docs(security): 補 S4.10 owner response canonical fields [skip ci]
This commit is contained in:
Your Name
@@ -1,3 +1,25 @@
|
||||
## 2026-06-11|S4.10 owner response canonical 9 欄補強
|
||||
|
||||
**背景**:`58e760fa` 已把 S4.10 GitHub target owner response 範圍從 7 個 target 擴到 9 個 target,並納入 `VibeWork` 與 `agent-bounty-protocol`。接續檢查時發現 handoff packet 仍偏向 owner / canonical / visibility 欄位,尚未完整固定統帥要求的 owner response 9 欄,容易讓後續收件又退回「請人工判斷」但缺少 rollback、maintenance window 與 validation plan 的狀態。
|
||||
|
||||
**完成**:
|
||||
|
||||
- `github-target-owner-decision-response.snapshot.json` 的 `target_owner_handoff_packet.required_response_fields` 改為 canonical 9 欄:`owner_role_or_team`、`decision`、`decision_reason`、`affected_scope`、`redacted_evidence_refs`、`followup_owner`、`rollback_owner`、`maintenance_window`、`validation_plan`。
|
||||
- 9 個 response templates 逐一補齊 canonical 9 欄,保留 target-specific 欄位,例如 `canonical_source`、`visibility_review_owner`、`product_boundary_owner`、`external_agent_owner`、`treasury_owner`、`runtime_gate_owner`。
|
||||
- preflight、collection check、acceptance check 與 allowed outputs 已同步改成只讀收件 / 驗證紀錄候選,不進 execution queue。
|
||||
- schema 允許 `target_probe_summary.newly_added_in_scope_targets`,並修正 S4.10 template status description 為 9 個 target。
|
||||
- P0 workplan 已同步 latest `gitea/main`、10 個 candidate / 9 個 approval-required target、canonical 9 欄與 `VibeWork` / `agent-bounty-protocol` 納管狀態。
|
||||
|
||||
**完成度同步**:
|
||||
|
||||
- S4.10 owner response canonical 9 欄補強:`100%`。
|
||||
- S4.10 owner response gate:仍 `0%`。
|
||||
- received / accepted / rejected:仍 `0 / 0 / 0`。
|
||||
- IwoooS 整體:仍 `64%`。
|
||||
- active runtime gate:仍 `0`。
|
||||
|
||||
**邊界**:本段純文件 / snapshot / schema 契約補強;不送 request、不收 owner response、不建立 repo、不修改 visibility、不同步 refs、不改 workflow / secret / runner、不切 GitHub primary、不停 Gitea、不 SSH、不 active scan、不開 runtime gate。
|
||||
|
||||
## 2026-06-11|P2-403B Agent 可視化紅線文案抽象化
|
||||
|
||||
**背景**:P2-403B 已把 OpenClaw / Hermes / NemoTron 的 AgentSession / Redis / Worker gate 只讀證據面接到治理頁,但正式站 DOM smoke 仍看到部分「禁止顯示」文案直接提到工作視窗、私有推理與推理鏈。這些不是實際對話內容外露,但會讓前端看起來像在呈現敏感類別名稱;統帥已明確要求工作視窗內容不得顯示到前端,因此本段把可見文字再抽象化。
|
||||
|
||||
@@ -194,7 +194,11 @@
|
||||
"candidate_count": {"type": "integer", "minimum": 0},
|
||||
"exists_count": {"type": "integer", "minimum": 0},
|
||||
"not_found_or_private_count": {"type": "integer", "minimum": 0},
|
||||
"external_scope_summary_repo": {"type": "string"}
|
||||
"external_scope_summary_repo": {"type": "string"},
|
||||
"newly_added_in_scope_targets": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"}
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
@@ -282,7 +286,7 @@
|
||||
},
|
||||
"owner_response_template_statuses": {
|
||||
"type": "array",
|
||||
"description": "S4.10 七個 GitHub target response templates 的逐項收件狀態;只供 AwoooP 顯示,不代表 approval 或 execution queue。",
|
||||
"description": "S4.10 九個 GitHub target response templates 的逐項收件狀態;只供 AwoooP 顯示,不代表 approval 或 execution queue。",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
|
||||
@@ -76,7 +76,21 @@ S4.10 template status ledger 只讓 AwoooP 逐項顯示 9 個 GitHub target temp
|
||||
|
||||
## 2. Owner Response 必填欄位
|
||||
|
||||
每筆 response 至少要能回答 owner role/team、decision、decision reason、canonical source、GitHub target disposition、visibility review owner 與 redacted evidence refs;新納入的 `VibeWork` 必須補 product / surface owner,`agent-bounty-protocol` 必須補 external agent / treasury / runtime gate owner。
|
||||
