docs(security): refresh IwoooS source control readiness [skip ci]

This commit is contained in:
Your Name
2026-06-04 15:36:28 +08:00
parent 6efbd7c6af
commit e84eba9397
11 changed files with 1984 additions and 59 deletions

View File

@@ -2,8 +2,8 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-12 |
| 狀態 | 第版 read-only inventory尚未開始同步或主控切換 |
| 日期 | 2026-06-04 |
| 狀態 | 第版 read-only inventory refresh,尚未開始同步或主控切換 |
| 範圍 | Source control / CI/CD supply chain security |
| 上游 handoff | `docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md` |
| branch/tag/SHA 盤點工具 | `scripts/security/source-control-migration-inventory.py` |
@@ -36,10 +36,10 @@
目前不能直接把 GitHub 切成 primary。
輪只讀盤點顯示,至少目前工作中的 `awoooi` repo 存在以下差異:
輪只讀盤點顯示,至少目前工作中的 `awoooi` repo 存在以下差異:
- GitHub `origin` 與 Gitea `gitea``main` SHA 不一致。
- Gitea 有大量 `drift/adopt-*` 分支GitHub 沒有;截至 2026-05-13 最新 ref detail diff忽略本 PR 分支後 Gitea heads 為 117 條GitHub heads 為 2 條。
- Gitea 有大量 `drift/adopt-*` 分支GitHub 沒有;截至 2026-06-04 read-only refresh`awoooi` Gitea heads 為 170GitHub heads 為 2 條,且 Gitea-only heads 為 168 條。
- Gitea 有 release tagsGitHub 目前查不到 tags。
- 本機 `gitea` remote URL 內嵌憑證,這是 credential hygiene 風險;不得寫入文件、不得複製到 GitHub後續需移除並輪替。
- Gitea `wooo` user endpoint 在未提供 token 時可見 `wooo/awoooi``wooo/ewoooc`,目前 `gitea_repo_inventory_v1.status=partial`
@@ -51,8 +51,9 @@
- `wooo-infra-config` 的 GitHub remote 與本機 `main` 對齊110 internal remote 目前 read-only probe 不可讀,需判斷是否為舊 remote、mirror 或權限問題。
- GitHub target 決策表已建立8 個候選中 7 個需人工批准;其中 `ewoooc``bitan-pharmacy``tsenyang-website` 在 target visibility / owner 決策前不得自動建立或同步。
- GitHub target repo-by-repo approval package 已建立7 個 approval-required targets 拆成 refs reconcile、target 建立 / 授權、internal remote 用途確認三條路徑;此 package 採低摩擦原則,只 gate 高風險執行,不阻擋 read-only evidence。
- Source Control ref truth classification 已建立141 個 refs review items 已拆成 4 個真相來源判定、114 個 drift deprecated 候選、3 個 release tag review、20 個 GitHub-only refs reviewS4.11 已補 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 owner response templatesreceived / accepted response 皆為 0、audit events emitted 仍為 0。這是人工判定隊列與收件框架,不是同步批准。
- Source Control ref truth classification 已建立,舊版 141 個 refs review items 已拆成 4 個真相來源判定、114 個 drift deprecated 候選、3 個 release tag review、20 個 GitHub-only refs review但 2026-06-04 `awoooi` heads 已從 117 增加到 170S4.11 classification 需重產後才可稱為 current。S4.11 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 owner response templates 仍是收件框架received / accepted response 皆為 0、audit events emitted 仍為 0不是同步批准。
- Workflow / secret 名稱 owner response 已建立S4.12 補 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 response templatesreceived / accepted response 皆為 0、audit events emitted 仍為 0這只允許 owner 補 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 的 redacted disposition不授權收 secret value、修改 workflow、啟用 GitHub hosted runner 或切 GitHub primary。
- Workflow / secret 名稱本機 evidence 已於 2026-06-04 重跑8 個候選 repo、7 個本機可見 repo、4 個 local evidence repo、31 個 workflow files、42 個 unique referenced secret names`secret_value_detected=false`;但 webhook、runner owner、deploy key、branch protection、repository secret name parity 仍缺。
- Owner response validation rollup 已建立S4.13 彙整 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets共 22 個 response templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received / accepted response 皆為 0 且 reviewer audit emitted 仍為 0這只是驗收總覽、只讀路由、顯示順序、狀態語義、人工審查提示、結果分類、脫敏稽核格式、稽核顯示邊界、只讀稽核檢查、安全 metadata 顯示範例、metadata retention 邊界、只讀 retention 驗證、跨 Session 只讀交接、交接消費檢查、平行 Session 同步檢查、衝突 lane、復原前檢查與復原結果分類不是 approval、runtime gate、production ingestion 或執行授權。
- 本機可見 Git working tree 輔助盤點已找到 13 個 repo其中去重後 Gitea repo 4 個、GitHub repo 5 個、110 內部 repo 4 個;此結果可用來補遷移矩陣,但不能取代 Gitea server 全量清單。
@@ -64,7 +65,7 @@
|------|------|
| `git remote -v` | 已確認 `origin` 指向 GitHub`gitea` 指向本地 Gitea未在文件中保存憑證 |
| GitHub heads | 2 條 |
| Gitea heads | 117 條,已忽略本 PR 分支 |
| Gitea heads | 170 條 |
| GitHub tags | 0 條 |
| Gitea tag refs | 4 條 raw refs實際 tag 為 `v7.2.0``v7.3.0` |
