wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 5 Packages Projects Releases Wiki Activity

docs(security): add approval queue contract [skip ci]

Browse Source
This commit is contained in:
Your Name
2026-05-13 10:40:26 +08:00
parent eccbd6b746
commit b8dff79aa3
12 changed files with 569 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/LOGBOOK.md
View File

@@ -7084,3 +7084,28 @@ not_used_reason=legacy direct provider path; bridge audit only
- 沒有新增 runtime endpoint、DB migration、model 或 AwoooP execution action。
- 沒有保存 SSH 密碼、API key、token、cookie、private key 或 exploit payload。
- LOW / MEDIUM observation 仍然不升級成 blocking gate。
## 2026-05-13 - Security Supply Chain S1.7AwoooP Security Approval Queue
完成:
- 新增 `docs/schemas/security_approval_queue_v1.schema.json`
- 新增 `docs/security/security-approval-queue.snapshot.json`,集中 8 個 queue items7 個 pending approval、1 個 block candidate。
- 新增 `docs/security/SECURITY-APPROVAL-QUEUE.md`,提供 AwoooP review order、blocked reason、required reviewers 與 evidence refs。
- 更新 Security Supply Chain manifestcontract count 從 18 增至 19。
- 更新 AwoooP mirror-only checklist、Security Supply Chain handoff、Kali scan scope approval package、Kali integration status 與整體進度。
Review order
1. 先 review `kali-finding-runtime-ingestion-approval-20260513`,只接 redacted finding evidence。
2. 再 review `kali-safe-web-crawl-approval-20260513`,只允許 TLS/header/basic crawl。
3. 再 review Gitea read-only inventory 與 source-control owner / refs truth decision。
4. Credentialed scan、Kali full-upgrade / reboot、Kali `/execute` 維持高風險 gate其中 `/execute` 是 block candidate。
邊界:
- 沒有執行 queue item。
- 沒有啟動 scan。
- 沒有新增 runtime endpoint、DB migration、model 或 AwoooP execution action。
- 沒有建立 GitHub repo、修改 visibility、sync refs 或切 GitHub primary。
- 沒有保存 raw secret、token、cookie、private key 或 exploit payload。

140
docs/schemas/security_approval_queue_v1.schema.json Normal file
View File

@@ -0,0 +1,140 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:security-approval-queue-v1",
"title": "AWOOOI Security Supply Chain Approval Queue (v1)",
"description": "集中整理 Security Supply Chain 初期需要 AwoooP 顯示、排隊、等待人工批准的高風險或敏感邊界項目。此契約不授權執行。",
"type": "object",
"required": [
"schema_version",
"status",
"date",
"default_mode",
"execution_authorized",
"runtime_changes_authorized",
"raw_secret_storage_authorized",
"summary",
"queue_items",
"next_recommended_review_order"
],
"properties": {
"schema_version": {
"const": "security_approval_queue_v1"
},
"status": {
"type": "string",
"enum": ["draft"]
},
"date": {
"type": "string"
},
"default_mode": {
"type": "string",
"enum": ["approval_only"]
},
"execution_authorized": {
"type": "boolean",
"const": false
},
"runtime_changes_authorized": {
"type": "boolean",
"const": false
},
"raw_secret_storage_authorized": {
"type": "boolean",
"const": false
},
"summary": {
"type": "object",
"required": [
"total_items",
"pending_approval_count",
"block_candidate_count",
"observe_or_warn_count"
],
"properties": {
"total_items": {"type": "integer", "minimum": 0},
"pending_approval_count": {"type": "integer", "minimum": 0},
"block_candidate_count": {"type": "integer", "minimum": 0},
"observe_or_warn_count": {"type": "integer", "minimum": 0}
},
"additionalProperties": false
},
"queue_items": {
"type": "array",
"items": {
"type": "object",
"required": [
"queue_item_id",
"source_contract",
"source_event_id",
"title",
"risk",
"state",
"recommended_awooop_mode",
"requested_decision",
"blocked_until_approved",
"required_reviewers",
"evidence_refs",
"allowed_after_approval",
"still_forbidden"
],
"properties": {
"queue_item_id": {"type": "string"},
"source_contract": {"type": "string"},
"source_event_id": {"type": "string"},
"title": {"type": "string"},
"risk": {
"type": "string",
"enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"]
},
"state": {
"type": "string",
"enum": ["observe_only", "warn_only", "pending_approval", "block_candidate"]
},
"recommended_awooop_mode": {
"type": "string",
"enum": ["observe", "warn", "approve_required", "block_candidate"]
},
"requested_decision": {"type": "string"},
"blocked_until_approved": {"type": "boolean"},
"required_reviewers": {
"type": "array",
"items": {
"type": "string",
"enum": [
"critic",
"vuln-verifier",
"migration-engineer",
"security-commander",
"human-owner"
]
},
"uniqueItems": true
},
"evidence_refs": {
"type": "array",
"items": {"type": "string"}
},
"allowed_after_approval": {
"type": "array",
"items": {"type": "string"}
},
"still_forbidden": {
"type": "array",
"items": {"type": "string"}
},
"expires_at": {
"type": "string",
"format": "date-time"
}
},
"additionalProperties": false
}
},
"next_recommended_review_order": {
"type": "array",
"items": {"type": "string"}
}
},
"additionalProperties": false
}

