diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 6a699d45..41d42cfb 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -7084,3 +7084,28 @@ not_used_reason=legacy direct provider path; bridge audit only - 沒有新增 runtime endpoint、DB migration、model 或 AwoooP execution action。 - 沒有保存 SSH 密碼、API key、token、cookie、private key 或 exploit payload。 - LOW / MEDIUM observation 仍然不升級成 blocking gate。 + +## 2026-05-13 - Security Supply Chain S1.7:AwoooP Security Approval Queue + +完成: + +- 新增 `docs/schemas/security_approval_queue_v1.schema.json`。 +- 新增 `docs/security/security-approval-queue.snapshot.json`,集中 8 個 queue items:7 個 pending approval、1 個 block candidate。 +- 新增 `docs/security/SECURITY-APPROVAL-QUEUE.md`,提供 AwoooP review order、blocked reason、required reviewers 與 evidence refs。 +- 更新 Security Supply Chain manifest,contract count 從 18 增至 19。 +- 更新 AwoooP mirror-only checklist、Security Supply Chain handoff、Kali scan scope approval package、Kali integration status 與整體進度。 + +Review order: + +1. 先 review `kali-finding-runtime-ingestion-approval-20260513`,只接 redacted finding evidence。 +2. 再 review `kali-safe-web-crawl-approval-20260513`,只允許 TLS/header/basic crawl。 +3. 再 review Gitea read-only inventory 與 source-control owner / refs truth decision。 +4. Credentialed scan、Kali full-upgrade / reboot、Kali `/execute` 維持高風險 gate,其中 `/execute` 是 block candidate。 + +邊界: + +- 沒有執行 queue item。 +- 沒有啟動 scan。 +- 沒有新增 runtime endpoint、DB migration、model 或 AwoooP execution action。 +- 沒有建立 GitHub repo、修改 visibility、sync refs 或切 GitHub primary。 +- 沒有保存 raw secret、token、cookie、private key 或 exploit payload。 diff --git a/docs/schemas/security_approval_queue_v1.schema.json b/docs/schemas/security_approval_queue_v1.schema.json new file mode 100644 index 00000000..e1bc3079 --- /dev/null +++ b/docs/schemas/security_approval_queue_v1.schema.json @@ -0,0 +1,140 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "urn:awoooi:security-approval-queue-v1", + "title": "AWOOOI Security Supply Chain Approval Queue (v1)", + "description": "集中整理 Security Supply Chain 初期需要 AwoooP 顯示、排隊、等待人工批准的高風險或敏感邊界項目。此契約不授權執行。", + "type": "object", + "required": [ + "schema_version", + "status", + "date", + "default_mode", + "execution_authorized", + "runtime_changes_authorized", + "raw_secret_storage_authorized", + "summary", + "queue_items", + "next_recommended_review_order" + ], + "properties": { + "schema_version": { + "const": "security_approval_queue_v1" + }, + "status": { + "type": "string", + "enum": ["draft"] + }, + "date": { + "type": "string" + }, + "default_mode": { + "type": "string", + "enum": ["approval_only"] + }, + "execution_authorized": { + "type": "boolean", + "const": false + }, + "runtime_changes_authorized": { + "type": "boolean", + "const": false + }, + "raw_secret_storage_authorized": { + "type": "boolean", + "const": false + }, + "summary": { + "type": "object", + "required": [ + "total_items", + "pending_approval_count", + "block_candidate_count", + "observe_or_warn_count" + ], + "properties": { + "total_items": {"type": "integer", "minimum": 0}, + "pending_approval_count": {"type": "integer", "minimum": 0}, + "block_candidate_count": {"type": "integer", "minimum": 0}, + "observe_or_warn_count": {"type": "integer", "minimum": 0} + }, + "additionalProperties": false + }, + "queue_items": { + "type": "array", + "items": { + "type": "object", + "required": [ + "queue_item_id", + "source_contract", + "source_event_id", + "title", + "risk", + "state", + "recommended_awooop_mode", + "requested_decision", + "blocked_until_approved", + "required_reviewers", + "evidence_refs", + "allowed_after_approval", + "still_forbidden" + ], + "properties": { + "queue_item_id": {"type": "string"}, + "source_contract": {"type": "string"}, + "source_event_id": {"type": "string"}, + "title": {"type": "string"}, + "risk": { + "type": "string", + "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] + }, + "state": { + "type": "string", + "enum": ["observe_only", "warn_only", "pending_approval", "block_candidate"] + }, + "recommended_awooop_mode": { + "type": "string", + "enum": ["observe", "warn", "approve_required", "block_candidate"] + }, + "requested_decision": {"type": "string"}, + "blocked_until_approved": {"type": "boolean"}, + "required_reviewers": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "critic", + "vuln-verifier", + "migration-engineer", + "security-commander", + "human-owner" + ] + }, + "uniqueItems": true + }, + "evidence_refs": { + "type": "array", + "items": {"type": "string"} + }, + "allowed_after_approval": { + "type": "array", + "items": {"type": "string"} + }, + "still_forbidden": { + "type": "array", + "items": {"type": "string"} + }, + "expires_at": { + "type": "string", + "format": "date-time" + } + }, + "additionalProperties": false + } + }, + "next_recommended_review_order": { + "type": "array", + "items": {"type": "string"} + } + }, + "additionalProperties": false +} diff --git a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md index 52b8b9b6..3a075973 100644 --- a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md +++ b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md @@ -28,6 +28,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 | `security_finding_v1` | Kali / Trivy / ZAP / Semgrep / detect-secrets / kube posture | Runtime State、Channel Event、Audit | mirror-only | 不保存 raw secret、cookie、token、exploit payload | | `kali_integration_status_v1` | 192.168.0.112 live health / update / gap evidence | Security posture、Operator Console、Approval candidate | mirror-only | 不保存 SSH 密碼或 API key、不直接啟動 scan 或 `/execute` | | `kali_scan_scope_approval_v1` | Kali 112 scan scope、111/168 observe-only、safe/active/credentialed/execute/full-upgrade gates | Approval queue、Operator Console、Audit | approval-only | 只顯示 scope 與 gate,不啟動 scan、不呼叫 `/execute` | +| `security_approval_queue_v1` | Security Supply Chain pending approval / block candidate 集中隊列 | Approval queue、Operator Console、Audit | approval-only | 只顯示 review order 與 blocked reason,不執行 queue item | | `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge | | `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary | | `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 不保存 token value、不刪除或停用 Gitea repo | @@ -77,6 +78,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 | `security_finding_v1.severity=HIGH|CRITICAL` | `approve_required` | 產生 `approval_required_event_v1` | | `kali_integration_status_v1.status=partial_runtime_health_integrated` | `observe` | 顯示 Kali 112 health、更新紀錄、缺口與 approval gates;不得直接掃描 | | `kali_scan_scope_approval_v1.status=draft_waiting_approval` | `approve_required` | 顯示 Kali 112、111/168、核心主機、公開網站 scope 與 gate;不得執行 scan | +| `security_approval_queue_v1.status=draft` | `approve_required` | 顯示 8 個 queue items、review order 與 blocked reason;不得執行 item | | `coding_task_v1.risk=LOW|MEDIUM` | `warn` | 可排入 Codex patch-only backlog | | `coding_task_v1.risk=HIGH|CRITICAL` | `approve_required` | 必須指定 `critic`、`vuln-verifier` | | `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason,不允許切 primary | @@ -140,6 +142,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 | Kali 112 integration status | `docs/security/kali-integration-status.snapshot.json` / `docs/security/KALI-INTEGRATION-STATUS.md` | | Security finding contract | `docs/security/security-finding-kali-sample.snapshot.json` / `docs/security/SECURITY-FINDING-CONTRACT.md` | | Kali scan scope approval package | `docs/security/kali-scan-scope-approval.snapshot.json` / `docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` | +| Security