每筆 response 至少要能回答下列 canonical 9 欄。這 9 欄只代表收件與 reviewer 可判讀,不代表 repo creation、visibility change、refs sync、GitHub primary 或 runtime execution 被批准。
|
||||
|
||||
| 欄位 | 必填內容 | 缺漏時處理 |
|
||||
|------|----------|------------|
|
||||
| `owner_role_or_team` | 回覆責任角色或團隊,不收個人 credential 或敏感身份資料 | 補件 |
|
||||
| `decision` | 只能使用第 4 節可接受決策值 | 非允許值拒收 |
|
||||
| `decision_reason` | 決策理由摘要,不得貼 raw secret、token、cookie、未脫敏截圖或 API body | 補件或隔離 |
|
||||
| `affected_scope` | 影響範圍,例如 repo、canonical source、visibility、refs truth、workflow-secret parity、產品邊界或 agent runtime boundary | 補件 |
|
||||
| `redacted_evidence_refs` | 只引用 repo 內文件、snapshot 或已脫敏 metadata pointer | 疑似敏感 payload 進 quarantine |
|
||||
| `followup_owner` | 下一步補證或判定負責人 | 補件 |
|
||||
| `rollback_owner` | 若未來進入變更候選,誰負責 rollback 判定與回復計畫 | 補件 |
|
||||
| `maintenance_window` | 若未來進入變更候選,允許審查的維護窗口或明確標示 `not_authorized_yet` | 補件 |
|
||||
| `validation_plan` | 若未來進入變更候選,要如何驗證 read-only update、repo / refs / workflow 邊界與 post-check | 補件 |
|
||||
|
||||
每個 template 仍可要求 target-specific 欄位,例如 `canonical_source`、`github_target_disposition`、`visibility_review_owner`、`refs_truth_review_owner`、`product_boundary_owner`、`external_agent_owner`、`treasury_owner` 或 `runtime_gate_owner`。新納入的 `VibeWork` 必須補 product / surface owner,`agent-bounty-protocol` 必須補 external agent / treasury / runtime gate owner。
|
||||
|
||||
## 3. 九個 Response Template
|
||||
|
||||
@@ -110,12 +124,12 @@ S4.10 template status ledger 只讓 AwoooP 逐項顯示 9 個 GitHub target temp
|
||||
|
||||
1. `github_repo` 必須對應 github_target_decision_v1 的 9 個 approval-required targets 之一。
|
||||
2. `decision` 必須是該 target template 的 acceptable_decisions 之一。
|
||||
3. 每筆回覆必須有 owner role/team、visibility review owner 或明確 out-of-scope disposition。
|
||||
3. 每筆回覆必須填齊 canonical 9 欄,並依 template 補齊 visibility review owner、canonical source 或明確 out-of-scope disposition。
|
||||
4. in-scope 或 candidate target 必須標示 canonical source;未知時必須選 unknown_requires_more_evidence。
|
||||
5. 回覆不得把 refs truth、workflow-secret parity、Gitea inventory、rollback ADR 或 server-side diff 缺口視為已完成。
|
||||
6. 回覆只能批准候選方向或補證方向,不得包含立即建立 repo 或修改 visibility 的執行要求。
|
||||
7. 回覆不得要求 push、delete、force push、mirror sync、primary switch 或 disable Gitea。
|
||||
8. `evidence_refs` 只能指向 repo 內文件、snapshot 或已脫敏 owner metadata,不得含 token、credential、secret value、private key 或 deploy key value。
|
||||
8. `redacted_evidence_refs` 只能指向 repo 內文件、snapshot 或已脫敏 owner metadata,不得含 token、credential、secret value、private key 或 deploy key value。
|
||||
|
||||
## 6. 必須拒收
|
||||
|
||||
@@ -124,7 +138,7 @@ S4.10 template status ledger 只讓 AwoooP 逐項顯示 9 個 GitHub target temp
|
||||
3. 回覆含 visibility change command 或要求立即修改 public/private/internal visibility 時必須拒收。
|
||||
4. 回覆要求 push refs、delete refs、force push、mirror sync、tag rewrite 或 branch rewrite 時必須拒收。
|
||||
5. 回覆要求切 GitHub primary、停用 Gitea、刪除 Gitea、封存 Gitea 或移除 fallback 時必須拒收。
|
||||
6. 回覆缺 owner、visibility review owner、canonical source 或 out-of-scope disposition 時不得標記 accepted。
|
||||
6. 回覆缺 canonical 9 欄、visibility review owner、canonical source 或 out-of-scope disposition 時不得標記 accepted。
|
||||
7. 回覆把 `not_found_or_private` 自動解釋為 repo 不存在或可建立時必須拒收。
|
||||
8. 回覆要求自動合併 unrelated histories 或刪除 momo / ewoooc working tree 時必須拒收。
|
||||
9. 回覆把 owner decision response 當成 repo migration approval、refs sync approval 或 primary approval 時必須拒收。
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schema_version": "github_target_owner_decision_response_v1",
|
||||
"status": "draft_waiting_owner_response",
|
||||
"date": "2026-06-04",
|
||||
"date": "2026-06-11",
|
||||