| Gitea org API | 未認證查詢 `http://192.168.0.110:3001/api/v1/orgs/wooo/repos` 回 404保留為 endpoint 判定 evidence |
@@ -76,6 +77,7 @@
| Gitea public search 工具 | `python3 scripts/security/gitea-repo-inventory.py --base-url http://192.168.0.110:3001 --org public-search --github-owner owenhytsai --scope search --limit 100 --output-json docs/security/gitea-public-repo-search.snapshot.json --output-md docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md` |
| 本機 remote 盤點工具 | `python3 scripts/security/local-git-remote-inventory.py --root /Users/ogt --root "/Users/ogt/Library/Mobile Documents/com~apple~CloudDocs" --max-depth 4 --output-json docs/security/local-git-remote-inventory.snapshot.json --output-md docs/security/LOCAL-GIT-REMOTE-INVENTORY-SNAPSHOT.md` |
| GitHub target probe 工具 | `python3 scripts/security/github-target-probe.py --candidate owenhytsai/awoooi --candidate owenhytsai/clawbot-v5 --candidate owenhytsai/wooo-aiops --candidate owenhytsai/wooo-infra-config --candidate owenhytsai/ewoooc --candidate owenhytsai/bitan-pharmacy --candidate owenhytsai/tsenyang-website --candidate nexu-io/open-design --output-json docs/security/github-target-probe.snapshot.json --output-md docs/security/GITHUB-TARGET-PROBE-SNAPSHOT.md` |
| Workflow / secret 名稱本機 evidence 工具 | `python3 scripts/security/source-control-workflow-secret-name-local-inventory.py --date 2026-06-04 ... --output docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json` |
| 本機 canonical lineage 工具 | `python3 scripts/security/local-repo-canonical-probe.py --group-name ewoooc-momo-pro-system --repo local-momo-gitea=/Users/ogt/momo-pro-system --repo icloud-momo-gitea="/Users/ogt/Library/Mobile Documents/com~apple~CloudDocs/momo-pro-system" --repo local-momo-gitlab=/Users/ogt/momo_pro_system --sample-limit 100 --git-timeout 8 --output-json docs/security/local-repo-canonical-ewoooc-momo.snapshot.json --output-md docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md` |
| Internal 110 refs 工具 | `python3 scripts/security/git-remote-refs-probe.py --group-name internal-110-bitan-tsenyang --repo bitan-pharmacy=/Users/ogt/bitan-pharmacy=origin --repo tsenyang-website=/Users/ogt/tsenyang-website=origin --output-json docs/security/git-remote-refs-bitan-tsenyang.snapshot.json --output-md docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` |
| wooo-infra-config refs 工具 | `python3 scripts/security/git-remote-refs-probe.py --group-name wooo-infra-config-remotes --repo wooo-infra-config-gitea=/Users/ogt/wooo-infra-config=gitea --repo wooo-infra-config-github=/Users/ogt/wooo-infra-config=origin --output-json docs/security/git-remote-refs-wooo-infra-config.snapshot.json --output-md docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md` |
@@ -156,9 +158,9 @@ GitHub target repo-by-repo approval package 已建立於 `docs/security/GITHUB-T
| 欄位 | Gitea | GitHub | 狀態 |
|------|-------|--------|------|
| Repo | `wooo/awoooi` | `owenhytsai/awoooi` | 已有對應 |
| `main` | `5294f0712f1a3370d0155c0d88e5d10c6ec0250e` | `202071f7a8724d5e8c29de441c3f380575a0ea94` | 不一致,阻塞主控切換 |
| `main` | `6efbd7c6af2af12ddec62e8455a50ac20de991cd` | `202071f7a8724d5e8c29de441c3f380575a0ea94` | 不一致,阻塞主控切換 |
| `release/v1.0` | `d15fb7d9f4bac86873d5c16b9c17c527b8f38bef` | `d15fb7d9f4bac86873d5c16b9c17c527b8f38bef` | 一致 |
| `dev` | `25889d4b8edcb83b6ec707c5eef3c21ae5d432b0` | 無 | GitHub 缺分支 |
| `dev` | Gitea-only仍待 owner 判定 | 無 | GitHub 缺分支 |
| `drift/adopt-*` | 多條 | 無 | GitHub 缺分支 |
| `v7.2.0` | 有 | 無 | GitHub 缺 tag |
| `v7.3.0` | 有 | 無 | GitHub 缺 tag |
@@ -200,6 +202,16 @@ GitHub target repo-by-repo approval package 已建立於 `docs/security/GITHUB-T
| secrets 名稱 | 待盤點 | 只盤名稱與 owner不搬 value |
| branch protection / CODEOWNERS | 待設計 | GitHub primary 前必備 |
## 5.1 2026-06-04 規範落差
| 類別 | 落差 | 處理方向 |
|------|------|----------|
| 已不符合現況 | 2026-05-13 的 `117` Gitea heads 與 S4.11 `141` refs review items 已落後2026-06-04 read-only refresh 顯示 `awoooi` Gitea heads 為 `170` | 先重產 ref detail diff / ref truth classification再收 owner response |
