 12 deletions(-) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 61217fda..f220eb1a 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,38 @@ +## 2026-06-04|IwoooS P1-4 Workflow / Secret Owner Response Handoff + +**背景**:P1-3 已補 GitHub target owner response handoff;本段接著補 P1-4 / S4.12 workflow、webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 的 owner response handoff。目標是只收名稱與脫敏 metadata,不收 secret value、hash、masked token、partial token 或任何可還原 credential material。 + +**本輪完成**: +- 更新 `SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md`:日期改為 2026-06-04,新增 P1-4 handoff 摘要、6 項送件前檢查、9 欄交接封套與送後不變條件。 +- 校正 S4.12 local referenced secret names:依 2026-06-04 local evidence 從 `43` 改為 `42`。 +- 更新 `source-control-workflow-secret-name-owner-response.snapshot.json`:新增 `workflow_secret_owner_handoff_package_ready=true`、`workflow_secret_owner_handoff_completion_percent=100`、`workflow_secret_owner_handoff_check_count=6`、`workflow_secret_owner_handoff_packet_field_count=9`,並維持 received / accepted / rejected 全部 `0`。 +- 更新 `source_control_workflow_secret_name_owner_response_v1.schema.json`:同步納入 handoff preflight、handoff packet 與 post-dispatch invariants。 +- 更新 IwoooS P0/P1 主控總帳:P1 只讀重盤工作完成度從 `66%` 調到 `68%`;GitHub primary readiness gate 仍 `0`。 + +**完成度更新**: +- P1-4 Workflow / secret owner response handoff:`100%`。 +- P1 GitHub primary readiness 只讀重盤階段:`68%`。 +- S4.12 owner response gate:`0%`,received / accepted / rejected 全部為 `0`。 +- Workflow / secret parity complete:`false`。 +- GitHub primary readiness gate:`0`。 + +**驗證**: +- `python3 -m json.tool docs/security/source-control-workflow-secret-name-owner-response.snapshot.json`:通過。 +- `python3 -m json.tool docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json`:通過。 +- 本段自訂結構檢查:`WORKFLOW_SECRET_OWNER_HANDOFF_STRUCTURE_OK`。 +- `git diff --check`:通過。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .`:`SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .`:`SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- URL credential pattern 檢查:本段異動檔案無命中。 +- Schema validator 限制:本地沒有 Python `jsonschema` 與 Node AJV,未跑完整 JSON Schema validator;本段以 JSON parse、自訂結構檢查與既有 guard 補位。 +- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK,未改前端、未部署、未宣稱新的 production 狀態;沿用 P0 `/zh-TW/iwooos` desktop / mobile live sanity 作為基準。 + +**目前邊界**: +- 只收 redacted host、event types、runner label、key name、ruleset / CODEOWNERS metadata、secret name、scope、present-absent 與 owner metadata。 +- 不收 secret value、secret hash、masked token、partial token、token value、runner registration token、webhook secret、private key、deploy key private key 或 authorization header。 +- 不建立、複製、rotate、修改或刪除 secret;不改 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS;不啟用 GitHub hosted runner。 +- S4.12 response 即使未來通過,也只能更新 read-only workflow / secret name inventory、export request、primary readiness blocker wording 與 status rollup。 + ## 2026-06-04|IwoooS P1-3 GitHub Target Owner Response Handoff **背景**:P1-2 已把 Gitea authenticated inventory request handoff 補齊;本段接著補 P1-3 / S4.10 GitHub target owner response handoff。目標是讓 owner 逐項回覆 7 個 GitHub target 的 owner、visibility、canonical 與 target disposition,同時避免把 `not_found_or_private` 誤讀成 repo 不存在或可直接建立。 diff --git a/docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json b/docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json index 24c053d8..441d25b9 100644 --- a/docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json +++ b/docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json @@ -14,6 +14,9 @@ "target_contract", "source_indexes", "summary", + "workflow_secret_owner_handoff_preflight_checks", + "workflow_secret_owner_handoff_packet", + "post_dispatch_invariants", "response_templates", "acceptance_checks", "rejection_rules", @@ -86,7 +89,15 @@ "github_hosted_runner_enable_authorized", "refs_sync_authorized", "github_primary_switch_authorized", - "action_buttons_allowed" + "action_buttons_allowed", + "workflow_secret_owner_handoff_package_ready", + "workflow_secret_owner_handoff_completion_percent", + "workflow_secret_owner_handoff_check_count", + "workflow_secret_owner_handoff_packet_field_count", + "workflow_secret_owner_request_dispatch_authorized", + "secret_name_parity_complete", + "secret_value_or_hash_collection_allowed", + "workflow_secret_owner_response_handoff_not_approval" ], "properties": { "owner_response_status": {"type": "string", "enum": ["waiting_owner_response"]}, @@ -120,10 +131,111 @@ "github_hosted_runner_enable_authorized": {"type": "boolean", "const": false}, "refs_sync_authorized": {"type": "boolean", "const": false}, "github_primary_switch_authorized": {"type": "boolean", "const": false}, - "action_buttons_allowed": {"type": "boolean", "const": false} + "action_buttons_allowed": {"type": "boolean", "const": false}, + "workflow_secret_owner_handoff_package_ready": {"type": "boolean", "const": true}, + "workflow_secret_owner_handoff_completion_percent": { + "type": "integer", + "minimum": 0, + "maximum": 100 + }, + "workflow_secret_owner_handoff_check_count": {"type": "integer", "minimum": 0}, + "workflow_secret_owner_handoff_packet_field_count": {"type": "integer", "minimum": 0}, + "workflow_secret_owner_request_dispatch_authorized": {"type": "boolean", "const": false}, + "secret_name_parity_complete": {"type": "boolean", "const": false}, + "secret_value_or_hash_collection_allowed": {"type": "boolean", "const": false}, + "workflow_secret_owner_response_handoff_not_approval": {"type": "boolean", "const": true} }, "additionalProperties": false }, + "workflow_secret_owner_handoff_preflight_checks": { + "type": "array", + "items": { + "type": "object", + "required": [ + "check_id", + "display_order", + "check", + "current_status", + "execution_authorized" + ], + "properties": { + "check_id": {"type": "string"}, + "display_order": {"type": "integer", "minimum": 1}, + "check": {"type": "string"}, + "current_status": { + "type": "string", + "enum": ["defined_not_dispatched"] + }, + "execution_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "workflow_secret_owner_handoff_packet": { + "type": "object", + "required": [ + "request_id", + "stage_id", + "source_evidence_summary", + "requested_templates", + "recipient_role_or_team_required", + "required_response_fields", + "allowed_metadata", + "forbidden_inputs", + "not_approval", + "execution_authorized" + ], + "properties": { + "request_id": {"type": "string"}, + "stage_id": {"type": "string"}, + "source_evidence_summary": { + "type": "object", + "required": [ + "local_evidence_repo_count", + "local_workflow_file_count", + "local_referenced_secret_name_count", + "runner_label_count" + ], + "properties": { + "local_evidence_repo_count": {"type": "integer", "minimum": 0}, + "local_workflow_file_count": {"type": "integer", "minimum": 0}, + "local_referenced_secret_name_count": {"type": "integer", "minimum": 0}, + "runner_label_count": {"type": "integer", "minimum": 0} + }, + "additionalProperties": false + }, + "requested_templates": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "recipient_role_or_team_required": {"type": "boolean", "const": true}, + "required_response_fields": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "allowed_metadata": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "forbidden_inputs": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "not_approval": {"type": "boolean", "const": true}, + "execution_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "post_dispatch_invariants": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, "owner_response_template_statuses": { "type": "array", "description": "S4.12 五個 workflow / secret name response templates 的逐項收件狀態;只供 AwoooP 顯示,不代表 request sent、response received、workflow / secret execution queue 或 primary readiness。", diff --git a/docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md b/docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md index c66478ca..bb519162 100644 --- a/docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md +++ b/docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-05-17 | -| 狀態 | 草案,等待 owner response | +| 日期 | 2026-06-04 | +| 狀態 | 草案與 P1-4 handoff 已整理,等待 owner response | | 資料契約 | `docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json` | | 快照 | `docs/security/source-control-workflow-secret-name-owner-response.snapshot.json` | | 來源契約 | `source_control_workflow_secret_name_inventory_v1` | @@ -30,7 +30,7 @@ S4.12 不是 secret 搬移、不是 workflow 修改、不是 runner 啟用、不 | export lanes | 5 | | local evidence repos | 4 | | local workflow files | 31 | -| local referenced secret names | 43 | +| local referenced secret names | 42 | | owner response request packet | 1 | | template status ledger | 5 | | audit event templates | 3 | @@ -48,6 +48,55 @@ S4.12 不是 secret 搬移、不是 workflow 修改、不是 runner 啟用、不 | 授權修改 workflow / webhook / runner / deploy key / branch protection / secret | `false` | | 授權啟用 GitHub hosted runner | `false` | | 授權 sync refs / 切 GitHub primary | `false` | +| P1-4 handoff package | `ready` | +| request dispatch authorized | `false` | +| secret value / hash / partial token collection | `false` | + +## 1.0 2026-06-04 P1-4 Workflow / Secret Owner Handoff + +本段把 S4.12 從「收件包已定義」推到「P1-4 可交接請 owner 逐項回覆」。