"mode": "owner_decision_response_intake_only",
|
||||
"runtime_execution_authorized": false,
|
||||
"source_contract": "github_target_decision_v1",
|
||||
@@ -80,7 +80,7 @@
|
||||
{
|
||||
"check_id": "p1-3-required-owner-fields",
|
||||
"display_order": 5,
|
||||
"check": "必須有 owner role/team、decision、reason、canonical source、target disposition、visibility review owner、redacted evidence refs。",
|
||||
"check": "必須有 owner role/team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window、validation plan。",
|
||||
"current_status": "defined_not_dispatched",
|
||||
"execution_authorized": false
|
||||
},
|
||||
@@ -125,11 +125,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
"visibility_review_owner",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner"
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan"
|
||||
],
|
||||
"forbidden_inputs": [
|
||||
"token_value",
|
||||
@@ -169,7 +170,7 @@
|
||||
"target-vibework-private-or-new",
|
||||
"target-agent-bounty-protocol-private-or-new"
|
||||
],
|
||||
"owner_instruction_summary": "請 owner 只依 S4.10 九個 templates 回覆 GitHub target 的 owner / visibility / canonical / target disposition,並只引用脫敏 evidence refs;不要貼 token、secret、private clone URL credential、repo archive、git object、API request body 或任何可執行 payload。",
|
||||
"owner_instruction_summary": "請 owner 只依 S4.10 九個 templates 回覆 GitHub target 的 owner / visibility / canonical / target disposition,且每筆都要填齊 owner role/team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window、validation plan;不要貼 token、secret、private clone URL credential、repo archive、git object、API request body 或任何可執行 payload。",
|
||||
"allowed_response_fields": [
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
@@ -190,7 +191,12 @@
|
||||
"surface_owner",
|
||||
"external_agent_owner",
|
||||
"treasury_owner",
|
||||
"runtime_gate_owner"
|
||||
"runtime_gate_owner",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan"
|
||||
],
|
||||
"evidence_ref_rules": [
|
||||
"只允許 repo 內既有文件、snapshot 或已脫敏 owner metadata pointer",
|
||||
@@ -805,7 +811,7 @@
|
||||
"display_order": 6,
|
||||
"title": "只記錄 GitHub target audit metadata",
|
||||
"required": true,
|
||||
"pass_condition": "AwoooP 只能記錄 request shown、response received metadata、template id、github repo、owner role/team、redacted evidence refs 與 outcome lane;不得保存 token value、secret value、private clone URL credential、repo archive、git object pack 或可執行 payload。",
|
||||
"pass_condition": "AwoooP 只能記錄 request shown、response received metadata、template id、github repo、owner role/team、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window、validation plan 與 outcome lane;不得保存 token value、secret value、private clone URL credential、repo archive、git object pack 或可執行 payload。",
|
||||
"failure_lane": "quarantine_sensitive_payload",
|
||||
"awooop_display": "display_audit_metadata_only",
|
||||
"execution_authorized": false,
|
||||
@@ -828,7 +834,7 @@
|
||||
"display_order": 2,
|
||||
"title": "GitHub target 必填欄位完整",
|
||||
"required": true,
|
||||
"pass_condition": "每筆 response 必須有 owner role/team、decision、decision_reason、canonical_source、target disposition 或 out-of-scope disposition、visibility review owner 與 evidence_refs。",
|
||||
"pass_condition": "每筆 response 必須有 owner role/team、decision、decision_reason、affected_scope、redacted_evidence_refs、followup_owner、rollback_owner、maintenance_window 與 validation_plan;target-specific canonical source、target disposition、visibility review owner 或 out-of-scope disposition 仍需依 template 補齊。",
|
||||
