wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity

docs(security): add gitea inventory export request gate [skip ci]

Browse Source
This commit is contained in:
Your Name
2026-05-13 20:33:24 +08:00
parent 9bcf865327
commit eecc1c2de1
19 changed files with 572 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/LOGBOOK.md
View File

@@ -1,3 +1,34 @@
## 2026-05-13 | 資安供應鏈 S4.5Gitea 認證清冊匯出請求
**背景**Gitea 全量轉移到 GitHub 前,不能只靠未認證公開範圍清冊。現有 `gitea_repo_inventory_v1` 只能看到 `wooo/awoooi``wooo/ewoooc`,但本機 remote evidence 顯示至少有 4 個 unique Gitea repo 需要納入判斷。為了維持低摩擦,本輪只建立認證 / 管理脫敏匯出請求,不收 token、不寫 Gitea、不做 refs sync、不切 GitHub primary。
**完成**
- 新增 `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json`
- 新增 `docs/security/gitea-authenticated-inventory-export-request.snapshot.json``docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md`
- 明確標示目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個。
- 定義 2 類匯出來源選項:只讀 token API 清冊、已脫敏管理匯出清冊。
- 明確標示 `token_value_collection_allowed=false``write_token_allowed=false``repo_write_allowed=false``refs_sync_allowed=false``github_primary_switch_authorized=false``action_buttons_allowed=false`
- 更新 manifest、mirror readiness、status rollup、primary readiness gate、AwoooP checklist、Gitea approval package、admin export checklist、server-side runbook、repo inventory snapshot、handoff 與 progress使 AwoooP 能顯示 S4.5 請求與覆蓋缺口。
**仍未完成**
- 取得 repo owner 批准後的 authenticated Gitea server-side inventory。
- 將 private/internal repo list 匯入 `gitea_repo_inventory_v1.status=ok`
- 對 gap repo 補 owner / canonical / GitHub target / refs truth / workflow-secret parity。
- 任何 GitHub primary 切換或 refs migration。
**仍禁止**
- 不保存 token value、raw secret、cookie、private key。
- 不使用 write token。
- 不建立、刪除、封存或修改 Gitea repo。
- 不建立 GitHub repo、不修改 visibility、不 sync refs、不 delete refs、不 force push。
- 不切 GitHub primary、不停用 Gitea。
**驗證**
- JSON 全量 parse 通過83 個 JSON files。
- S4.5 assertion 通過manifest 仍為 35 個主 contracts、mirror readiness 維持 32 ready / 2 partial / 1 contract-only / 0 blocked、Gitea request 為未認證公開範圍 2 / 本機 Gitea unique 4 / 覆蓋缺口 2 / 匯出選項 2所有 runtime / write / token value flags 皆為 false。
- `git diff --check` 通過。
- 敏感字串掃描確認本輪未保存 Kali SSH 密碼、常見 token pattern、private key material也未出現 `token_value_collection_allowed``write_token_allowed``repo_write_allowed``refs_sync_allowed``github_primary_switch_authorized``action_buttons_allowed` 被打開。
## 2026-05-13 | 資安供應鏈 S4.4GitHub Primary Rollback ADR 草案
**背景**S4.0 已把 GitHub primary readiness gate 定義出來S4.1-S4.3 已補 workflow / secret 名稱 inventory 與 redacted export request但 GitHub primary cutover 前仍缺 rollback ADR。為了維持低摩擦本輪只建立 rollback ADR 草案與鏡像契約,不切 GitHub primary、不執行 rollback、不修改 GitHub/Gitea。

183
docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json Normal file
View File