| 已不符合現況 | `source-control-workflow-secret-name-local-evidence.snapshot.json` 曾指向舊暫存 worktree | 本輪已改成本 worktree後續 snapshot 必須標示 refresh date 與可重現路徑 |
| 需要新增規範 | 生成式 snapshot 會覆蓋人工治理註記 | 將 generator output 與治理補註分層,或重產後固定補回 S4.5 / S4.6 / S4.7 狀態 |
| 需要新增規範 | 外部 / 高 churn GitHub target 例如 `nexu-io/open-design` 會產生大量 heads evidence | 對 external scope repos 只保留 summary / sampled refs避免把外部 refs 變成 primary readiness 證據 |
| 需要調整規範 | GitHub target probe 只能證明 read-only 可見性,不能證明 owner / visibility / primary readiness | primary gate 需同時要求 owner decision、refs parity、workflow / secret parity 與 rollback ADR |
## 6. `source_control_migration_event_v1` 範例
```json
@@ -207,11 +219,11 @@ GitHub target repo-by-repo approval package 已建立於 `docs/security/GITHUB-T
"schema_version": "source_control_migration_event_v1",
"gitea_repo": "wooo/awoooi",
"github_repo": "owenhytsai/awoooi",
"branch_count_gitea": 117,
"branch_count_gitea": 170,
"branch_count_github": 2,
"tag_count_gitea": 2,
"tag_count_github": 0,
"latest_sha_gitea": "5294f0712f1a3370d0155c0d88e5d10c6ec0250e",
"latest_sha_gitea": "6efbd7c6af2af12ddec62e8455a50ac20de991cd",
"latest_sha_github": "202071f7a8724d5e8c29de441c3f380575a0ea94",
"workflows_mapped": false,
"webhooks_mapped": false,

View File

@@ -9,17 +9,17 @@
| GitHub repo | `owenhytsai/awoooi` |
| Gitea URL | `http://192.168.0.110:3001/wooo/awoooi.git` |
| GitHub URL | `https://github.com/owenhytsai/awoooi.git` |
| Gitea 分支數 | `117` |
| Gitea 分支數 | `170` |
| GitHub 分支數 | `2` |
| Gitea tags | `2` |
| GitHub tags | `0` |
| Gitea main | `0bc187877884f6fa6fe87a03dab99e9c6622fd42` |
| Gitea main | `6efbd7c6af2af12ddec62e8455a50ac20de991cd` |
| GitHub main | `202071f7a8724d5e8c29de441c3f380575a0ea94` |
| 阻塞原因 | branches 尚未完全對齊tags 尚未完全對齊main SHA 不一致 |
## 分支差異
- 只在 Gitea`115`
- 只在 Gitea`168`
- 只在 GitHub`0`
- SHA 不一致:`1`
- SHA 一致:`1`

View File

@@ -31,3 +31,5 @@ S4.5 已將 authenticated inventory / redacted admin export 的欄位、拒收
S4.6 已將後續脫敏 payload 的驗收、拒收與隔離規則文件化;目前尚未收到 payload`gitea_repo_inventory_v1.status` 仍不得標記為 `ok`。
S4.7 已將 owner coverage attestation 文件化;目前尚未收到 owner attestationpublic-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent source 的 scope 仍不得視為已完成。
2026-06-04 P1 refresh 注意:本檔由工具重產時會覆蓋人工治理註記;後續需把 generator output 與治理補註分層,或在重產後固定補回 S4.5 / S4.6 / S4.7 狀態,避免 AwoooP 只看到 public-only list 而漏掉 owner response gate。

View File

@@ -18,6 +18,6 @@
| `owenhytsai/ewoooc` | `not_found_or_private` | `0` | GitHub 回應 repository not found可能未建立或為 private 且未授權 |
| `owenhytsai/bitan-pharmacy` | `not_found_or_private` | `0` | GitHub 回應 repository not found可能未建立或為 private 且未授權 |
| `owenhytsai/tsenyang-website` | `not_found_or_private` | `0` | GitHub 回應 repository not found可能未建立或為 private 且未授權 |
| `nexu-io/open-design` | `exists` | `186` | 無 |
| `nexu-io/open-design` | `exists` | `644` | 無 |
> 注意:`not_found_or_private` 只代表未授權 read-only probe 看不到,不等同確認不存在。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-17 |
| 日期 | 2026-06-04 |
| 狀態 | 草案blocked by default |
| Schema | `docs/schemas/source_control_primary_readiness_gate_v1.schema.json` |
| Snapshot | `docs/security/source-control-primary-readiness-gate.snapshot.json` |
@@ -22,6 +22,19 @@
它不是 cutover plan也不是 refs sync plan。目前 `primary_ready_count=0``github_primary_switch_authorized=false`
## 0.1 2026-06-04 P1 只讀重盤結論
本輪只刷新 evidence不切 primary、不建立 repo、不同步 refs、不改 workflow、不收 secret value。
| 證據 | 2026-06-04 結果 | Gate 判讀 |
|------|-----------------|-----------|
| `awoooi` Gitea / GitHub refs | Gitea heads `170`、GitHub heads `2`、Gitea tags `2`、GitHub tags `0`、main SHA 不一致:`6efbd7c6af2af12ddec62e8455a50ac20de991cd` vs `202071f7a8724d5e8c29de441c3f380575a0ea94` | `blocked`;舊 S4.11 `141` refs review items 已不符合 current refs truth需重產 |
| Gitea repo inventory | user endpoint public-only 仍只看到 `wooo/awoooi``wooo/ewoooc`org endpoint 仍 blocked / 404 | `blocked`;不得視為所有 Gitea 專案已盤完 |
| GitHub target probe | 8 個候選中 5 個可讀、3 個 `not_found_or_private``nexu-io/open-design` 為 external scope 且 heads 增至 `644` | `pending_review`;可讀性不是 owner approval |