"failure_lane": "request_more_evidence",
|
||||
"awooop_display": "request_more_evidence",
|
||||
"execution_authorized": false
|
||||
@@ -886,6 +892,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
"visibility_review_owner",
|
||||
@@ -906,12 +918,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須明確指定 `wooo/awoooi` 的 canonical source 與 owner review 責任人。",
|
||||
"必須承認 refs truth / workflow-secret parity / rollback ADR 未完成前不得推 refs 或切 primary。",
|
||||
"若 decision 是 hold,必須說明下一個 evidence owner。"
|
||||
"若 decision 是 hold,必須說明下一個 evidence owner。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"把既有 GitHub repo 視為可直接 primary。",
|
||||
"要求 push、delete、force push refs 或修改 visibility。",
|
||||
"缺 canonical source、visibility review owner 或 refs truth review owner。"
|
||||
"缺 canonical source、visibility review owner 或 refs truth review owner。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 GitHub target decision table 的 owner / canonical / visibility read-only 欄位。",
|
||||
@@ -931,6 +945,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"tag_disposition_owner",
|
||||
"visibility_review_owner",
|
||||
@@ -950,12 +970,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須說明 main SHA 與 tag 差異要由哪個 owner 判定。",
|
||||
"若仍 active,必須保留 refs review lane。",
|
||||
"若排除 scope,必須附 owner 理由與後續 disposition。"
|
||||
"若排除 scope,必須附 owner 理由與後續 disposition。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"用單一句話批准 refs sync。",
|
||||
"未處理 GitHub 缺 Gitea tag 的 disposition。",
|
||||
"要求刪除任一端 repo 或 refs。"
|
||||
"要求刪除任一端 repo 或 refs。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 refs truth review lane。",
|
||||
@@ -975,6 +997,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"github_only_refs_owner",
|
||||
"visibility_review_owner",
|
||||
@@ -994,12 +1022,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須指定 GitHub-only branch / tags 的 owner 或補證 owner。",
|
||||
"必須說明 main SHA truth source 尚未判定時要維持 blocked。",
|
||||
"若標為 out_of_scope,必須說明與 AwoooP / AWOOOI scope 的關係。"
|
||||
"若標為 out_of_scope,必須說明與 AwoooP / AWOOOI scope 的關係。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"要求刪除 GitHub-only refs。",
|
||||
"未指定 GitHub-only refs owner。",
|
||||
"把 refs classification 當成已批准 sync。"
|
||||
"把 refs classification 當成已批准 sync。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 refs truth classification 的 owner review 欄位。",
|
||||
@@ -1019,6 +1049,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"internal_remote_disposition",
|
||||
"secret_name_inventory_owner",
|
||||
@@ -1038,12 +1074,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須判定 110 internal remote 是 active source、mirror、legacy 或需要補證。",
|
||||
"必須指定 infra secret 名稱 inventory owner。",
|
||||
"不得把 internal remote disposition 當成刪除 remote 的批准。"
|
||||
"不得把 internal remote disposition 當成刪除 remote 的批准。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"要求直接刪除 remote 或改 remote URL。",
|
||||
"要求搬移或貼出 secret value。",
|
||||
"未說明 110 internal remote 用途。"
|
||||
"未說明 110 internal remote 用途。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 canonical decision table 的 remote disposition。",
|
||||
@@ -1063,6 +1101,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
"visibility_review_owner",
|
||||
@@ -1084,12 +1128,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須明確說明 `not_found_or_private` 不能自動視為不存在。",
|
||||
"必須指定 ewoooc / momo-pro-system canonical 判定 owner。",
|
||||
"若只是批准候選新 repo,仍不得建立 repo,必須先產生 migration plan。"
|
||||