@@ -0,0 +1,183 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:gitea-authenticated-inventory-export-request-v1",
"title": "Gitea Authenticated Inventory Export Request v1",
"description": "定義 Gitea private/internal 全量 repo inventory 的只讀 token 或管理匯出請求、允許欄位、拒收欄位與驗收 gate。此 schema 不授權讀取 token value、repo 寫入、refs sync 或 GitHub primary cutover。",
"type": "object",
"required": [
"schema_version",
"status",
"date",
"mode",
"runtime_execution_authorized",
"source_contract",
"source_indexes",
"summary",
"export_source_options",
"required_inventory_fields",
"coverage_gap_hints",
"acceptance_rules",
"redaction_rules",
"forbidden_actions"
],
"properties": {
"schema_version": {
"const": "gitea_authenticated_inventory_export_request_v1"
},
"status": {
"type": "string",
"enum": ["draft_waiting_owner_export"]
},
"date": {
"type": "string"
},
"mode": {
"type": "string",
"enum": ["redacted_export_request_only"]
},
"runtime_execution_authorized": {
"type": "boolean",
"const": false
},
"source_contract": {
"type": "string",
"const": "gitea_repo_inventory_v1"
},
"source_indexes": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"summary": {
"type": "object",
"required": [
"gitea_base_url",
"org_or_user",
"public_only_repo_count",
"local_gitea_unique_repo_count",
"local_gitea_gap_count",
"export_source_option_count",
"target_inventory_status",
"token_value_collection_allowed",
"write_token_allowed",
"repo_write_allowed",
"refs_sync_allowed",
"github_primary_switch_authorized",
"action_buttons_allowed"
],
"properties": {
"gitea_base_url": {"type": "string"},
"org_or_user": {"type": "string"},
"public_only_repo_count": {"type": "integer", "minimum": 0},
"local_gitea_unique_repo_count": {"type": "integer", "minimum": 0},
"local_gitea_gap_count": {"type": "integer", "minimum": 0},
"export_source_option_count": {"type": "integer", "minimum": 0},
"target_inventory_status": {
"type": "string",
"enum": ["gitea_repo_inventory_v1.status=ok"]
},
"token_value_collection_allowed": {"type": "boolean", "const": false},
"write_token_allowed": {"type": "boolean", "const": false},
"repo_write_allowed": {"type": "boolean", "const": false},
"refs_sync_allowed": {"type": "boolean", "const": false},
"github_primary_switch_authorized": {"type": "boolean", "const": false},
"action_buttons_allowed": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"export_source_options": {
"type": "array",
"items": {
"type": "object",
"required": [
"option_id",
"title",
"request_status",
"producer",
"allowed_processing",
"blocked_processing",
"acceptance_gate",
"execution_authorized"
],
"properties": {
"option_id": {"type": "string"},
"title": {"type": "string"},
"request_status": {
"type": "string",
"enum": ["waiting_human_approval_or_owner_export"]
},
"producer": {"type": "string"},
"allowed_processing": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"blocked_processing": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"acceptance_gate": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"execution_authorized": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"minItems": 1
},
"required_inventory_fields": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"coverage_gap_hints": {
"type": "array",
"items": {
"type": "object",
"required": [
"gap_id",
"title",
"current_evidence",
"required_resolution",
"execution_authorized"
],
"properties": {
"gap_id": {"type": "string"},
"title": {"type": "string"},
"current_evidence": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"required_resolution": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"execution_authorized": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"minItems": 1
},
"acceptance_rules": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"redaction_rules": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"forbidden_actions": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
}
},
"additionalProperties": false
}

24
docs/schemas/security_mirror_status_rollup_v1.schema.json
View File

@@ -66,6 +66,11 @@
"approval_state_transition_rule_total",
"followup_runtime_gate_template_total",
"active_runtime_gate_count",
"gitea_inventory_status",
"gitea_inventory_public_only_repo_count",
"gitea_inventory_local_gitea_repo_count",
"gitea_inventory_export_source_option_count",
"gitea_inventory_token_value_collection_allowed",
"primary_readiness_candidate_repo_count",
"github_primary_ready_count",
"primary_rollback_adr_repo_plan_count",
@@ -129,6 +134,25 @@
"type": "integer",
"minimum": 0
},
"gitea_inventory_status": {
"type": "string"
},
"gitea_inventory_public_only_repo_count": {
"type": "integer",
"minimum": 0
},
"gitea_inventory_local_gitea_repo_count": {
"type": "integer",
"minimum": 0
},
"gitea_inventory_export_source_option_count": {
"type": "integer",
"minimum": 0
},
"gitea_inventory_token_value_collection_allowed": {
"type": "boolean",
"const": false
},
"primary_readiness_candidate_repo_count": {
"type": "integer",
"minimum": 0