5
docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md
View File

@@ -28,6 +28,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| `security_finding_v1` | Kali / Trivy / ZAP / Semgrep / detect-secrets / kube posture | Runtime State、Channel Event、Audit | mirror-only | 不保存 raw secret、cookie、token、exploit payload |
| `kali_integration_status_v1` | 192.168.0.112 live health / update / gap evidence | Security posture、Operator Console、Approval candidate | mirror-only | 不保存 SSH 密碼或 API key、不直接啟動 scan 或 `/execute` |
| `kali_scan_scope_approval_v1` | Kali 112 scan scope、111/168 observe-only、safe/active/credentialed/execute/full-upgrade gates | Approval queue、Operator Console、Audit | approval-only | 只顯示 scope 與 gate不啟動 scan、不呼叫 `/execute` |
| `security_approval_queue_v1` | Security Supply Chain pending approval / block candidate 集中隊列 | Approval queue、Operator Console、Audit | approval-only | 只顯示 review order 與 blocked reason不執行 queue item |
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 不保存 token value、不刪除或停用 Gitea repo |
@@ -77,6 +78,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| `security_finding_v1.severity=HIGH|CRITICAL` | `approve_required` | 產生 `approval_required_event_v1` |
| `kali_integration_status_v1.status=partial_runtime_health_integrated` | `observe` | 顯示 Kali 112 health、更新紀錄、缺口與 approval gates不得直接掃描 |
| `kali_scan_scope_approval_v1.status=draft_waiting_approval` | `approve_required` | 顯示 Kali 112、111/168、核心主機、公開網站 scope 與 gate不得執行 scan |
| `security_approval_queue_v1.status=draft` | `approve_required` | 顯示 8 個 queue items、review order 與 blocked reason不得執行 item |
| `coding_task_v1.risk=LOW|MEDIUM` | `warn` | 可排入 Codex patch-only backlog |
| `coding_task_v1.risk=HIGH|CRITICAL` | `approve_required` | 必須指定 `critic``vuln-verifier` |
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason不允許切 primary |
@@ -140,6 +142,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| Kali 112 integration status | `docs/security/kali-integration-status.snapshot.json` / `docs/security/KALI-INTEGRATION-STATUS.md` |
| Security finding contract | `docs/security/security-finding-kali-sample.snapshot.json` / `docs/security/SECURITY-FINDING-CONTRACT.md` |
| Kali scan scope approval package | `docs/security/kali-scan-scope-approval.snapshot.json` / `docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` |
| Security approval queue | `docs/security/security-approval-queue.snapshot.json` / `docs/security/SECURITY-APPROVAL-QUEUE.md` |
| 本機 repo canonical lineage snapshot | `docs/security/local-repo-canonical-ewoooc-momo.snapshot.json` / `docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md` |
| Internal 110 refs snapshot | `docs/security/git-remote-refs-bitan-tsenyang.snapshot.json` / `docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` |
| wooo-infra-config refs snapshot | `docs/security/git-remote-refs-wooo-infra-config.snapshot.json` / `docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md` |
@@ -153,4 +156,4 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
1. AwoooP 主線先把本清單視為契約消費檢查清單。
2. Security Supply Chain Session 補齊 Gitea 全量 repo inventory 的只讀 token 或管理匯出來源。
3. AwoooP 只建立 mirror/read-only policy 入口,不新增 execution action。
4. 任一方要把事件升級成實際執行,都必須先產出 `approval_required_event_v1`
4. 任一方要把事件升級成實際執行,都必須先產出 `approval_required_event_v1`,並在 `security_approval_queue_v1` 中維持 `blocked_until_approved=true` 直到人工決策完成