"若只是批准候選新 repo,仍不得建立 repo,必須先產生 migration plan。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"把 `not_found_or_private` 當成建立 repo 的直接批准。",
|
||||
"自動合併 unrelated histories。",
|
||||
"要求刪除任一 momo / ewoooc working tree。"
|
||||
"要求刪除任一 momo / ewoooc working tree。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 target decision table 的 disposition。",
|
||||
@@ -1109,6 +1155,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"active_status",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
@@ -1130,12 +1182,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須說明 repo 是否仍 active。",
|
||||
"必須指定 GitHub target 是既有 private、候選新 repo、out-of-scope 或需補證。",
|
||||
"若 active,必須保留 workflow / secret name parity gate。"
|
||||
"若 active,必須保留 workflow / secret name parity gate。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"把 target 看不到當成可直接建立 repo。",
|
||||
"沒有 active_status 或 visibility review owner。",
|
||||
"要求自動 push refs 或刪除 110 remote。"
|
||||
"要求自動 push refs 或刪除 110 remote。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 target decision table 的 active / disposition 欄位。",
|
||||
@@ -1155,6 +1209,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"active_status",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
@@ -1176,12 +1236,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須說明 repo 是否仍 active。",
|
||||
"必須指定 GitHub target 是既有 private、候選新 repo、out-of-scope 或需補證。",
|
||||
"若 active,必須保留 workflow / secret name parity gate。"
|
||||
"若 active,必須保留 workflow / secret name parity gate。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"把 target 看不到當成可直接建立 repo。",
|
||||
"沒有 active_status 或 visibility review owner。",
|
||||
"要求自動 push refs 或刪除 110 remote。"
|
||||
"要求自動 push refs 或刪除 110 remote。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 target decision table 的 active / disposition 欄位。",
|
||||
@@ -1201,6 +1263,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
"visibility_review_owner",
|
||||
@@ -1223,12 +1291,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須說明 VibeWork 是否已有 private GitHub target 或只是新 target candidate。",
|
||||
"必須指定 product boundary owner、repo owner、surface owner 與 visibility review owner。",
|
||||
"必須明確保留 VibeWork 獨立產品邊界,不得把 target decision 當成併入 AWOOOI 或 primary cutover approval。"
|
||||
"必須明確保留 VibeWork 獨立產品邊界,不得把 target decision 當成併入 AWOOOI 或 primary cutover approval。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"把 not_found_or_private 視為可直接建立 repo。",
|
||||
"缺 product boundary owner、canonical source 或 visibility review owner。",
|
||||
"要求修改 workflow、搬 secret value、push refs 或切 primary。"
|
||||
"要求修改 workflow、搬 secret value、push refs 或切 primary。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 GitHub target decision table 的 VibeWork read-only disposition。",
|
||||
@@ -1248,6 +1318,12 @@
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner",
|
||||
"rollback_owner",
|
||||
"maintenance_window",
|
||||
"validation_plan",
|
||||
"canonical_source",
|
||||
"github_target_disposition",
|
||||
"visibility_review_owner",
|
||||
@@ -1271,12 +1347,14 @@
|
||||
"acceptance_criteria": [
|
||||
"必須說明 agent-bounty-protocol 是否已有 private GitHub target 或只是新 target candidate。",
|
||||
"必須指定 repo、deployment、external agent、treasury 與 runtime gate owner。",
|
||||
"必須確認 A2A / MCP / bounty / treasury / payout / withdrawal 不因 target response 而開啟 runtime。"
|
||||
"必須確認 A2A / MCP / bounty / treasury / payout / withdrawal 不因 target response 而開啟 runtime。",
|
||||
"必須填齊 S4.10 canonical 9 欄,包含 affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。"