5
docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md
View File

@@ -44,7 +44,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| `security_mirror_status_rollup_v1` | AwoooP 鏡像狀態彙整契約 | Operator Console、Runtime State、Audit | mirror-only | 只顯示階段狀態、下一個 gate 與禁止事項;不得視為 runtime authorization |
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 不保存 token value、不刪除或停用 Gitea repo |
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence 與 S4.5 authenticated/admin export request不保存 token value、不刪除或停用 Gitea repo |
| `local_git_remote_inventory_v1` | 本機可見 Git working tree remote | Source-control coverage evidence、migration matrix | mirror-only | 不視為 Gitea server 全量、不修改 remote |
| `github_target_probe_v1` | 候選 GitHub repo read-only probe | Migration target evidence | mirror-only | `not_found_or_private` 不等同確認不存在 |
| `github_target_decision_v1` | GitHub target 建立與可見性決策草案 | Approval candidate、Migration target evidence | mirror-only | approval 前不得建立 repo、修改 visibility、同步 refs |
@@ -116,7 +116,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason不允許切 primary |
| `source_control_migration_event_v1.status=verified` | `approve_required` | 仍需人工批准主控切換 |
| `gitea_repo_inventory_v1.status=blocked` | `observe` | 補只讀 token 或管理匯出,不做同步 |
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence不做同步 |
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence顯示 S4.5 export request 與 coverage gap不做同步 |
| `gitea_repo_inventory_v1.status=ok` | `warn` | 進入 repo mapping / branch tag diff |
| `approval_required_event_v1.requested_action=run_gitea_readonly_inventory` | `approve_required` | 只允許 read-only token 或 redacted admin export不保存 token value |
| `local_git_remote_inventory_v1.status=partial` | `observe` | 補 server-side inventory不做主控切換 |
@@ -154,6 +154,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| wooo-aiops source control snapshot | `docs/security/source-control-wooo-aiops.snapshot.json` / `docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md` |
| Gitea repo inventory snapshot | `docs/security/gitea-repo-inventory.snapshot.json` |
| Gitea repo inventory 人讀版 | `docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md` |
| Gitea authenticated inventory export request | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| Gitea org endpoint blocked snapshot | `docs/security/gitea-org-repo-inventory-blocked.snapshot.json` / `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
| Gitea server-side inventory runbook | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
| Gitea read-only inventory approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |

9
docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md
View File

@@ -327,7 +327,7 @@ Schema`docs/schemas/security_mirror_status_rollup_v1.schema.json`
Snapshot`docs/security/security-mirror-status-rollup.snapshot.json`
目前 rollup`framework_ready_waiting_approval`35 個 contracts、32 ready、2 partial、1 contract-only、0 blockedapproval queue 仍為 8 items其中 7 pending approval、1 block candidatereview packets 8 筆state transition rules 5 筆follow-up runtime gate templates 8 筆active runtime gates 0 筆GitHub primary candidate repos 8 筆primary ready 0 筆S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆decision records 目前 0 筆。
目前 rollup`framework_ready_waiting_approval`35 個 contracts、32 ready、2 partial、1 contract-only、0 blockedapproval queue 仍為 8 items其中 7 pending approval、1 block candidatereview packets 8 筆state transition rules 5 筆follow-up runtime gate templates 8 筆active runtime gates 0 筆GitHub primary candidate repos 8 筆primary ready 0 筆S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、token value collection allowed=falseworkflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆decision records 目前 0 筆。
AwoooP 初期處理方式:只顯示階段狀態、下一個 gate 與禁止事項,可寫入 Audit evidence不得把 rollup 當 runtime authorization。
@@ -475,6 +475,8 @@ Schema`docs/schemas/gitea_repo_inventory_v1.schema.json`
AwoooP 初期處理方式:作為 migration matrix 的 read-only evidence`partial` 只代表 public-only 可見範圍,不得觸發 repo 建立、刪除、封存或 GitHub primary 切換。
S4.5 支援性請求:已新增 `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json``docs/security/gitea-authenticated-inventory-export-request.snapshot.json``docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md`。此請求不新增第 36 個主 contract而是補強 `gitea_repo_inventory_v1`:目前未認證公開範圍可見 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個;允許的來源只有只讀 token API 清冊或已脫敏管理匯出清冊;`token_value_collection_allowed=false``write_token_allowed=false``repo_write_allowed=false``refs_sync_allowed=false``github_primary_switch_authorized=false`
### `local_git_remote_inventory_v1`
用途:在 Gitea API 受阻時,盤點本機可見 Git working tree 的 remote URL找出仍指向 Gitea、GitHub、110 內部 Git 或 GitLab 類 remote 的專案。
@@ -811,6 +813,8 @@ Console 初期不提供高風險執行按鈕。
2026-05-13 S4.4 GitHub primary rollback ADR 追加:已新增 `docs/schemas/source_control_primary_rollback_adr_v1.schema.json``docs/security/source-control-primary-rollback-adr.snapshot.json``docs/security/SOURCE-CONTROL-PRIMARY-ROLLBACK-ADR.md`。本輪只定義 7 個 in-scope repos 的 rollback ADR 草案、precondition、trigger、validation window 與 owner review`owner_approved_count=0``dry_run_completed_count=0``active_cutover_count=0`,不得切 GitHub primary、不得執行 rollback、不得停用 Gitea。
2026-05-13 S4.5 Gitea 認證清冊匯出請求追加:已新增 `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json``docs/security/gitea-authenticated-inventory-export-request.snapshot.json``docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md`。本輪只定義 Gitea 私有 / 內部全量清冊的脫敏匯出請求;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;不得保存 token value、不得使用 write token、不得寫入 Gitea、不得建立或刪除 repo、不得 sync refs、不得切 GitHub primary。
2026-05-13 Kali 112 live 整合狀態追加:已在授權下登入 `192.168.0.112` 做 read-only 盤點與低風險更新,並新增 `docs/schemas/kali_integration_status_v1.schema.json``docs/security/kali-integration-status.snapshot.json``docs/security/KALI-INTEGRATION-STATUS.md`。Kali Scanner API `/health` healthy、`kali-scanner.service` active/enabled、node-exporter 與 wg-easy container up已 targeted update `nmap``nikto``nuclei``curl``openssl`、CA 套件,安裝 `jq`,時區改為 `Asia/Taipei`,更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence但不得直接啟動 scan、credentialed scan 或 `/execute`
本波仍不做:
@@ -843,6 +847,8 @@ Console 初期不提供高風險執行按鈕。
- [Gitea server-side inventory runbook](/Users/ogt/awoooi/docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md)
- [Gitea read-only inventory approval package](/Users/ogt/awoooi/docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md)
- [Gitea read-only inventory approval snapshot](/Users/ogt/awoooi/docs/security/gitea-readonly-inventory-approval.snapshot.json)
- [Gitea 認證清冊匯出請求](/Users/ogt/awoooi/docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md)
- [gitea_authenticated_inventory_export_request_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-authenticated-inventory-export-request.snapshot.json)
- [Gitea admin export redaction checklist](/Users/ogt/awoooi/docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md)
- [Gitea public repo search snapshot](/Users/ogt/awoooi/docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md)
- [gitea public repo search JSON](/Users/ogt/awoooi/docs/security/gitea-public-repo-search.snapshot.json)
@@ -898,6 +904,7 @@ Console 初期不提供高風險執行按鈕。
- [coding_task_v1 schema](/Users/ogt/awoooi/docs/schemas/coding_task_v1.schema.json)
- [source_control_migration_event_v1 schema](/Users/ogt/awoooi/docs/schemas/source_control_migration_event_v1.schema.json)
- [gitea_repo_inventory_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_repo_inventory_v1.schema.json)
- [gitea_authenticated_inventory_export_request_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json)
- [local_git_remote_inventory_v1 schema](/Users/ogt/awoooi/docs/schemas/local_git_remote_inventory_v1.schema.json)
- [github_target_probe_v1 schema](/Users/ogt/awoooi/docs/schemas/github_target_probe_v1.schema.json)
- [github_target_decision_v1 schema](/Users/ogt/awoooi/docs/schemas/github_target_decision_v1.schema.json)