16
docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md
View File

@@ -73,7 +73,7 @@
```text
Kali / Code Review / GitHub / Gitea / Codex
-> security_supply_chain_contract_manifest_v1
-> security_finding_v1 / kali_scan_scope_approval_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
-> security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
-> AWOOOI ingestion / asset_inventory / AIOps KPI / AOL
-> mirror 到 AwoooP Runtime State / Channel Event / Audit
-> AwoooP Policy / Approval / Exception / Operator Console
@@ -123,6 +123,18 @@ Snapshot`docs/security/kali-scan-scope-approval.snapshot.json`
AwoooP 初期處理方式:只顯示 scope group 與 approval gate可建立 approval candidate但不得啟動 scan、不得呼叫 `/execute`、不得把 LOW / MEDIUM observation 變成 blocking gate。
### `security_approval_queue_v1`
用途:集中整理 Security Supply Chain 現階段需要 AwoooP 顯示、排隊、等待人工決策的 pending approval / block candidate。
Schema`docs/schemas/security_approval_queue_v1.schema.json`
Snapshot`docs/security/security-approval-queue.snapshot.json`
目前 queue8 items6 個 pending approval2 個 block candidate。建議先 review redacted Kali finding ingestion再 review safe web crawl 與 Gitea read-only inventory。
AwoooP 初期處理方式:只顯示 review order、blocked reason、required reviewers 與 evidence refs可建立 approval candidate但不得執行 queue item。
### `security_rollout_policy_v1`
用途:定義 Security Supply Chain 初期的低摩擦 rollout policy避免把 observation 全部變成 blocking controls。
@@ -155,7 +167,7 @@ Schema`docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`
"schema_version": "security_supply_chain_contract_manifest_v1",
"status": "draft",
"default_enforcement_level": "mirror_only",
"contract_count": 18
"contract_count": 19
}
```

1
docs/security/KALI-INTEGRATION-STATUS.md
View File

@@ -108,6 +108,7 @@ AwoooP 現階段只能 mirror `kali_integration_status_v1`
2.`/execute`、API key fallback、Harbor scan failure 標成 review item。
3. 針對 active scan、credentialed scan、full-upgrade、reboot 建立 approval candidate。
4. 不新增任何直接執行掃描或 command 的按鈕。
5. 讀取 `docs/security/SECURITY-APPROVAL-QUEUE.md` 的 review order優先處理 redacted finding ingestion 與 safe web crawl。
## 7. 下一個 gate

13
docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md
View File

@@ -6,6 +6,7 @@
| 狀態 | 草案,等待人工批准 |
| Schema | `docs/schemas/kali_scan_scope_approval_v1.schema.json` |
| Snapshot | `docs/security/kali-scan-scope-approval.snapshot.json` |
| Approval queue | `docs/security/SECURITY-APPROVAL-QUEUE.md` |
| 來源 | `host:kali-112` / `192.168.0.112` |
| 原則 | 低摩擦、先 observe、掃描深度分級、所有高風險執行都 blocked until approved |
@@ -77,3 +78,15 @@ AwoooP 可把 `kali_scan_scope_approval_v1` 當成 approval queue 與 Operator C
5. 保持所有高風險 action button 隱藏或 disabled。
除非 approval event 被人工批准AwoooP 只能 mirror不得執行。
## 6. Queue 對應
本 package 的 gate 已同步到 `security_approval_queue_v1`
| Gate | Queue state | 建議 |
|------|-------------|------|
| `kali-finding-runtime-ingestion-approval-20260513` | `pending_approval` | 建議第一優先 review因為只接 redacted finding不改 runtime control |
| `kali-safe-web-crawl-approval-20260513` | `pending_approval` | 建議第二優先 review只允許 TLS/header/basic crawl |
| `kali-credentialed-scan-approval-20260513` | `pending_approval` | 高風險,需 credential source、scope、audit trail |
| `kali-full-upgrade-reboot-approval-20260513` | `pending_approval` | 需維護窗口、snapshot、rollback、post-health gate |
| `kali-execute-endpoint-approval-20260513` | `block_candidate` | 預設不應接入 AwoooP runtime |