|
||||
],
|
||||
"rejection_conditions": [
|
||||
"把 not_found_or_private 視為可直接建立 repo。",
|
||||
"缺 external agent owner、treasury owner、runtime gate owner 或 visibility review owner。",
|
||||
"要求啟用 agent action、payout、withdrawal、workflow 修改、push refs 或切 primary。"
|
||||
"要求啟用 agent action、payout、withdrawal、workflow 修改、push refs 或切 primary。",
|
||||
"缺 rollback owner、maintenance window 或 validation plan。"
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 GitHub target decision table 的 agent-bounty-protocol read-only disposition。",
|
||||
@@ -1307,7 +1385,7 @@
|
||||
"check_id": "owner_and_visibility_present",
|
||||
"title": "owner 與 visibility review 責任存在",
|
||||
"required": true,
|
||||
"pass_condition": "每筆回覆必須有 owner role/team、visibility review owner 或明確 out-of-scope disposition。",
|
||||
"pass_condition": "每筆回覆必須有 canonical 9 欄,並依 template 補齊 visibility review owner、canonical source 或明確 out-of-scope disposition。",
|
||||
"failure_lane": "request_more_evidence",
|
||||
"execution_authorized": false
|
||||
},
|
||||
@@ -1347,7 +1425,7 @@
|
||||
"check_id": "secret_values_absent",
|
||||
"title": "未包含 secret value",
|
||||
"required": true,
|
||||
"pass_condition": "`evidence_refs` 只能指向 repo 內文件、snapshot 或已脫敏 owner metadata,不得含 token、credential、secret value、private key 或 deploy key value。",
|
||||
"pass_condition": "`redacted_evidence_refs` 只能指向 repo 內文件、snapshot 或已脫敏 owner metadata,不得含 token、credential、secret value、private key 或 deploy key value。",
|
||||
"failure_lane": "quarantine_sensitive_payload",
|
||||
"execution_authorized": false
|
||||
}
|
||||
@@ -1370,7 +1448,9 @@
|
||||
"更新 `source-control-primary-readiness-gate.snapshot.json` 的 blocker wording。",
|
||||
"更新 `source-control-approval-board.snapshot.json` 的 review lane。",
|
||||
"建立 request_more_evidence / quarantine lane。",
|
||||
"維持 `github_primary_ready_count=0` 與所有 execution flags false。"
|
||||
"維持 `github_primary_ready_count=0` 與所有 execution flags false。",
|
||||
"建立 read-only owner response validation record candidate,不進 execution queue。",
|
||||
"更新 S4.10 收件缺口矩陣的欄位完整度,不調高 owner response accepted count。"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"建立 GitHub repo。",
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
| 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
|
||||
| 本次乾淨 worktree | `/private/tmp/awoooi-repair-playbook-coverage-20260611` |
|
||||
| 本次分支 | `codex/repair-playbook-coverage-20260611` |
|
||||
| 最新觀察到的 `gitea/main` | `8f3ec9f4 fix(i18n): 移除內部工作用語顯示` |
|
||||
| 最新觀察到的 `gitea/main` | `27ffb928 chore(cd): deploy 58e760f [skip ci]` |
|
||||
| 最新 P0 Telegram 告警 / 批准執行真相鏈基準 | code `32e4beca`、deploy marker `717b5870`、code-review `2658`、CD `2657`;no-action approval 不再觸發 executor,可執行修復 approval 會寫入 `auto_repair_executions`、KM 與 verifier |
|
||||
| 最新 P0 Telegram no-action 人工處置包基準 | code `cd928852`、deploy marker `9181cc0e`、code-review `2666`;正式部署 tree 已包含 no-action 人工處置包、`處置包 / 重診 / 歷史 / 靜默 / 真相鏈 / Runs` 鍵盤、production pod render / keyboard smoke |
|
||||
| 最新 P0 MCP evidence / PlayBook 修復候選基準 | code `cc614023`、D1 blocker clarity `47d677ac`、D2 manual draft package `febe9ecf`、D3 draft work item `e8d5eafb`、D4 work item detail panel `e8a5bac5`、D5 coverage gap contract 本地完成;目前 production deploy marker 仍為 `985a2cfe` 的 D4 Work Items detail panel,D5 尚待推送 / 部署驗證。正式部署 tree 經 production pod smoke 與 Work Items browser smoke 確認可由 MCP evidence + approved PlayBook trust 產生 medium approval candidate、綁定預配置 approval id、不外露 preallocated metadata,且通用兜底 / 診斷型 PlayBook 不會被誤當修復命令;若缺安全修復候選,Telegram 人工處置包會顯示阻擋原因、下一步、PlayBook 草案欄位與 AwoooP 修復候選草案工作項,工作項頁會顯示 PlayBook 草案處置板、必填欄位、阻擋原因、下一步與 Runs / 審批連結;D5 讓 blocked result 進一步輸出服務 coverage gap、blocking stage、必收 MCP evidence refs 與 PlayBook template fields |