| Workflow / secret 名稱本機 evidence | 8 個候選、7 個本機可見、4 個 local evidence repo、31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | `missing_evidence`;仍缺 webhook、runner owner、deploy key、branch protection、repository secret parity |
本輪規範調整snapshot 必須標示 refresh date 與可重現路徑;由工具重產的 snapshot 不得覆蓋治理補註後就直接視為完整狀態external scope / high-churn repo 只可作可見性摘要,不得加入 primary cutover queue。
## 1. 目前狀態
| 指標 | 數量 |
@@ -38,9 +51,9 @@
| Gate | 目前狀態 | 說明 |
|------|----------|------|
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 與 collection checks 已可顯示,但 S4.7 owner coverage attestation response 仍未收到audit events emitted 仍為 0S4.13 已集中顯示四包 owner response validation、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes但 total accepted response 仍為 0、reviewer audit emitted 仍為 0 |
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs driftS4.11 已補 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包received / accepted response 皆為 0、audit events emitted 仍為 0 |
| workflow / runner / secret name parity | missing evidence | S4.1 已建立 inventory 契約S4.12 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包received / accepted response 皆為 0、audit events emitted 仍為 0尚未有實際 redacted workflow、webhook、runner、secret 名稱 snapshot |
| owner / visibility / canonical | pending review | 7 個 in-scope targets 仍需人工決策S4.10 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,received / accepted response 皆為 0 |
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs drift`awoooi` 已刷新到 Gitea heads `170` / GitHub heads `2`,舊 S4.11 `141` refs review items 需重產S4.11 owner response received / accepted 仍為 0 |
| workflow / runner / secret name parity | missing evidence | S4.2 本機 evidence 已於 2026-06-04 刷新到 31 個 workflow files / 42 個 unique referenced secret names仍缺 webhook、runner owner、deploy key、branch protection、repository secret parityS4.12 owner response received / accepted 仍為 0 |
| owner / visibility / canonical | pending review | GitHub target probe 仍是 5 個可讀、3 個 `not_found_or_private`7 個 in-scope targets 仍需人工決策S4.10 owner response received / accepted 為 0 |
| rollback ADR | pending review | S4.4 已建立 rollback ADR 草案7 個 in-scope repos 仍需 owner approval、dry-run 與 validation window |
## 3. AwoooP 可做
@@ -51,7 +64,7 @@
4. 顯示哪些 evidence 仍缺Gitea authenticated inventory、S4.7 owner coverage attestation、S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / owner response、S4.10 GitHub target owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.11 refs truth owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.12 workflow / secret name owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.13 validation rollup / evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes、workflow/runner/secret name inventory、rollback ADR。
5. 連到 S4.10 `github_target_owner_decision_response_v1` 顯示 1 個 owner response request packet、7 個 owner response template statuses、3 個 owner response audit event templates、5 個 owner response redaction examples、6 個 owner response collection checks、6 個 intake preflight checks、7 個 owner decision response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0。
6. 連到 S4.11 `source_control_ref_truth_owner_response_v1` 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 refs owner response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0、audit events emitted 仍為 0。
7. 連到 `source_control_workflow_secret_name_inventory_v1` 顯示 8 個 candidate repos 的 inventory lane 缺口與 S4.2 local evidence;只保存 secret 名稱與 owner不保存 value。
7. 連到 `source_control_workflow_secret_name_inventory_v1` 與 2026-06-04 S4.2 local evidence顯示 8 個 candidate repos、31 個 workflow files、42 個 unique referenced secret names 與仍缺的 webhook / runner / deploy key / branch protection / repository secret parity;只保存 secret 名稱與 owner不保存 value。
8. 連到 S4.12 `source_control_workflow_secret_name_owner_response_v1` 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 owner response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0、audit events emitted 仍為 0。