approval queue | `docs/security/security-approval-queue.snapshot.json` / `docs/security/SECURITY-APPROVAL-QUEUE.md` | | 本機 repo canonical lineage snapshot | `docs/security/local-repo-canonical-ewoooc-momo.snapshot.json` / `docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md` | | Internal 110 refs snapshot | `docs/security/git-remote-refs-bitan-tsenyang.snapshot.json` / `docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` | | wooo-infra-config refs snapshot | `docs/security/git-remote-refs-wooo-infra-config.snapshot.json` / `docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md` | @@ -153,4 +156,4 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 1. AwoooP 主線先把本清單視為契約消費檢查清單。 2. Security Supply Chain Session 補齊 Gitea 全量 repo inventory 的只讀 token 或管理匯出來源。 3. AwoooP 只建立 mirror/read-only policy 入口,不新增 execution action。 -4. 任一方要把事件升級成實際執行,都必須先產出 `approval_required_event_v1`。 +4. 任一方要把事件升級成實際執行,都必須先產出 `approval_required_event_v1`,並在 `security_approval_queue_v1` 中維持 `blocked_until_approved=true` 直到人工決策完成。 diff --git a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md index c0b1e15b..02e92d29 100644 --- a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md +++ b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md @@ -73,7 +73,7 @@ ```text Kali / Code Review / GitHub / Gitea / Codex -> security_supply_chain_contract_manifest_v1 - -> security_finding_v1 / kali_scan_scope_approval_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1 + -> security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1 -> AWOOOI ingestion / asset_inventory / AIOps KPI / AOL -> mirror 到 AwoooP Runtime State / Channel Event / Audit -> AwoooP Policy / Approval / Exception / Operator Console @@ -123,6 +123,18 @@ Snapshot:`docs/security/kali-scan-scope-approval.snapshot.json` AwoooP 初期處理方式:只顯示 scope group 與 approval gate,可建立 approval candidate,但不得啟動 scan、不得呼叫 `/execute`、不得把 LOW / MEDIUM observation 變成 blocking gate。 +### `security_approval_queue_v1` + +用途:集中整理 Security Supply Chain 現階段需要 AwoooP 顯示、排隊、等待人工決策的 pending approval / block candidate。 + +Schema:`docs/schemas/security_approval_queue_v1.schema.json` + +Snapshot:`docs/security/security-approval-queue.snapshot.json` + +目前 queue:8 items,6 個 pending approval,2 個 block candidate。建議先 review redacted Kali finding ingestion,再 review safe web crawl 與 Gitea read-only inventory。 + +AwoooP 初期處理方式:只顯示 review order、blocked reason、required reviewers 與 evidence refs,可建立 approval candidate,但不得執行 queue item。 + ### `security_rollout_policy_v1` 用途:定義 Security Supply Chain 初期的低摩擦 rollout policy,避免把 observation 全部變成 blocking controls。 @@ -155,7 +167,7 @@ Schema:`docs/schemas/security_supply_chain_contract_manifest_v1.schema.json` "schema_version": "security_supply_chain_contract_manifest_v1", "status": "draft", "default_enforcement_level": "mirror_only", - "contract_count": 18 + "contract_count": 19 } ``` diff --git a/docs/security/KALI-INTEGRATION-STATUS.md b/docs/security/KALI-INTEGRATION-STATUS.md index a1b76286..b44e5dac 100644 --- a/docs/security/KALI-INTEGRATION-STATUS.md +++ b/docs/security/KALI-INTEGRATION-STATUS.md @@ -108,6 +108,7 @@ AwoooP 現階段只能 mirror `kali_integration_status_v1`: 2. 將 `/execute`、API key fallback、Harbor scan failure 標成 review item。 3. 針對 active scan、credentialed scan、full-upgrade、reboot 建立 approval candidate。 4. 不新增任何直接執行掃描或 command 的按鈕。 +5. 讀取 `docs/security/SECURITY-APPROVAL-QUEUE.md` 的 review order,優先處理 redacted finding ingestion 與 safe web crawl。 ## 7. 