|
||||
@@ -227,11 +227,11 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count
|
||||
|------|--------|-----------------|--------|
|
||||
| `awoooi` Gitea / GitHub refs refresh | 100% | Gitea heads `170`、GitHub heads `2`、Gitea tags `2`、GitHub tags `0`、main SHA 不一致 | 已重產 ref detail diff / ref truth classification;下一步收 S4.11 owner response |
|
||||
| Gitea public repo inventory refresh | 100% | user endpoint public-only 仍只見 `wooo/awoooi`、`wooo/ewoooc`;org endpoint 仍 blocked / 404 | 取得只讀 token 或 redacted admin export 批准 |
|
||||
| GitHub target probe refresh | 100% | 8 個候選中 5 個可讀、3 個 `not_found_or_private`;`open-design` heads `644` 只作 external scope evidence | P1-3 handoff 已補;owner / visibility / canonical response 仍待收 |
|
||||
| GitHub target probe refresh | 100% | 10 個候選中 5 個可讀、5 個 `not_found_or_private`;`open-design` 只作 external scope evidence;`VibeWork` 與 `agent-bounty-protocol` 已納入 approval-required queue | P1-3 handoff 已補;owner / visibility / canonical response 仍待收 |
|
||||
| Workflow / secret 名稱本機 evidence refresh | 100% | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | 補 webhook、runner owner、deploy key、branch protection、secret name parity |
|
||||
| Primary readiness gate 文件更新 | 90% | 已寫入 2026-06-04 refs truth 重產結果與禁止誤讀規則 | 跑 guard 後以 LOGBOOK 封存 |
|
||||
| Gitea authenticated inventory request handoff | 100% | S4.5 請求已對齊 S4.9 owner response gate,補 5 項 request dispatch preflight、8 欄 handoff packet 與送後不變條件 | 仍未收 token value、未收 payload、未 import inventory;S4.6/S4.9 驗收前不得標記 status=ok |
|
||||
| GitHub target owner response handoff | 100% | S4.10 已對齊 2026-06-04 target probe,補 6 項 target owner handoff preflight、9 欄 handoff packet 與送後不變條件 | `not_found_or_private` 不得視為不存在;received / accepted 仍 0,不建 repo、不改 visibility |
|
||||
| GitHub target owner response handoff | 100% | S4.10 已對齊 2026-06-11 target probe,補 6 項 target owner handoff preflight、9 個 target、canonical 9 欄 handoff packet 與送後不變條件 | `not_found_or_private` 不得視為不存在;received / accepted 仍 0,不建 repo、不改 visibility |
|
||||
| 全量 Gitea 專案版本盤點 | 25% | 目前仍是 public-only + 本機輔助 evidence | 需只讀 token / admin export;不使用 write credential |
|
||||
| 逐 repo refs truth queue | 100% | S4.11 current queue 已重產為 `194` refs review items:真相來源 `4`、deprecated / archive 候選 `142`、release tag `3`、GitHub-only `20` | 送 owner response;received / accepted 仍維持 0 |
|
||||
| Workflow / runner / secret parity owner response handoff | 100% | S4.12 已對齊 2026-06-04 local evidence,補 6 項 workflow / secret handoff preflight、9 欄 handoff packet 與送後不變條件;local secret names 校正為 `42` | 只收 redacted metadata,不收 value / hash / partial token;received / accepted 仍 0 |
|
||||
@@ -272,7 +272,7 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
|
||||
|------|------|------|----------|
|
||||
| P1-1 | Source-control refs truth 重產 | 以 2026-06-04 `awoooi` refs refresh 重產 detail diff / truth classification | 新 queue 已改為 `194` items,不再引用舊 `141` 為 current |
|
||||
| P1-2 | Gitea authenticated inventory request | 已補 2026-06-04 request handoff package;S4.9 owner response gate 作先行條件,只讀 token API / redacted admin export 二選一 | 只收 metadata,不保存 token value;received / accepted / imported 全部仍為 0 |
|
||||
| P1-3 | GitHub target owner response | 已補 2026-06-04 target owner handoff package;對 7 個 in-scope targets 收 owner / visibility / canonical 決策 | received / accepted 前仍全部 0;`not_found_or_private` 不代表不存在或可建立 |