9. 連到 S4.13 `source_control_owner_response_validation_rollup_v1` 顯示四包 owner response validation 狀態22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received / accepted / rejected response 皆為 0、reviewer audit emitted 仍為 0。
10. 連到 `source_control_primary_rollback_adr_v1` 顯示 7 個 in-scope repos 的 rollback owner、trigger 與 validation window 草案。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-06-04 |
| 狀態 | 草案partial local evidence |
| Schema | `docs/schemas/source_control_workflow_secret_name_local_evidence_v1.schema.json` |
| Snapshot | `docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json` |
@@ -12,7 +12,7 @@
## 0. 核心結論
S4.2 先補本機可見 working tree 的只讀 workflow / secret 名稱 evidence。
S4.2 先補本機可見 working tree 的只讀 workflow / secret 名稱 evidence。2026-06-04 P1 refresh 已改用本輪乾淨 worktree `/private/tmp/awoooi-iwooos-governance-p0-20260604` 重跑 `awoooi` evidence避免沿用舊暫存路徑。
本 snapshot 只從 `.github/workflows/``.gitea/workflows/``CODEOWNERS``.github/CODEOWNERS` 萃取名稱級 metadata。它不呼叫 GitHub / Gitea API、不讀 `.env`、不讀 secret store、不收集 secret value、不修改 workflow。
@@ -31,7 +31,7 @@ S4.3 已把這些後續缺口整理成 redacted export request並額外納入
| Gitea workflow files | 10 |
| GitHub workflow files | 21 |
| CODEOWNERS files | 2 |
| Unique referenced secret names | 43 |
| Unique referenced secret names | 42 |
| Runner labels | 5 |
| Secret value detected | `false` |
@@ -39,7 +39,7 @@ S4.3 已把這些後續缺口整理成 redacted export request並額外納入
| Repo | Local status | Workflow files | Secret names | CODEOWNERS | 說明 |
|------|--------------|----------------|--------------|------------|------|
| `owenhytsai/awoooi` | `partial_local_evidence` | 14 | 37 | 0 | Gitea / GitHub workflows 都可見;仍需 webhook、branch protection、repository secret parity evidence |
| `owenhytsai/awoooi` | `partial_local_evidence` | 14 | 34 | 0 | Gitea / GitHub workflows 都可見;本輪移除舊 worktree evidence 漂移後,仍需 webhook、branch protection、repository secret parity evidence |
| `owenhytsai/clawbot-v5` | `local_repo_visible_no_workflow_files` | 0 | 0 | 0 | 本機 repo 可見,但未找到 workflow / CODEOWNERS |
| `owenhytsai/wooo-aiops` | `partial_local_evidence` | 14 | 12 | 2 | GitHub / Gitea workflow 與 CODEOWNERS 可見;仍需 webhook 與 branch protection evidence |
| `owenhytsai/wooo-infra-config` | `partial_local_evidence` | 1 | 2 | 0 | GitHub validate workflow 可見infra secret value 不可搬移 |
@@ -68,6 +68,7 @@ S4.3 已把這些後續缺口整理成 redacted export request並額外納入
4. Branch protection inventory只列 protected branch、required status checks、review count。
5. Repository secret parity只比對 secret 名稱與 owner不輸出 value。
6. 逐 repo owner review確認本機可見 workflow 是否為 canonical尤其是 `ewoooc` / `momo-pro-system`
7. Snapshot freshness本機 evidence 必須標示可重現路徑與刷新日期;過期暫存 worktree 只能作歷史參考,不可當 current readiness。
## 5. 永久禁止

View File

@@ -2,11 +2,11 @@
"schema_version": "source_control_migration_event_v1",
"gitea_repo": "wooo/awoooi",
"github_repo": "owenhytsai/awoooi",
"branch_count_gitea": 117,
"branch_count_gitea": 170,
"branch_count_github": 2,
"tag_count_gitea": 2,
"tag_count_github": 0,
"latest_sha_gitea": "0bc187877884f6fa6fe87a03dab99e9c6622fd42",
"latest_sha_gitea": "6efbd7c6af2af12ddec62e8455a50ac20de991cd",
"latest_sha_github": "202071f7a8724d5e8c29de441c3f380575a0ea94",
"workflows_mapped": false,
"webhooks_mapped": false,

File diff suppressed because it is too large Load Diff

View File

@@ -1,7 +1,7 @@
{
"schema_version": "source_control_primary_readiness_gate_v1",
"status": "draft_blocked",
"date": "2026-05-17",
"date": "2026-06-04",
"mode": "primary_readiness_gate_only",
"runtime_execution_authorized": false,
"source_indexes": [
@@ -13,15 +13,19 @@
"docs/security/source-control-ref-truth-classification.snapshot.json",
"docs/security/source-control-ref-truth-owner-response.snapshot.json",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json",
"docs/security/source-control-owner-response-validation-rollup.snapshot.json",
"docs/security/source-control-primary-rollback-adr.snapshot.json",
"docs/security/gitea-github-awoooi-inventory.snapshot.json",