2
docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md
View File

@@ -6,6 +6,7 @@
| 狀態 | 第一版,給 `gitea_repo_inventory_v1` 管理匯入使用 |
| 搭配文件 | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
| Approval | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
## 0. 允許保留的欄位
@@ -82,3 +83,4 @@ python3 scripts/security/gitea-repo-inventory.py \
3. `repo_count` 大於或等於 public-only repo count。
4. `repos[].clone_url_redacted``repos[].ssh_url_redacted` 不含帳密。
5. 下一步仍只更新 migration matrix不同步 refs、不建 repo、不切 primary。
6. 必須能解釋 public-only API 看到 2 個 repos、本機 Gitea remote 看到 4 個 unique Gitea repos 的 coverage gap。

98
docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md Normal file
View File

@@ -0,0 +1,98 @@
# Gitea 認證清冊匯出請求
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 狀態 | 草案,等待 owner 匯出 / 只讀批准 |
| 資料契約 | `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json` |
| 快照 | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
| 來源契約 | `gitea_repo_inventory_v1` |
| 模式 | `redacted_export_request_only` |
| 執行面授權 | `false` |
## 0. 核心結論
S4.5 把 Gitea 私有 / 內部全量 repo 清冊的下一步匯出請求正式文件化。
目前 `gitea_repo_inventory_v1` 仍是 `partial`:未認證 API / 公開搜尋只看到 2 個公開 repos但本機 remote 清冊至少看到 4 個 unique Gitea repos。因此不能宣告「Gitea 目前所有專案版本」已盤完,也不能開始 GitHub primary 切換。
本文件只定義兩條安全路徑:只讀 token API 清冊,或已脫敏的管理匯出清冊。兩者都不得保存 token value不得寫入 Gitea不得 sync refs不得切 GitHub primary。
## 1. 摘要
| 指標 | 數量 |
|------|------|
| Gitea 基礎 URL | `http://192.168.0.110:3001` |
| 組織 / 使用者 | `wooo` |
| 未認證公開範圍 repos | 2 |
| 本機可見 Gitea unique repos | 4 |
| 本機 Gitea 覆蓋缺口 | 2 |
| 匯出來源選項 | 2 |
| 目標狀態 | `gitea_repo_inventory_v1.status=ok` |
| 允許收集 token value | `false` |
| 允許 write token | `false` |
| 允許 repo 寫入 | `false` |
| 允許 refs sync | `false` |
| 授權切換 GitHub primary | `false` |
## 2. 匯出來源選項
| 選項 | 允許 | 禁止 |
|--------|------|------|
| 只讀 token API 清冊 | 使用 `GITEA_READONLY_TOKEN` 環境變數跑既有 inventory 工具;輸出只保存 `token_present=true` | 保存 token value、使用 write token、寫入 Gitea、sync refs |
| 已脫敏管理匯出清冊 | 匯入已脫敏 repo list JSON只保留 repo metadata | 匯入 DB dump、secret、webhook secret、deploy key private key、cookie、session |
## 3. 必要欄位
1. `full_name``owner.login + name`
2. `name`
3. `owner.login`
4. `private`
5. `archived`
6. `empty`
7. `default_branch`
8. `clone_url_redacted`
9. `ssh_url_redacted`
10. `github_repo_candidate`
## 4. 目前覆蓋缺口
| 缺口 | 現況 | 需要解決 |
|-----|------|----------|
| 未認證公開範圍 vs 本機 Gitea | API 只看到 `wooo/awoooi``wooo/ewoooc`;本機 remote 還看到 `wooo/clawbot-v5``wooo/wooo-aiops` | 認證清冊或 owner 證明必須解釋缺口 |
| Org endpoint 受阻 | `orgs/wooo/repos` 未認證查詢先前為 blocked / 404 | 不得把 404 解讀為沒有 private/internal repos |
| 110 內部相鄰來源 | 本機另看到 `bitan-pharmacy``root/momo-pro-system``tsenyang-website``wooo/wooo-infra-config` | Gitea inventory 完成後仍需 owner 判定是否納入 migration scope |
## 5. 驗收
1. `gitea_repo_inventory_v1.status=ok`
2. `visibility_scope=authenticated``visibility_scope=admin_export`
3. `repo_count` 大於或等於未認證公開範圍 repo count。
4. 必須解釋未認證公開範圍 2 個 repos 與本機可見 Gitea 4 個 repos 的差異。
5. 不含 token、password、secret value、webhook secret、deploy key private key、runner registration token、cookie、session。
6. 只更新 migration matrix、decision table、approval board 與 readiness gate。
7. 不建立 GitHub repo、不 sync refs、不切 primary。
## 6. AwoooP 可做
1. 顯示 S4.5 匯出請求與兩條安全來源路徑。
2. 顯示覆蓋缺口與 owner review lane。
3. 顯示 token value / write token / repo write / refs sync 全部禁止。
4. 把完成的脫敏匯出寫入 Audit evidence 等待人工 review。
5. 若 payload 含敏感值,送進 mirror 隔離。
## 7. AwoooP 不可做
1. 不要求使用者在 UI、對話或文件貼 token value。
2. 不保存 token value。
3. 不使用具寫入能力的 token。
4. 不寫入 Gitea。
5. 不建立、刪除、封存或修改 Gitea repo。
6. 不建立 GitHub repo、不 sync refs、不切 GitHub primary。
7. 不把清冊請求當成清冊已完成。
## 8. 階段定位
S4.5 只是把 Gitea 認證清冊的下一步請求、欄位、拒收規則與驗收 gate 定清楚。
這補的是「完整轉移 Gitea 目前所有專案版本到 GitHub」前的第一個資料缺口仍然停在框架期不進入執行、同步或主控切換。