|
||||
| P1-3 | GitHub target owner response | 已補 2026-06-11 target owner handoff package;對 9 個 approval-required targets 收 owner / visibility / canonical 決策,且每筆必須具備 owner role/team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window、validation plan | received / accepted 前仍全部 0;`not_found_or_private` 不代表不存在或可建立 |
|
||||
| P1-4 | Workflow / runner / secret parity evidence | 已補 2026-06-04 owner response handoff package;webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity 只收 redacted metadata | secret value、hash、masked token、partial token 仍拒收;received / accepted 前全部 0 |
|
||||
| P1-5 | Primary rollback ADR 補強 | 已補 2026-06-04 rollback owner handoff package;逐 repo rollback owner、trigger、validation window、fallback role 進入可交接模板 | ADR approved 前不切 primary;received / accepted / approved 仍 0 |
|
||||
| P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count |
|
||||
@@ -296,11 +296,11 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
|
||||
| P1 `awoooi` refs inventory refresh | Gitea heads `170`、GitHub heads `2`、Gitea tags `2`、GitHub tags `0`,Gitea `main=64490d32...`、GitHub `main=202071f...`,仍 `blocked` |
|
||||
| P1 refs truth classification refresh | current queue `194` items;`manual_truth_required=4`、`deprecated_candidate=142`、`release_tag_review=3`、`github_only_review=20`;S4.11 owner response received / accepted 仍為 0 |
|
||||
| P1 Gitea repo inventory refresh | user endpoint public-only 2 repos;org endpoint blocked / 404;仍需只讀 token 或 redacted admin export |
|
||||
| P1 GitHub target probe refresh | 8 個候選中 5 個可讀、3 個 `not_found_or_private`;`open-design` heads `644` 僅作 external scope |
|
||||
| P1 GitHub target probe refresh | 10 個候選中 5 個可讀、5 個 `not_found_or_private`;`open-design` 僅作 external scope;`VibeWork` 與 `agent-bounty-protocol` 已列入 approval-required queue |
|
||||
| P1 workflow / secret 名稱 refresh | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` |
|
||||
| P1-2 Gitea authenticated inventory request handoff | S4.5 request 日期更新為 2026-06-04;補 5 項 dispatch preflight、8 欄 request handoff packet、送後不變條件;payload received / accepted / imported 仍 0 |
|
||||
| P1-2 JSON parse / structure check | `gitea-authenticated-inventory-export-request.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `GITEA_AUTHENTICATED_INVENTORY_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator |
|
||||
| P1-3 GitHub target owner response handoff | S4.10 日期更新為 2026-06-04;補 6 項 target owner handoff preflight、9 欄 handoff packet、送後不變條件;received / accepted / rejected 仍 0 |
|
||||
| P1-3 GitHub target owner response handoff | S4.10 日期更新為 2026-06-11;補 6 項 target owner handoff preflight、9 個 target、canonical 9 欄 handoff packet、送後不變條件;received / accepted / rejected 仍 0 |
|
||||
| P1-3 JSON parse / structure check | `github-target-owner-decision-response.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `GITHUB_TARGET_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator |
|
||||
| P1-4 Workflow / secret owner response handoff | S4.12 日期更新為 2026-06-04;補 6 項 workflow / secret handoff preflight、9 欄 handoff packet、送後不變條件;local referenced secret names 校正為 `42`;received / accepted / rejected 仍 0 |
|
||||
| P1-4 JSON parse / structure check | `source-control-workflow-secret-name-owner-response.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `WORKFLOW_SECRET_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator |
|
||||
|
||||
Reference in New Issue
Block a user