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/github-target-probe.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json"
],
"summary": {
@@ -80,7 +84,8 @@
],
"current_gap": [
"3 個 mapped repos 仍有 refs drift",
"141 個 refs review items 尚待人工判定",
"2026-06-04 awoooi read-only refresh 顯示 Gitea heads=170、GitHub heads=2、Gitea tags=2、GitHub tags=0、main SHA=6efbd7c6af2af12ddec62e8455a50ac20de991cd vs 202071f7a8724d5e8c29de441c3f380575a0ea94",
"舊版 141 個 refs review items 已不符合 current refs truth必須重產 ref detail diff / ref truth classification 後再收 owner response",
"S4.11 已建立 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,但目前 received_response_count=0、accepted_response_count=0、audit_events_emitted=0",
"不得 push/delete/force push refs"
],
@@ -102,7 +107,8 @@
"secret 只列名稱與 owner不保存 value"
],
"current_gap": [
"S4.1 已定義 workflow / webhook / runner / secret 名稱 inventory 契約,但尚未收集實際 redacted snapshot",
"S4.2 local evidence 已於 2026-06-04 重跑8 個 candidate repos、7 個 local visible repos、4 個 local evidence repos、31 個 workflow files、42 個 unique referenced secret names、secret_value_detected=false",
"仍缺 webhook、runner owner、deploy key、branch protection / CODEOWNERS、repository secret name parity 的 redacted evidence",
"S4.12 已建立 workflow / secret 名稱 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,但目前 received_response_count=0、accepted_response_count=0、audit_events_emitted=0",
"不得搬移或輸出 secret value",
"不得因缺資料而假設 GitHub ready"
@@ -126,6 +132,7 @@
],
"current_gap": [
"7 個 targets 仍需人工批准",
"2026-06-04 GitHub target probe 顯示 8 個候選中 5 個可讀、3 個 not_found_or_privatenot_found_or_private 仍不得解讀為 repo 不存在",
"S4.10 已建立 GitHub target owner decision response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,但目前 received_response_count=0、accepted_response_count=0",
"ewoooc / momo-pro-system canonical 關係尚未確認",
"bitan-pharmacy 與 tsenyang-website GitHub target 未確認"
@@ -171,11 +178,15 @@
"primary_ready": false,
"blockers": [
"main SHA 不一致",
"2026-06-04 read-only refresh 顯示 Gitea heads=170、GitHub heads=2、Gitea-only heads=168、Gitea tags=2、GitHub tags=0",
"舊版 S4.11 ref truth classification 已落後,需重產後再收 owner response",
"branches/tags/workflows/webhooks/secrets 名稱 inventory 尚未完成",
"GitHub primary ADR 與 rollback plan 尚未完成"
],
"evidence_refs": [
"docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md",
"docs/security/gitea-github-awoooi-inventory.snapshot.json",
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/source-control-ref-detail-diff.snapshot.json",
"docs/security/source-control-ref-truth-classification.snapshot.json",
"docs/security/source-control-ref-truth-owner-response.snapshot.json",
@@ -301,6 +312,7 @@
],
"evidence_refs": [
"docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md",
"docs/security/github-target-decision.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
@@ -326,12 +338,14 @@
"target_state": "not_found_or_private",
"primary_ready": false,
"blockers": [
"2026-06-04 GitHub target probe 仍為 not_found_or_private",
"GitHub target 未確認",
"repo 是否仍 active 尚未確認",
"owner / visibility 決策尚未完成"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-decision.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
@@ -356,12 +370,14 @@
"target_state": "not_found_or_private",
"primary_ready": false,
"blockers": [
"2026-06-04 GitHub target probe 仍為 not_found_or_private",
"GitHub target 未確認",
"repo 是否仍 active 尚未確認",
"owner / visibility 決策尚未完成"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-decision.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
@@ -387,6 +403,7 @@
"primary_ready": false,
"blockers": [
"尚未確認是否屬於 AWOOOI 資安供應鏈範圍",
"2026-06-04 GitHub target probe 顯示 heads=644屬 external high-churn evidence只能當 scope review summary",
"不納入 GitHub primary cutover 候選"
],
"evidence_refs": [
@@ -409,7 +426,10 @@
"not_found_or_private 不能當成 repo 不存在,也不能自動建立 GitHub repo。",
"Gitea 在 cutover 前仍是實際本地控制面;不得停用、刪除、封存或降級任何 repo。",
"secret 只能 inventory 名稱與 owner不得搬移或保存 secret value。",
"任何 refs sync / repo creation / visibility change / primary switch 都需要新的 runtime gate 與人工批准。"