4
docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md
View File

@@ -7,6 +7,7 @@
| 來源事件 | `gitea_repo_inventory_v1` |
| Approval event | `docs/security/gitea-readonly-inventory-approval.snapshot.json` |
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| 目的 | 補齊 Gitea private/internal server-side repo list |
| 原則 | 低摩擦、只讀、只盤 metadata、不保存 token value、不做同步或主控切換 |
@@ -25,6 +26,8 @@
此 approval package 的目的不是提高日常開發門檻,而是只保護「會接觸 token 或管理匯出」這一個邊界。取得全量清單後,後續仍先進入 evidence / matrix / draft plan不直接進入同步或阻擋。
S4.5 已補 `gitea_authenticated_inventory_export_request_v1`,把 read-only token API inventory 與 redacted admin export 的允許欄位、拒收欄位、coverage gap 與驗收 gate 正式文件化。批准前仍不得要求使用者貼 token value。
## 1. 申請批准的動作
| 動作 | 風險 | 批准後允許 | 仍然禁止 |
@@ -75,6 +78,7 @@ python3 scripts/security/gitea-repo-inventory.py \
| 可見範圍 | `visibility_scope=authenticated``admin_export` |
| 敏感資訊 | 不含 token、password、secret value、private key |
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` 已通過 |
| Coverage gap | public-only 2 repos 與 local Gitea 4 repos 的差異已解釋 |
| 後續動作 | 只更新 matrix / decision table不同步 refs |
## 5. 批准前不得做

3
docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md
View File

@@ -13,6 +13,7 @@
| HTTP status | `200` |
| Repo 數量 | `2` |
| 阻塞原因 | 未提供 token結果只代表公開可見 repoprivate/internal repos 仍需只讀 token 或管理匯出 |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
## Repo 清單
@@ -22,3 +23,5 @@
| `wooo/ewoooc` | `owenhytsai/ewoooc` | `main` | `False` | `False` |
> 注意:本檔由 read-only Gitea inventory 工具產生,不包含 API token 或 remote URL 帳密。
S4.5 已將 authenticated inventory / redacted admin export 的欄位、拒收規則與 coverage gap 驗收文件化;本 snapshot 仍是 `partial`,不得視為 server-side 全量。