67
docs/security/SECURITY-APPROVAL-QUEUE.md Normal file
View File

@@ -0,0 +1,67 @@
# Security Supply Chain Approval Queue
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 狀態 | 草案 |
| Schema | `docs/schemas/security_approval_queue_v1.schema.json` |
| Snapshot | `docs/security/security-approval-queue.snapshot.json` |
| 預設模式 | `approval_only` |
| 原則 | AwoooP 可以顯示與排隊,但不得執行 |
## 0. 核心結論
本 queue 把目前 Security Supply Chain 已整理出的高風險或敏感邊界,集中成 AwoooP 可 mirror 的 approval queue。
它不是授權清單。所有 queue item 都只能顯示、排序、建立 approval candidate不能直接執行。
目前狀態:
| 指標 | 數量 |
|------|------|
| queue items | 8 |
| pending approval | 7 |
| block candidate | 1 |
| execution authorized | false |
| runtime changes authorized | false |
| raw secret storage authorized | false |
## 1. Review 順序建議
| 順序 | Queue item | 為什麼先看 |
|------|------------|------------|
| 1 | `kali-finding-runtime-ingestion-approval-20260513` | 先接 redacted finding evidence風險低、價值高 |
| 2 | `kali-safe-web-crawl-approval-20260513` | TLS/header/basic crawl 屬低噪音,但仍需批准 scope |
| 3 | `gitea-private-internal-server-side-inventory-2026-05-12` | Gitea 全量版本轉 GitHub 的前置 gate |
| 4 | `source-control-target-repo-approval-bundle-20260513` | 逐 repo owner / visibility / canonical 決策 |
| 5 | `source-control-ref-truth-review-bundle-20260513` | refs truth / deprecated / release tag review |
| 6 | `kali-credentialed-scan-approval-20260513` | 需要憑證,風險較高 |
| 7 | `kali-full-upgrade-reboot-approval-20260513` | 需要維護窗口、snapshot、rollback 與 post-check |
| 8 | `kali-execute-endpoint-approval-20260513` | CRITICAL預設 block candidate不應接入 runtime |
## 2. AwoooP 可以做
1. 顯示 queue item、risk、state、required reviewers。
2. 顯示 evidence refs 與 blocked reason。
3. 建立 approval candidate。
4. 保存人工決策結果與 audit evidence。
5. 依 review order 提醒下一個低摩擦 gate。
## 3. AwoooP 不可以做
1. 不直接啟動 Kali scan。
2. 不直接呼叫 Kali `/execute`
3. 不建立 GitHub repo。
4. 不修改 repo visibility。
5. 不 sync refs。
6. 不切 GitHub primary。
7. 不保存 raw secret、token、cookie、private key 或 exploit payload。
8. 不把 LOW / MEDIUM observation 變成 blocking gate。
## 4. 初期策略
最適合先批准的不是高強度掃描,而是 `kali-finding-runtime-ingestion-approval-20260513`
原因是它只允許接收已脫敏 `security_finding_v1` 摘要,能讓 Kali findings 進入 AwoooP 可見性與 audit卻不會改變 firewall、RBAC、NetworkPolicy、deploy 或 Git 主控面。
`kali-execute-endpoint-approval-20260513` 則應維持 block candidate。除非未來建立 allowlist、disable gate、完整 audit 與人工 exception否則不應讓 AwoooP runtime 直接碰這條路徑。

3
docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md
View File

@@ -11,7 +11,7 @@
## 0. 核心結論
目前 Security Supply Chain 已有 18 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口避免不同 Session 各自解讀。
目前 Security Supply Chain 已有 19 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口避免不同 Session 各自解讀。
初期預設仍是 `mirror_only`。Manifest 不授權 runtime enforcement、不授權 GitHub/Gitea 主控切換、不授權 repo 建立或 refs sync。
@@ -23,6 +23,7 @@
| `security_finding_v1` | mirror-only | Kali / code / infra finding | `security-finding-kali-sample.snapshot.json` |
| `kali_integration_status_v1` | mirror-only | Kali 112 live health / update / gap evidence | `kali-integration-status.snapshot.json` |
| `kali_scan_scope_approval_v1` | approval-only | Kali scan scope、111/168 observe-only、active/credentialed/execute gate | `kali-scan-scope-approval.snapshot.json` |
| `security_approval_queue_v1` | approval-only | AwoooP 可 mirror 的 Security Supply Chain approval queue | `security-approval-queue.snapshot.json` |
| `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot |
| `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi``clawbot-v5``wooo-aiops` |
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory | public-only / blocked endpoint snapshots |