"任何 refs sync / repo creation / visibility change / primary switch 都需要新的 runtime gate 與人工批准。",
"Snapshot 必須標示 refresh date 與可重現路徑;過期暫存 worktree evidence 不得當成 current readiness。",
"由工具重產的 snapshot 若會覆蓋人工治理註記,必須分層保存或重產後補回治理狀態。",
"External scope / high-churn GitHub repo 只保留 summary evidence不得直接加入 primary cutover queue。"
],
"forbidden_actions": [
"create_github_repo",

View File

@@ -1,7 +1,7 @@
{
"schema_version": "source_control_workflow_secret_name_local_evidence_v1",
"status": "draft_partial_local_evidence",
"date": "2026-05-13",
"date": "2026-06-04",
"mode": "local_read_only_redacted_inventory",
"runtime_execution_authorized": false,
"source_contract": "source_control_workflow_secret_name_inventory_v1",
@@ -13,7 +13,7 @@
"gitea_workflow_file_count": 10,
"github_workflow_file_count": 21,
"codeowners_file_count": 2,
"unique_secret_name_count": 43,
"unique_secret_name_count": 42,
"runner_label_count": 5,
"secret_value_collection_allowed": false,
"secret_value_detected": false,
@@ -30,7 +30,6 @@
"CODECOV_TOKEN",
"DATABASE_URL",
"DEPLOY_SSH_KEY",
"DEPLOY_SSH_KEY_188",
"GEMINI_API_KEY",
"GITEA_MIRROR_TOKEN",
"GITHUB_TOKEN",
@@ -75,7 +74,7 @@
"repos": [
{
"repo_key": "awoooi",
"repo_path": "/private/tmp/awoooi-security-supplychain-push",
"repo_path": "/private/tmp/awoooi-iwooos-governance-p0-20260604",
"github_repo": "owenhytsai/awoooi",
"source_key": "wooo/awoooi",
"scope_status": "in_scope",
@@ -92,7 +91,7 @@
"push"
],
"runner_label_names": [
"self-hosted"
"ubuntu-latest"
],
"environment_names": [],
"referenced_secret_names": []
@@ -143,7 +142,6 @@
"CLAUDE_API_KEY",
"DATABASE_URL",
"DEPLOY_SSH_KEY",
"DEPLOY_SSH_KEY_188",
"GEMINI_API_KEY",
"HARBOR_PASSWORD",
"HARBOR_USERNAME",
@@ -216,6 +214,7 @@
],
"environment_names": [],
"referenced_secret_names": [
"AWOOOP_OPERATOR_API_KEY",
"OPENCLAW_TG_BOT_TOKEN"
]
},
@@ -426,7 +425,6 @@
"CODECOV_TOKEN",
"DATABASE_URL",
"DEPLOY_SSH_KEY",
"DEPLOY_SSH_KEY_188",
"GEMINI_API_KEY",
"GITEA_MIRROR_TOKEN",
"HARBOR_PASSWORD",

View File

@@ -9,7 +9,7 @@
| 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
| 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` |
| 本次分支 | `codex/iwooos-governance-p0-20260604` |
| 最新觀察到的 `gitea/main` | `0260ec89 chore(cd): deploy 973fc7a [skip ci]` |
| 最新觀察到的 `gitea/main` | `6efbd7c6 chore(cd): deploy 1ae8f80 [skip ci]` |
| 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` |
| 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` |
| 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 |
@@ -23,7 +23,7 @@
| runtime landing | 40-45% | 否 | production 只讀頁存在,不等於 runtime ingestion 或 execution router |
| active runtime gate | 0 | 否 | 必須維持 0直到獨立人工批准、rollback、post-check 與 guard 成立 |
| S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收,不標記 received / accepted |
| GitHub primary readiness | 0 | 否 | 目前只讀盤點,不建立 repo、不同步 refs、不切 primary |
| GitHub primary readiness | 0 | 否 | primary gate 仍為 0P1 只讀重盤工作本身目前約 55%,不代表可切 primary |
| Kali 112 維護準備 | 只讀證據已納管,維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan |
| 111 / 168 開發主機納管 | observe-only mapping 已有,維護包需補強 | 可補文件,不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 |
| VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 |
@@ -114,6 +114,53 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count
| P3 | AI Agent 評估 | NemoTron / Hermes / OpenClaw / ElephantAlpha dry-run、benchmark、成本、安全邊界 | 不切 production |
| P3 | runtime gate 收斂 | owner evidence、人工批准、rollback、disable、post-check | production truth不只 UI |
## 6.1 P1 GitHub Primary Readiness 只讀重盤狀態
本階段只處理 evidence freshness 與規範落差,不切 GitHub primary、不建立 repo、不同步 refs、不改 workflow、不收 secret value。GitHub primary readiness gate 仍維持 `0`
| 工作 | 完成度 | 2026-06-04 結果 | 下一步 |
|------|--------|-----------------|--------|
| `awoooi` Gitea / GitHub refs refresh | 100% | Gitea heads `170`、GitHub heads `2`、Gitea tags `2`、GitHub tags `0`、main SHA 不一致 | 重產 ref detail diff / ref truth classification |
| Gitea public repo inventory refresh | 100% | user endpoint public-only 仍只見 `wooo/awoooi``wooo/ewoooc`org endpoint 仍 blocked / 404 | 取得只讀 token 或 redacted admin export 批准 |