這是 workflow / runner / secret parity 的 handoff readiness,不是 request sent、不是 owner response received、不是 secret parity complete,也不是 workflow、webhook、runner、deploy key、branch protection、CODEOWNERS 或 repository secret 變更批准。 + +| 指標 | 值 | +|------|----| +| P1-4 handoff package | ready | +| handoff completion | 100% | +| local workflow files | 31 | +| local referenced secret names | 42 | +| runner label names | 5 | +| request dispatch authorized | false | +| owner response received | 0 | +| owner response accepted | 0 | +| workflow / secret modification authorized | false | +| secret value collection allowed | false | + +### 1.0.1 送件前檢查 + +| 順序 | 檢查項 | 完成條件 | 目前狀態 | +|------|--------|----------|----------| +| 1 | 基線同步 | 送件前確認 `gitea/main`、local evidence、S4.9-S4.12 source packets 最新狀態 | 已定義,未送件 | +| 2 | local evidence freshness | 以 2026-06-04 local evidence 的 31 個 workflow files、42 個 unique secret names、5 個 runner labels 為基準 | 已定義,未送件 | +| 3 | 五個 response lane | webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 逐項追蹤 | 已定義,未送件 | +| 4 | metadata only | 只收 redacted host、runner label、key name、ruleset / CODEOWNERS metadata、secret name / scope / present-absent | 已定義,未送件 | +| 5 | secret material 拒收 | secret value、hash、masked token、partial token、private key、runner token、webhook secret 全部拒收或隔離 | 已定義,未送件 | +| 6 | 執行要求拒收 | workflow / webhook / runner / deploy key / branch protection / repository secret 修改、hosted runner enable、refs sync、primary switch 全部 hard reject | 已定義,未送件 | + +### 1.0.2 交接封套欄位 + +| 欄位 | 內容規則 | +|------|----------| +| `request_id` | `p1_4_workflow_secret_owner_response_handoff` | +| `stage_id` | `S4.12` | +| `source_evidence_summary` | local repos 4、workflow files 31、unique secret names 42、runner labels 5 | +| `requested_templates` | 只引用本文件第 3 節五個 template id | +| `recipient_role_or_team` | 只填 role / team,不收個人敏感資料或 credential | +| `required_response_fields` | owner role/team、decision、repo、provider、lane、lane-specific owner、lane-specific metadata、redacted evidence refs、followup owner | +| `allowed_metadata` | redacted host、event types、runner label、key name、required checks、CODEOWNERS path、secret name、scope、present-absent | +| `forbidden_inputs` | secret value、secret hash、masked token、partial token、token value、runner token、webhook secret、private key、deploy key private key、authorization header | +| `not_approval` | 必須為 `true` | + +### 1.0.3 送件後不變條件 + +即使後續 owner 實際回覆,也只能先進 S4.12 intake preflight 與 reviewer validation。通過後可更新 read-only workflow / secret name inventory、export request、primary readiness blocker wording 與 status rollup;不得建立、複製、rotate、修改或刪除 secret,不得改 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS,不得啟用 GitHub hosted runner,不得 sync refs、切 GitHub primary 或停用 Gitea。 ## 1.1 Owner Response Request Packet diff --git a/docs/security/source-control-workflow-secret-name-owner-response.snapshot.json b/docs/security/source-control-workflow-secret-name-owner-response.snapshot.json index 6f43cb43..95b2fc62 100644 --- a/docs/security/source-control-workflow-secret-name-owner-response.snapshot.json +++ b/docs/security/source-control-workflow-secret-name-owner-response.snapshot.json @@ -1,7 +1,7 @@ { "schema_version": "source_control_workflow_secret_name_owner_response_v1", "status": "draft_waiting_owner_response", - "date": "2026-05-17", + "date": "2026-06-04", "mode": "owner_workflow_secret_name_response_intake_only", "runtime_execution_authorized": false, "source_contract": "source_control_workflow_secret_name_inventory_v1", @@ -25,7 +25,7 @@ "export_lane_count": 5, "local_evidence_repo_count": 4, "local_workflow_file_count": 31, - "local_referenced_secret_name_count": 43, + "local_referenced_secret_name_count": 42, "owner_response_request_packet_count": 1, "owner_response_template_status_count": 5, "owner_response_audit_event_template_count": 3, @@ -49,8 +49,126 @@ "github_primary_switch_authorized": false, "action_buttons_allowed": false, "owner_response_collection_check_count": 6, - "intake_preflight_check_count": 6 + "intake_preflight_check_count": 6, + "workflow_secret_owner_handoff_package_ready": true, + "workflow_secret_owner_handoff_completion_percent": 100, + "workflow_secret_owner_handoff_check_count": 6, + "workflow_secret_owner_handoff_packet_field_count": 9, + "workflow_secret_owner_request_dispatch_authorized": false, + "secret_name_parity_complete": false, + "secret_value_or_hash_collection_allowed": false, + "workflow_secret_owner_response_handoff_not_approval": true }, + "workflow_secret_owner_handoff_preflight_checks": [ + { + "check_id": "p1-4-baseline-sync", + "display_order": 1, + "check": "送件前確認 gitea/main、local evidence、S4.9-S4.12 source packets 最新狀態。