9
docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
View File

@@ -4,7 +4,7 @@
|------|------|
| 日期 | 2026-05-13 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | Security Supply Chain contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package |
| 本階段完成 | Security Supply Chain contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -20,9 +20,10 @@
| S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs |
| S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs | repo owner 單 ref / 單 repo 判定 |
| S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立 | AwoooP read-only policy 消費 |
| S1.4 Contract manifest | 完成草案 | 18 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
| S1.4 Contract manifest | 完成草案 | 19 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
| S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + `/execute` high-risk gate |
| S1.6 Kali finding / scan scope approval | 完成草案 | `security_finding_v1` sample snapshot 與 `kali_scan_scope_approval_v1` approval package 已建立111/168 已納入 observe-only scope | 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate |
| S1.7 Security approval queue | 完成草案 | 8 個 approval queue items 已集中7 pending approval、1 block candidateAwoooP 可 mirror 但不得執行 | 先 review redacted finding ingestion再 review safe crawl / Gitea inventory |
| S2 AwoooP mirror-only | 可交接 | `AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md` 已列出可消費事件與禁止動作 | AwoooP 主線建立只讀入口 |
| S3 approval gate | 未開始 | 已定義哪些動作要進 approval | 不得繞過人工批准 |
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證 | SHA/tag/workflow parity 與 rollback ADR |
@@ -59,6 +60,8 @@
| Security finding sample JSON | `docs/security/security-finding-kali-sample.snapshot.json` |
| Kali scan scope approval package | `docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` |
| Kali scan scope approval JSON | `docs/security/kali-scan-scope-approval.snapshot.json` |
| Security approval queue | `docs/security/SECURITY-APPROVAL-QUEUE.md` |
| Security approval queue JSON | `docs/security/security-approval-queue.snapshot.json` |
| 低摩擦 rollout policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` |
| 低摩擦 rollout policy JSON | `docs/security/security-rollout-policy.snapshot.json` |
| Security Supply Chain contract manifest | `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md` |
@@ -90,4 +93,4 @@
5.`KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`
6. AwoooP 主線只建立 mirror-only / read-only policy 入口,不新增執行按鈕。
7. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy不做 runtime blocking。
8. AwoooP 主線先讀 `security_supply_chain_contract_manifest_v1` 作為 contract registry,不新增 execution router。
8. AwoooP 主線先讀 `security_approval_queue_v1``security_supply_chain_contract_manifest_v1`,顯示 review order 與 blocked reason,不新增 execution router。

2
docs/security/kali-integration-status.snapshot.json
View File

@@ -70,7 +70,7 @@
"尚未移除 scanner API 原始碼中的 API key fallback",
"尚未套用 kali-scanner.service systemd hardening override"
],
"awooop_consumption": "mirror_only_status_and_gap_evidence"
"awooop_consumption": "mirror_only_status_and_gap_evidence_plus_security_approval_queue"
},
"risk_register": [
{