| GitHub target probe refresh | 100% | 8 個候選中 5 個可讀、3 個 `not_found_or_private``open-design` heads `644` 只作 external scope evidence | owner / visibility / canonical response 仍待收 |
| Workflow / secret 名稱本機 evidence refresh | 100% | 31 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | 補 webhook、runner owner、deploy key、branch protection、secret name parity |
| Primary readiness gate 文件更新 | 80% | 已寫入 2026-06-04 refresh 與禁止誤讀規則 | 跑 guard 後以 LOGBOOK 封存 |
| 全量 Gitea 專案版本盤點 | 25% | 目前仍是 public-only + 本機輔助 evidence | 需只讀 token / admin export不使用 write credential |
| 逐 repo refs truth queue | 20% | 舊 S4.11 `141` refs review items 已落後於 current `170` heads | 先重產 queue再送 owner response |
| Workflow / runner / secret parity owner response | 15% | 有 local evidence 與 template但 received / accepted 皆 0 | 只收 redacted metadata不收 value |
| GitHub primary cutover readiness | 0% | `primary_ready_count=0``github_primary_switch_authorized=false` | 需 owner、parity、rollback ADR、人工批准全部成立 |
P1 只讀重盤階段整體完成度:`55%`。它代表 freshness / inventory 工作進度,不代表 GitHub primary gate 或 runtime gate 提升。
## 6.2 規範分析:已不符合、需新增、需調整
| 分類 | 項目 | 原因 | 本輪處理 |
|------|------|------|----------|
| 已不符合現在要求 | `GITEA-GITHUB-MIGRATION-INVENTORY.md` 仍寫 2026-05-12 / 117 heads / 舊 main SHA | 2026-06-04 refresh 顯示 Gitea heads `170`、main SHA `6efbd7c6...` | 已更新為第三版 read-only inventory refresh |
| 已不符合現在要求 | S4.11 `141` refs review items 被當成 current queue | current `awoooi` Gitea heads 已增至 `170` | 已標記需重產 ref detail diff / ref truth classification |
| 已不符合現在要求 | Workflow local evidence 指到舊暫存 worktree | 舊路徑不可重現,會污染 P1 evidence freshness | 已改為本輪乾淨 worktree並新增 snapshot freshness 規則 |
| 已不符合現在要求 | `SOURCE-CONTROL-PRIMARY-READINESS-GATE.md` 日期停在 2026-05-17 | Gate 內容未反映最新 refs / GitHub target / workflow evidence | 已新增 2026-06-04 P1 只讀重盤結論 |
| 需要新增規範 | Generator output 與人工治理註記分層 | `GITEA-REPO-INVENTORY-SNAPSHOT.md` 重產時會覆蓋 S4.5 / S4.6 / S4.7 補註 | 已補回註記,並列為後續 generator / governance 分層工作 |
| 需要新增規範 | External / high-churn repo evidence 摘要規則 | `nexu-io/open-design` heads `644`,不宜把外部 refs 全量混入 AWOOOI primary readiness | 已標記只作 external scope summary不納入 cutover queue |
| 需要新增規範 | P1 page verification decision rule | 文件 / snapshot 更新不一定需要開頁;若宣稱 production 狀態或改前端才必須開頁 | 已保留驗證節點規則,本階段不改前端、不宣稱新 production |
| 需要調整規範 | GitHub target probe wording | `not_found_or_private` 容易被誤讀成不存在 | 已在 primary gate 重申不可自動建立 repo、不可切 primary |
| 需要調整規範 | Workflow / secret 名稱完成度 | local evidence 已有,但 webhook / runner / deploy key / branch protection / parity 仍缺 | 已改為 `missing_evidence`,不得說已完成 parity |
| 需要調整規範 | AwoooP 同步封包 | P1 要同步 refreshed counts、blocked gates、no-run 狀態,避免另一 Session 以舊 117 heads 繼續推進 | 本總帳與 LOGBOOK 會作為同步封包來源 |
## 6.3 P1 優先順序細化
| 優先 | 工作 | 內容 | 完成條件 |
|------|------|------|----------|
| P1-1 | Source-control refs truth 重產 | 以 2026-06-04 `awoooi` refs refresh 重產 detail diff / truth classification | 新 queue 不再引用舊 `141` 為 current |
| P1-2 | Gitea authenticated inventory request | 依 S4.5/S4.6/S4.7/S4.9 收只讀 token 或 redacted admin export | 只收 metadata不保存 token value |
| P1-3 | GitHub target owner response | 對 7 個 in-scope targets 收 owner / visibility / canonical 決策 | received / accepted 前仍全部 0 |
| P1-4 | Workflow / runner / secret parity evidence | webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity | redacted evidence refs 完整secret value 仍拒收 |
| P1-5 | Primary rollback ADR 補強 | 逐 repo rollback owner、trigger、validation window、fallback role | ADR approved 前不切 primary |
| P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count |
| P1-7 | Kali 112 maintenance window 草案 | packages、`networking.service` failed、hardening 0/4、rollback、post-check | 文件草案,不執行 `apt upgrade` / restart / scan |
| P1-8 | 111 / 168 開發主機 scope | scope、credential handling、rollback owner、validation 指標 | observe-only不做 credentialed scan |
| P1-9 | VibeWork 納入 IwoooS | repo / product / surface / owner / evidence refs / 獨立產品邊界 | docs/specs 繁中,產品責任不合併 |
## 7. 2026-06-04 本輪驗證紀錄
| 驗證 | 結果 |