下一個 gate diff --git a/docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md b/docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md index 2b47a0fd..e2f5dfd6 100644 --- a/docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md +++ b/docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md @@ -6,6 +6,7 @@ | 狀態 | 草案,等待人工批准 | | Schema | `docs/schemas/kali_scan_scope_approval_v1.schema.json` | | Snapshot | `docs/security/kali-scan-scope-approval.snapshot.json` | +| Approval queue | `docs/security/SECURITY-APPROVAL-QUEUE.md` | | 來源 | `host:kali-112` / `192.168.0.112` | | 原則 | 低摩擦、先 observe、掃描深度分級、所有高風險執行都 blocked until approved | @@ -77,3 +78,15 @@ AwoooP 可把 `kali_scan_scope_approval_v1` 當成 approval queue 與 Operator C 5. 保持所有高風險 action button 隱藏或 disabled。 除非 approval event 被人工批准,AwoooP 只能 mirror,不得執行。 + +## 6. Queue 對應 + +本 package 的 gate 已同步到 `security_approval_queue_v1`: + +| Gate | Queue state | 建議 | +|------|-------------|------| +| `kali-finding-runtime-ingestion-approval-20260513` | `pending_approval` | 建議第一優先 review,因為只接 redacted finding,不改 runtime control | +| `kali-safe-web-crawl-approval-20260513` | `pending_approval` | 建議第二優先 review,只允許 TLS/header/basic crawl | +| `kali-credentialed-scan-approval-20260513` | `pending_approval` | 高風險,需 credential source、scope、audit trail | +| `kali-full-upgrade-reboot-approval-20260513` | `pending_approval` | 需維護窗口、snapshot、rollback、post-health gate | +| `kali-execute-endpoint-approval-20260513` | `block_candidate` | 預設不應接入 AwoooP runtime | diff --git a/docs/security/SECURITY-APPROVAL-QUEUE.md b/docs/security/SECURITY-APPROVAL-QUEUE.md new file mode 100644 index 00000000..a5d60153 --- /dev/null +++ b/docs/security/SECURITY-APPROVAL-QUEUE.md @@ -0,0 +1,67 @@ +# Security Supply Chain Approval Queue + +| 項目 | 內容 | +|------|------| +| 日期 | 2026-05-13 | +| 狀態 | 草案 | +| Schema | `docs/schemas/security_approval_queue_v1.schema.json` | +| Snapshot | `docs/security/security-approval-queue.snapshot.json` | +| 預設模式 | `approval_only` | +| 原則 | AwoooP 可以顯示與排隊,但不得執行 | + +## 0. 核心結論 + +本 queue 把目前 Security Supply Chain 已整理出的高風險或敏感邊界,集中成 AwoooP 可 mirror 的 approval queue。 + +它不是授權清單。所有 queue item 都只能顯示、排序、建立 approval candidate,不能直接執行。 + +目前狀態: + +| 指標 | 數量 | +|------|------| +| queue items | 8 | +| pending approval | 7 | +| block candidate | 1 | +| execution authorized | false | +| runtime changes authorized | false | +| raw secret storage authorized | false | + +## 1. Review 順序建議 + +| 順序 | Queue item | 為什麼先看 | +|------|------------|------------| +| 1 | `kali-finding-runtime-ingestion-approval-20260513` | 先接 redacted finding evidence,風險低、價值高 | +| 2 | `kali-safe-web-crawl-approval-20260513` | TLS/header/basic crawl 屬低噪音,但仍需批准 scope | +| 3 | `gitea-private-internal-server-side-inventory-2026-05-12` | Gitea 全量版本轉 GitHub 的前置 gate | +| 4 | `source-control-target-repo-approval-bundle-20260513` | 逐 repo owner / visibility / canonical 決策 | +| 5 | `source-control-ref-truth-review-bundle-20260513` | refs truth / deprecated / release tag review | +| 6 | `kali-credentialed-scan-approval-20260513` | 需要憑證,風險較高 | +| 7 | `kali-full-upgrade-reboot-approval-20260513` | 需要維護窗口、snapshot、rollback 與 post-check | +| 8 | `kali-execute-endpoint-approval-20260513` | CRITICAL,預設 block candidate,不應接入 runtime | + +## 2. AwoooP 可以做 + +1. 顯示 queue item、risk、state、required reviewers。 +2. 顯示 evidence refs 與 blocked reason。 +3. 建立 approval candidate。 +4. 保存人工決策結果與 audit evidence。 +5. 依 review order 提醒下一個低摩擦 gate。 + +## 3. AwoooP 不可以做 + +1. 不直接啟動 Kali scan。 +2. 不直接呼叫 Kali `/execute`。 +3. 不建立 GitHub repo。 +4. 不修改 repo visibility。 +5. 不 sync refs。 +6. 不切 GitHub primary。 +7. 不保存 raw secret、token、cookie、private key 或 exploit payload。 +8. 不把 LOW / MEDIUM observation 變成 blocking gate。 + +## 4. 初期策略 + +最適合先批准的不是高強度掃描,而是 `kali-finding-runtime-ingestion-approval-20260513`。 + +原因是它只允許接收已脫敏 `security_finding_v1` 摘要,能讓 Kali findings 進入 AwoooP 可見性與 audit,卻不會改變 firewall、RBAC、NetworkPolicy、deploy 或 Git 主控面。 + +`kali-execute-endpoint-approval-20260513` 則應維持 block candidate。除非未來建立 allowlist、disable gate、完整 audit 與人工 exception,否則不應讓 AwoooP runtime 直接碰這條路徑。 diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md b/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md index e5e4ab63..49800377 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md @@ -11,7 +11,7 @@ ## 0. 核心結論 -目前 Security Supply Chain 已有 18 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口,避免不同 Session 各自解讀。 +目前 Security Supply Chain 已有 19 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口,避免不同 Session 各自解讀。 初期預設仍是 `mirror_only`。Manifest 不授權 runtime enforcement、不授權 GitHub/Gitea 主控切換、不授權 repo 建立或 refs sync。 @@ -23,6 +23,7 @@ | `security_finding_v1` | mirror-only | Kali / code / infra finding | `security-finding-kali-sample.snapshot.json` | | `kali_integration_status_v1` | mirror-only | Kali 112 live health / update / gap evidence | `kali-integration-status.snapshot.json` | | `kali_scan_scope_approval_v1` | approval-only | Kali scan scope、111/168 observe-only、active/credentialed/execute gate | `kali-scan-scope-approval.snapshot.json` | +| `security_approval_queue_v1` | approval-only | AwoooP 可 mirror 的 Security Supply Chain approval queue | `security-approval-queue.snapshot.json` | | `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot | | `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi`、`clawbot-v5`、`wooo-aiops` | | `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory | public-only / blocked endpoint snapshots | diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index 064296bf..1bf8a3c9 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -4,7 +4,7 @@ |------|------| | 日期 | 2026-05-13 | | 狀態 | S0/S1 read-only evidence 建置中 | -| 本階段完成 | Security Supply Chain contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package | +| 本階段完成 | Security Supply Chain contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue | | 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary | ## 0. 本階段完成後整體進度 @@ -20,9 +20,10 @@ | S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff;已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs | | S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類:4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs | repo owner 單 ref / 單 repo 判定 | | S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立 | AwoooP read-only policy 消費 | -| S1.4 Contract manifest | 完成草案 | 18 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry | +| S1.4 Contract manifest | 完成草案 | 19 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry | | S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + `/execute` high-risk gate | | S1.6 Kali finding / scan scope approval | 完成草案 | `security_finding_v1` sample snapshot 與 `kali_scan_scope_approval_v1` approval package 已建立;111/168 已納入 observe-only scope | 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate | +| S1.7 Security approval queue | 完成草案 | 8 個 approval queue items 已集中:7 pending approval、1 block candidate;AwoooP 可 mirror 但不得執行 | 先 review redacted finding ingestion,再 review safe crawl / Gitea inventory | | S2 AwoooP mirror-only | 可交接 | `AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md` 已列出可消費事件與禁止動作 | AwoooP 主線建立只讀入口 | | S3 approval gate | 未開始 | 已定義哪些動作要進 approval | 不得繞過人工批准 | | S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證 | SHA/tag/workflow parity 與 rollback ADR | @@ -59,6 +60,8 @@ | Security finding sample JSON | `docs/security/security-finding-kali-sample.snapshot.json` | | Kali scan scope approval package | `docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` | | Kali scan scope approval JSON | `docs/security/kali-scan-scope-approval.snapshot.json` | +| Security approval queue | `docs/security/SECURITY-APPROVAL-QUEUE.md` | +| Security approval queue JSON | `docs/security/security-approval-queue.snapshot.json` | | 低摩擦 rollout policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` | | 低摩擦 rollout policy JSON | `docs/security/security-rollout-policy.snapshot.json` | | Security Supply Chain contract manifest | `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md` | @@ -90,4 +93,4 @@ 5. 