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-4-local-evidence-freshness", + "display_order": 2, + "check": "以 2026-06-04 local evidence 的 31 個 workflow files、42 個 unique secret names、5 個 runner labels 為基準。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-4-five-response-lanes", + "display_order": 3, + "check": "webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 逐項追蹤。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-4-metadata-only", + "display_order": 4, + "check": "只收 redacted host、runner label、key name、ruleset / CODEOWNERS metadata、secret name / scope / present-absent。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-4-secret-material-rejected", + "display_order": 5, + "check": "secret value、hash、masked token、partial token、private key、runner token、webhook secret 全部拒收或隔離。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + }, + { + "check_id": "p1-4-execution-request-rejected", + "display_order": 6, + "check": "workflow / webhook / runner / deploy key / branch protection / repository secret 修改、hosted runner enable、refs sync、primary switch 全部 hard reject。", + "current_status": "defined_not_dispatched", + "execution_authorized": false + } + ], + "workflow_secret_owner_handoff_packet": { + "request_id": "p1_4_workflow_secret_owner_response_handoff", + "stage_id": "S4.12", + "source_evidence_summary": { + "local_evidence_repo_count": 4, + "local_workflow_file_count": 31, + "local_referenced_secret_name_count": 42, + "runner_label_count": 5 + }, + "requested_templates": [ + "response-webhook-redacted-export", + "response-runner-label-owner", + "response-deploy-key-redacted-export", + "response-branch-protection-codeowners", + "response-repository-secret-name-parity" + ], + "recipient_role_or_team_required": true, + "required_response_fields": [ + "owner_role_or_team", + "decision", + "repo", + "provider", + "lane", + "lane_specific_owner", + "lane_specific_metadata", + "redacted_evidence_refs", + "followup_owner" + ], + "allowed_metadata": [ + "redacted_host", + "event_types", + "runner_label", + "key_name", + "required_checks", + "codeowners_path", + "secret_name", + "scope", + "present_absent" + ], + "forbidden_inputs": [ + "secret_value", + "secret_hash", + "masked_token", + "partial_token", + "token_value", + "runner_registration_token", + "webhook_secret", + "private_key", + "deploy_key_private_key", + "authorization_header", + "workflow_modification_request", + "runner_enablement_request", + "github_hosted_runner_enable_request", + "repository_secret_change_request", + "github_primary_switch_request" + ], + "not_approval": true, + "execution_authorized": false + }, + "post_dispatch_invariants": [ + "Owner response 到來後仍需先進 S4.12 intake preflight 與 reviewer validation。", + "通過後只可更新 read-only workflow / secret name inventory、export request、primary readiness blocker wording 與 status rollup。", + "不得建立、複製、rotate、修改或刪除 secret。", + "不得改 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS,不得啟用 GitHub hosted runner。", + "不得 sync refs、切 GitHub primary 或停用 Gitea。" + ], "owner_response_request_packet": { "request_id": "s4_12_workflow_secret_name_owner_response_request", "display_status": "ready_to_request_owner_response", diff --git a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md index 7de22577..cc859fb7 100644 --- a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md +++ b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md @@ -23,7 +23,7 @@ | runtime landing | 40-45% | 否 | production 只讀頁存在,不等於 runtime ingestion 或 execution router | | active runtime gate | 0 | 否 | 必須維持 0,直到獨立人工批准、rollback、post-check 與 guard 成立 | | S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收,不標記 received / accepted | -| GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 66%,不代表可切 primary | +| GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 68%,不代表可切 primary | | Kali 112 維護準備 | 只讀證據已納管,維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan | | 111 / 168 開發主機納管 | observe-only mapping 已有,維護包需補強 | 可補文件,不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 | | VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 | @@ -154,10 +154,10 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count | GitHub target owner response handoff | 100% | S4.10 已對齊 2026-06-04 target probe,補 6 項 target owner handoff preflight、9 欄 handoff packet 與送後不變條件 | `not_found_or_private` 不得視為不存在;received / accepted 仍 0,不建 repo、不改 visibility | | 全量 Gitea 專案版本盤點 | 25% | 目前仍是 public-only + 本機輔助 evidence | 需只讀 token / admin export;不使用 write credential | | 逐 repo refs truth queue | 100% | S4.11 current queue 已重產為 `194` refs review items:真相來源 `4`、deprecated / archive 候選 `142`、release tag `3`、GitHub-only `20` | 送 owner response;received / accepted 仍維持 0 | -| Workflow / runner / secret parity owner response | 15% | 有 local evidence 與 template,但 received / accepted 皆 0 | 只收 redacted metadata,不收 value | +| Workflow / runner / secret parity owner response handoff | 100% | S4.12 已對齊 2026-06-04 local evidence,補 6 項 workflow / secret handoff preflight、9 欄 handoff packet 與送後不變條件;local secret names 校正為 `42` | 只收 redacted metadata,不收 value / hash / partial token;received / accepted 仍 0 | | GitHub primary cutover readiness | 0% | `primary_ready_count=0`、`github_primary_switch_authorized=false` | 需 owner、parity、rollback ADR、人工批准全部成立 | -P1 只讀重盤階段整體完成度:`66%`。它代表 freshness / inventory / handoff 工作進度,不代表 GitHub primary gate、authenticated inventory gate、owner response accepted 或 runtime gate 提升。 +P1 只讀重盤階段整體完成度:`68%`。它代表 freshness / inventory / handoff 工作進度,不代表 GitHub primary gate、authenticated inventory gate、workflow / secret parity complete、owner response accepted 或 runtime gate 提升。 ## 6.2 規範分析:已不符合、需新增、需調整 @@ -181,7 +181,7 @@ P1 只讀重盤階段整體完成度:`66%`。它代表 freshness / inventory / | P1-1 | Source-control refs truth 重產 | 以 2026-06-04 `awoooi` refs refresh 重產 detail diff / truth classification | 新 queue 已改為 `194` items,不再引用舊 `141` 為 current | | P1-2 | Gitea authenticated inventory request | 已補 2026-06-04 request handoff package;S4.9 owner response gate 作先行條件,只讀 token API / redacted admin export 二選一 | 只收 metadata,不保存 token value;received / accepted / imported 全部仍為 0 | | P1-3 | GitHub target owner response | 已補 2026-06-04 target owner handoff package;對 7 個 in-scope targets 收 owner / visibility / canonical 決策 | received / accepted 前仍全部 0;`not_found_or_private` 不代表不存在或可建立 | -| P1-4 | Workflow / runner / secret parity evidence | webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity | redacted evidence refs 完整,secret value 仍拒收 | +| P1-4 | Workflow / runner / secret parity evidence | 已補 2026-06-04 owner response handoff package;webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity 只收 redacted metadata | secret value、hash、masked token、partial token 仍拒收;received / accepted 前全部 0 | | P1-5 | Primary rollback ADR 補強 | 逐 repo rollback owner、trigger、validation window、fallback role | ADR approved 前不切 primary | | P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count | | P1-7 | Kali 112 maintenance window 草案 | packages、`networking.service` failed、hardening 0/4、rollback、post-check | 文件草案,不執行 `apt upgrade` / restart / scan | @@ -210,6 +210,8 @@ P1 只讀重盤階段整體完成度:`66%`。它代表 freshness / inventory / | P1-2 JSON parse / structure check | `gitea-authenticated-inventory-export-request.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `GITEA_AUTHENTICATED_INVENTORY_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator | | P1-3 GitHub target owner response handoff | S4.10 日期更新為 2026-06-04;補 6 項 target owner handoff preflight、9 欄 handoff packet、送後不變條件;received / accepted / rejected 仍 0 | | P1-3 JSON parse / structure check | `github-target-owner-decision-response.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `GITHUB_TARGET_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator | +| P1-4 Workflow / secret owner response handoff | S4.12 日期更新為 2026-06-04;補 6 項 workflow / secret handoff preflight、9 欄 handoff packet、送後不變條件;local referenced secret names 校正為 `42`;received / accepted / rejected 仍 0 | +| P1-4 JSON parse / structure check | `source-control-workflow-secret-name-owner-response.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `WORKFLOW_SECRET_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator | | P1 JSON parse | `gitea-github-awoooi-inventory`、`github-target-probe`、`source-control-primary-readiness-gate`、`source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 | | P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy;不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 |