277
docs/security/security-approval-queue.snapshot.json Normal file
View File

@@ -0,0 +1,277 @@
{
"schema_version": "security_approval_queue_v1",
"status": "draft",
"date": "2026-05-13",
"default_mode": "approval_only",
"execution_authorized": false,
"runtime_changes_authorized": false,
"raw_secret_storage_authorized": false,
"summary": {
"total_items": 8,
"pending_approval_count": 7,
"block_candidate_count": 1,
"observe_or_warn_count": 0
},
"queue_items": [
{
"queue_item_id": "kali-finding-runtime-ingestion-approval-20260513",
"source_contract": "kali_scan_scope_approval_v1",
"source_event_id": "kali-finding-runtime-ingestion-approval-20260513",
"title": "Kali redacted finding runtime ingestion",
"risk": "MEDIUM",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否批准先建立 redacted security_finding_v1 ingestion adapter 或 endpoint批准前只能使用 sample snapshot 與 mirror-only 文件。",
"blocked_until_approved": true,
"required_reviewers": [
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/SECURITY-FINDING-CONTRACT.md",
"docs/security/security-finding-kali-sample.snapshot.json",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_after_approval": [
"設計或實作 redacted finding ingestion adapter",
"只接收 security_finding_v1 摘要與 evidence_ref",
"mirror 到 AwoooP Runtime State / Channel Event / Audit"
],
"still_forbidden": [
"保存 raw secret/token/cookie/private key/exploit payload",
"讓 AwoooP 直接啟動 scan",
"自動封鎖 deploy",
"自動修復"
]
},
{
"queue_item_id": "kali-safe-web-crawl-approval-20260513",
"source_contract": "kali_scan_scope_approval_v1",
"source_event_id": "kali-safe-web-crawl-approval-20260513",
"title": "Public web perimeter TLS/header/basic crawl",
"risk": "MEDIUM",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否批准對公開產品 domains 執行 TLS、security header 與 basic crawl 類低噪音檢查。",
"blocked_until_approved": true,
"required_reviewers": [
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/KALI-SECURITY-MESH-BLUEPRINT.md"
],
"allowed_after_approval": [
"執行 TLS/header/basic crawl 類 safe scan",
"只產出 redacted findings",
"LOW/MEDIUM finding 只走 observe/warn"
],
"still_forbidden": [
"active DAST fuzz",
"auth flow 改狀態測試",
"credentialed scan",
"阻擋 release"
]
},
{
"queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12",
"source_contract": "approval_required_event_v1",
"source_event_id": "gitea-private-internal-server-side-inventory-2026-05-12",
"title": "Gitea private/internal read-only inventory",
"risk": "MEDIUM",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否批准使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
"blocked_until_approved": true,
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
"docs/security/gitea-readonly-inventory-approval.snapshot.json",
"docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md"
],
"allowed_after_approval": [
"使用 read-only token 或 redacted admin export 執行一次 inventory",
"只保存 token_present=true/false",
"更新 migration matrix 與 repo decision table"
],
"still_forbidden": [
"保存 token value",
"使用 write-capable token",
"建立 GitHub repo",
"sync refs",
"切 GitHub primary"
],
"expires_at": "2026-05-19T23:59:59+08:00"
},
{
"queue_item_id": "source-control-target-repo-approval-bundle-20260513",
"source_contract": "source_control_approval_board_v1",
"source_event_id": "source-control-approval-board-20260512",
"title": "7 個 GitHub target / owner / visibility / canonical 決策",
"risk": "HIGH",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否逐 repo 批准 GitHub target、owner、visibility、canonical 與 refs reconcile review此 bundle 不授權執行。",
"blocked_until_approved": true,
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md",
"docs/security/source-control-approval-board.snapshot.json",
"docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md"
],
"allowed_after_approval": [
"逐 repo 更新 owner/visibility/canonical decision",
"產生 draft reconcile plan 或 ADR",
"更新 GitHub target decision snapshot"
],
"still_forbidden": [
"建立 repo",
"修改 visibility",
"push refs",
"delete refs",
"切 GitHub primary"
]
},
{
"queue_item_id": "source-control-ref-truth-review-bundle-20260513",
"source_contract": "source_control_ref_truth_classification_v1",
"source_event_id": "source-control-ref-truth-classification-20260513",
"title": "141 個 refs truth / deprecated / release tag review items",
"risk": "HIGH",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs分類結果不得自動執行。",
"blocked_until_approved": true,
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md",
"docs/security/source-control-ref-truth-classification.snapshot.json",
"docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"
],
"allowed_after_approval": [
"標記單 ref 真相來源",
"更新 source control reconcile plan",
"產生人工 review checklist"
],
"still_forbidden": [
"push refs",
"delete refs",
"force push",
"切 GitHub primary"
]
},
{
"queue_item_id": "kali-credentialed-scan-approval-20260513",
"source_contract": "kali_scan_scope_approval_v1",
"source_event_id": "kali-credentialed-scan-approval-20260513",
"title": "Kali credentialed host/API scan",
"risk": "HIGH",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否批准對指定主機或 API 使用憑證做掃描;必須先定義 credential source、scope、audit trail 與停用方式。",
"blocked_until_approved": true,
"required_reviewers": [
"security-commander",
"vuln-verifier",
"human-owner"
],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
],
"allowed_after_approval": [
"只對批准 asset 做 credentialed scan",
"只保存 redacted finding summary",
"產生 audit evidence"
],
"still_forbidden": [
"保存 credential value",
"擴大到未批准資產",
"自動修復",
"改 firewall/RBAC/NetworkPolicy"
]
},
{
"queue_item_id": "kali-full-upgrade-reboot-approval-20260513",
"source_contract": "kali_scan_scope_approval_v1",
"source_event_id": "kali-full-upgrade-reboot-approval-20260513",
"title": "Kali rolling full-upgrade / autoremove / reboot",
"risk": "HIGH",
"state": "pending_approval",
"recommended_awooop_mode": "approve_required",
"requested_decision": "是否安排 Kali 112 維護窗口執行 full-upgrade、必要 autoremove 與 reboot必須先有 snapshot、rollback 與 post-health gate。",
"blocked_until_approved": true,
"required_reviewers": [
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_after_approval": [
"在維護窗口執行 full-upgrade",
"必要時 reboot",
"完成 ssh/cron/docker/kali-scanner health 複驗"
],
"still_forbidden": [
"未排窗口直接 reboot",
"未 snapshot 直接 full-upgrade",
"未驗證 scanner health 就宣告完成"
]
},
{
"queue_item_id": "kali-execute-endpoint-approval-20260513",
"source_contract": "kali_scan_scope_approval_v1",
"source_event_id": "kali-execute-endpoint-approval-20260513",
"title": "Kali /execute endpoint high-risk command path",
"risk": "CRITICAL",
"state": "block_candidate",
"recommended_awooop_mode": "block_candidate",
"requested_decision": "是否保留或停用 Kali /execute預設不應接入 AwoooP runtime若保留必須獨立 high-risk approval、allowlist、audit、disable gate。",
"blocked_until_approved": true,
"required_reviewers": [
"critic",
"security-commander",
"human-owner"
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_after_approval": [
"僅設計 disable/allowlist/audit gate",
"只在人工 exception 下測試"
],
"still_forbidden": [
"AwoooP runtime 直接呼叫 /execute",
"把 /execute 當成一般 MCP action",
"執行 shell command 自動修復",
"保存 command 中可能含有的敏感輸出"
]
}
],
"next_recommended_review_order": [
"kali-finding-runtime-ingestion-approval-20260513",
"kali-safe-web-crawl-approval-20260513",
"gitea-private-internal-server-side-inventory-2026-05-12",
"source-control-target-repo-approval-bundle-20260513",
"source-control-ref-truth-review-bundle-20260513",
"kali-credentialed-scan-approval-20260513",
"kali-full-upgrade-reboot-approval-20260513",
"kali-execute-endpoint-approval-20260513"
]
}