依 `KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`。 6. AwoooP 主線只建立 mirror-only / read-only policy 入口,不新增執行按鈕。 7. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy,不做 runtime blocking。 -8. AwoooP 主線先讀 `security_supply_chain_contract_manifest_v1` 作為 contract registry,不新增 execution router。 +8. AwoooP 主線先讀 `security_approval_queue_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order 與 blocked reason,不新增 execution router。 diff --git a/docs/security/kali-integration-status.snapshot.json b/docs/security/kali-integration-status.snapshot.json index 288405e2..183cc5bb 100644 --- a/docs/security/kali-integration-status.snapshot.json +++ b/docs/security/kali-integration-status.snapshot.json @@ -70,7 +70,7 @@ "尚未移除 scanner API 原始碼中的 API key fallback", "尚未套用 kali-scanner.service systemd hardening override" ], - "awooop_consumption": "mirror_only_status_and_gap_evidence" + "awooop_consumption": "mirror_only_status_and_gap_evidence_plus_security_approval_queue" }, "risk_register": [ { diff --git a/docs/security/security-approval-queue.snapshot.json b/docs/security/security-approval-queue.snapshot.json new file mode 100644 index 00000000..d4ca3d50 --- /dev/null +++ b/docs/security/security-approval-queue.snapshot.json @@ -0,0 +1,277 @@ +{ + "schema_version": "security_approval_queue_v1", + "status": "draft", + "date": "2026-05-13", + "default_mode": "approval_only", + "execution_authorized": false, + "runtime_changes_authorized": false, + "raw_secret_storage_authorized": false, + "summary": { + "total_items": 8, + "pending_approval_count": 7, + "block_candidate_count": 1, + "observe_or_warn_count": 0 + }, + "queue_items": [ + { + "queue_item_id": "kali-finding-runtime-ingestion-approval-20260513", + "source_contract": "kali_scan_scope_approval_v1", + "source_event_id": "kali-finding-runtime-ingestion-approval-20260513", + "title": "Kali redacted finding runtime ingestion", + "risk": "MEDIUM", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否批准先建立 redacted security_finding_v1 ingestion adapter 或 endpoint;批准前只能使用 sample snapshot 與 mirror-only 文件。", + "blocked_until_approved": true, + "required_reviewers": [ + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/SECURITY-FINDING-CONTRACT.md", + "docs/security/security-finding-kali-sample.snapshot.json", + "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" + ], + "allowed_after_approval": [ + "設計或實作 redacted finding ingestion adapter", + "只接收 security_finding_v1 摘要與 evidence_ref", + "mirror 到 AwoooP Runtime State / Channel Event / Audit" + ], + "still_forbidden": [ + "保存 raw secret/token/cookie/private key/exploit payload", + "讓 AwoooP 直接啟動 scan", + "自動封鎖 deploy", + "自動修復" + ] + }, + { + "queue_item_id": "kali-safe-web-crawl-approval-20260513", + "source_contract": "kali_scan_scope_approval_v1", + "source_event_id": "kali-safe-web-crawl-approval-20260513", + "title": "Public web perimeter TLS/header/basic crawl", + "risk": "MEDIUM", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否批准對公開產品 domains 執行 TLS、security header 與 basic crawl 類低噪音檢查。", + "blocked_until_approved": true, + "required_reviewers": [ + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", + "docs/security/KALI-SECURITY-MESH-BLUEPRINT.md" + ], + "allowed_after_approval": [ + "執行 TLS/header/basic crawl 類 safe scan", + "只產出 redacted findings", + "LOW/MEDIUM finding 只走 observe/warn" + ], + "still_forbidden": [ + "active DAST fuzz", + "auth flow 改狀態測試", + "credentialed scan", + "阻擋 release" + ] + }, + { + "queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12", + "source_contract": "approval_required_event_v1", + "source_event_id": "gitea-private-internal-server-side-inventory-2026-05-12", + "title": "Gitea private/internal read-only inventory", + "risk": "MEDIUM", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否批准使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。", + "blocked_until_approved": true, + "required_reviewers": [ + "migration-engineer", + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md", + "docs/security/gitea-readonly-inventory-approval.snapshot.json", + "docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md" + ], + "allowed_after_approval": [ + "使用 read-only token 或 redacted admin export 執行一次 inventory", + "只保存 token_present=true/false", + "更新 migration matrix 與 repo decision table" + ], + "still_forbidden": [ + "保存 token value", + "使用 write-capable token", + "建立 GitHub repo", + "sync refs", + "切 GitHub primary" + ], + "expires_at": "2026-05-19T23:59:59+08:00" + }, + { + "queue_item_id": "source-control-target-repo-approval-bundle-20260513", + "source_contract": "source_control_approval_board_v1", + "source_event_id": "source-control-approval-board-20260512", + "title": "7 個 GitHub target / owner / visibility / canonical 決策", + "risk": "HIGH", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否逐 repo 批准 GitHub target、owner、visibility、canonical 與 refs reconcile review;此 bundle 不授權執行。", + "blocked_until_approved": true, + "required_reviewers": [ + "migration-engineer", + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md", + "docs/security/source-control-approval-board.snapshot.json", + "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md" + ], + "allowed_after_approval": [ + "逐 repo 更新 owner/visibility/canonical decision", + "產生 draft reconcile plan 或 ADR", + "更新 GitHub target decision snapshot" + ], + "still_forbidden": [ + "建立 repo", + "修改 visibility", + "push refs", + "delete refs", + "切 GitHub primary" + ] + }, + { + "queue_item_id": "source-control-ref-truth-review-bundle-20260513", + "source_contract": "source_control_ref_truth_classification_v1", + "source_event_id": "source-control-ref-truth-classification-20260513", + "title": "141 個 refs truth / deprecated / release tag review items", + "risk": "HIGH", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs;分類結果不得自動執行。", + "blocked_until_approved": true, + "required_reviewers": [ + "migration-engineer", + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md", + "docs/security/source-control-ref-truth-classification.snapshot.json", + "docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md" + ], + "allowed_after_approval": [ + "標記單 ref 真相來源", + "更新 source control reconcile plan", + "產生人工 review checklist" + ], + "still_forbidden": [ + "push refs", + "delete refs", + "force push", + "切 GitHub primary" + ] + }, + { + "queue_item_id": "kali-credentialed-scan-approval-20260513", + "source_contract": "kali_scan_scope_approval_v1", + "source_event_id": "kali-credentialed-scan-approval-20260513", + "title": "Kali credentialed host/API scan", + "risk": "HIGH", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否批准對指定主機或 API 使用憑證做掃描;必須先定義 credential source、scope、audit trail 與停用方式。", + "blocked_until_approved": true, + "required_reviewers": [ + "security-commander", + "vuln-verifier", + "human-owner" + ], + "evidence_refs": [ + "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", + "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md" + ], + "allowed_after_approval": [ + "只對批准 asset 做 credentialed scan", + "只保存 redacted finding summary", + "產生 audit evidence" + ], + "still_forbidden": [ + "保存 credential value", + "擴大到未批准資產", + "自動修復", + "改 firewall/RBAC/NetworkPolicy" + ] + }, + { + "queue_item_id": "kali-full-upgrade-reboot-approval-20260513", + "source_contract": "kali_scan_scope_approval_v1", + "source_event_id": "kali-full-upgrade-reboot-approval-20260513", + "title": "Kali