20
docs/security/security-supply-chain-contract-manifest.snapshot.json
View File

@@ -2,7 +2,7 @@
"schema_version": "security_supply_chain_contract_manifest_v1",
"status": "draft",
"default_enforcement_level": "mirror_only",
"contract_count": 18,
"contract_count": 19,
"contracts": [
{
"contract": "security_rollout_policy_v1",
@@ -67,6 +67,24 @@
],
"notes": "定義 Kali 112、111/168 dev hosts、核心 runtime hosts 與 web perimeter 的掃描深度;高風險動作 blocked_until_approved。"
},
{
"contract": "security_approval_queue_v1",
"schema_path": "docs/schemas/security_approval_queue_v1.schema.json",
"snapshot_paths": ["docs/security/security-approval-queue.snapshot.json"],
"human_docs": ["docs/security/SECURITY-APPROVAL-QUEUE.md"],
"consumer": "AwoooP approval queue / Operator Console / Audit",
"consumption_mode": "approval_only",
"allowed_actions": ["mirror_queue_item", "display_review_order", "create_approval_candidate", "record_human_decision"],
"forbidden_actions": [
"execute_queue_item",
"start_scan",
"create_repo",
"sync_refs",
"switch_github_primary",
"store_secret_value"
],
"notes": "集中整理 Kali、Gitea/GitHub、refs truth classification 等 pending approval / block candidate不授權執行。"
},
{
"contract": "coding_task_v1",
"schema_path": "docs/schemas/coding_task_v1.schema.json",