rolling full-upgrade / autoremove / reboot", + "risk": "HIGH", + "state": "pending_approval", + "recommended_awooop_mode": "approve_required", + "requested_decision": "是否安排 Kali 112 維護窗口執行 full-upgrade、必要 autoremove 與 reboot;必須先有 snapshot、rollback 與 post-health gate。", + "blocked_until_approved": true, + "required_reviewers": [ + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/KALI-INTEGRATION-STATUS.md", + "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" + ], + "allowed_after_approval": [ + "在維護窗口執行 full-upgrade", + "必要時 reboot", + "完成 ssh/cron/docker/kali-scanner health 複驗" + ], + "still_forbidden": [ + "未排窗口直接 reboot", + "未 snapshot 直接 full-upgrade", + "未驗證 scanner health 就宣告完成" + ] + }, + { + "queue_item_id": "kali-execute-endpoint-approval-20260513", + "source_contract": "kali_scan_scope_approval_v1", + "source_event_id": "kali-execute-endpoint-approval-20260513", + "title": "Kali /execute endpoint high-risk command path", + "risk": "CRITICAL", + "state": "block_candidate", + "recommended_awooop_mode": "block_candidate", + "requested_decision": "是否保留或停用 Kali /execute;預設不應接入 AwoooP runtime,若保留必須獨立 high-risk approval、allowlist、audit、disable gate。", + "blocked_until_approved": true, + "required_reviewers": [ + "critic", + "security-commander", + "human-owner" + ], + "evidence_refs": [ + "docs/security/KALI-INTEGRATION-STATUS.md", + "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" + ], + "allowed_after_approval": [ + "僅設計 disable/allowlist/audit gate", + "只在人工 exception 下測試" + ], + "still_forbidden": [ + "AwoooP runtime 直接呼叫 /execute", + "把 /execute 當成一般 MCP action", + "執行 shell command 自動修復", + "保存 command 中可能含有的敏感輸出" + ] + } + ], + "next_recommended_review_order": [ + "kali-finding-runtime-ingestion-approval-20260513", + "kali-safe-web-crawl-approval-20260513", + "gitea-private-internal-server-side-inventory-2026-05-12", + "source-control-target-repo-approval-bundle-20260513", + "source-control-ref-truth-review-bundle-20260513", + "kali-credentialed-scan-approval-20260513", + "kali-full-upgrade-reboot-approval-20260513", + "kali-execute-endpoint-approval-20260513" + ] +} diff --git a/docs/security/security-supply-chain-contract-manifest.snapshot.json b/docs/security/security-supply-chain-contract-manifest.snapshot.json index be46d8a5..53a1c614 100644 --- a/docs/security/security-supply-chain-contract-manifest.snapshot.json +++ b/docs/security/security-supply-chain-contract-manifest.snapshot.json @@ -2,7 +2,7 @@ "schema_version": "security_supply_chain_contract_manifest_v1", "status": "draft", "default_enforcement_level": "mirror_only", - "contract_count": 18, + "contract_count": 19, "contracts": [ { "contract": "security_rollout_policy_v1", @@ -67,6 +67,24 @@ ], "notes": "定義 Kali 112、111/168 dev hosts、核心 runtime hosts 與 web perimeter 的掃描深度;高風險動作 blocked_until_approved。" }, + { + "contract": "security_approval_queue_v1", + "schema_path": "docs/schemas/security_approval_queue_v1.schema.json", + "snapshot_paths": ["docs/security/security-approval-queue.snapshot.json"], + "human_docs": ["docs/security/SECURITY-APPROVAL-QUEUE.md"], + "consumer": "AwoooP approval queue / Operator Console / Audit", + "consumption_mode": "approval_only", + "allowed_actions": ["mirror_queue_item", "display_review_order", "create_approval_candidate", "record_human_decision"], + "forbidden_actions": [ + "execute_queue_item", + "start_scan", + "create_repo", + "sync_refs", + "switch_github_primary", + "store_secret_value" + ], + "notes": "集中整理 Kali、Gitea/GitHub、refs truth classification 等 pending approval / block candidate;不授權執行。" + }, { "contract": "coding_task_v1", "schema_path": "docs/schemas/coding_task_v1.schema.json",