3
docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md
View File

@@ -8,6 +8,7 @@
| 事件 | `gitea_repo_inventory_v1` |
| Approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo |
## 0. 核心結論
@@ -27,6 +28,8 @@
上述兩條非 public-only 路徑都必須先走 `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md`,不得在對話、文件或 LOGBOOK 中保存 token value。
S4.5 已補 `gitea_authenticated_inventory_export_request_v1`:正式要求 authenticated inventory 或 admin export 必須解釋 public-only 2 個 repos 與本機 Gitea remote 4 個 unique repos 的 coverage gap且輸出仍只能是 `gitea_repo_inventory_v1.status=ok` evidence。
## 1. Public-only 快照指令
```bash

9
docs/security/SECURITY-MIRROR-READINESS.md
View File

@@ -35,7 +35,7 @@
| Contract | 狀態 | 原因 | 下一步 |
|----------|------|------|--------|
| `security_finding_v1` | `partial_ready` | 目前只有 Kali sample snapshotruntime ingestion 尚未啟用 | 先 review `kali-finding-runtime-ingestion-approval-20260513` |
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidence | 先 review Gitea read-only inventory approval |
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidenceS4.5 已補認證清冊匯出請求,確認未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個 | 依 S4.5 請求用只讀 token API 或已脫敏管理匯出補全量清冊;不保存 token value |
| `coding_task_v1` | `contract_only` | 已有 schema 與 handoff prompt尚無正式 coding task snapshot | 等 code review 產生實際 task 後再 mirror |
## 2. AwoooP 鏡像目的地
@@ -82,8 +82,9 @@ AwoooP 可以將 ready / partial contracts mirror 到:
14. 再 mirror `security_followup_runtime_gate_v1`,只顯示 runtime gate 準備模板、preflight checks 與 rollback / disable requirement。
15. 再 mirror `source_control_primary_readiness_gate_v1`,只顯示 GitHub primary parity、owner、rollback 與人工批准缺口。
16. 再 mirror `source_control_primary_rollback_adr_v1`,只顯示 7 個 in-scope repo 的 rollback ADR 草案、validation window 與 owner review不執行 rollback、不切 primary。
17. 再 mirror `source_control_workflow_secret_name_inventory_v1`、S4.2 local evidence 與 S4.3 redacted export request只顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 local evidence 有 4 個 repos、31 個 workflow files、43 個 referenced secret namesexport request 有 7 個 repos、5 類 lanes不保存 secret value
18. 再 mirror `kali_integration_status_v1``kali_scan_scope_approval_v1`
19. 最後再 mirror source-control 其他 contracts
17. 再 mirror `gitea_repo_inventory_v1` 與 S4.5 認證清冊匯出請求,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口與只讀 / 管理脫敏匯出選項;不保存 token value、不寫 Gitea、不 sync refs
18. 再 mirror `source_control_workflow_secret_name_inventory_v1`、S4.2 local evidence 與 S4.3 redacted export request只顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 local evidence 有 4 個 repos、31 個 workflow files、43 個 referenced secret namesexport request 有 7 個 repos、5 類 lanes不保存 secret value
19. 再 mirror `kali_integration_status_v1``kali_scan_scope_approval_v1`
20. 最後再 mirror source-control 其他 contracts。
整個 S2 不新增 execution router、不新增執行按鈕、不新增 runtime blocker。

3
docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
View File

@@ -29,6 +29,7 @@
| Follow-up runtime gate templates | S3.4 已建立8 個 templates、0 個 active runtime gates |
| GitHub primary readiness gate | S4.0 已建立8 個 candidate repos、7 個 in-scope blocked、0 個 primary ready |
| GitHub primary rollback ADR | S4.4 已建立7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed、0 個 active cutover |
| Gitea inventory | S4.5 已補認證清冊匯出請求;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、允許收集 token value=false |
| Workflow / secret name inventory | S4.1 已建立S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidenceS4.3 補 7 個 repos、5 類 lanes 的 redacted export request0 個 inventory complete、禁止收集 secret value、禁止 write token |
| Dry-run | `contract_defined_not_executed` |
| Runtime actions | `false` |
@@ -58,7 +59,7 @@
1. redacted finding ingestion adapter。
2. safe web crawl scope。
3. Gitea private/internal read-only inventory。
3. Gitea private/internal read-only inventory:依 S4.5 認證匯出請求補全量清冊;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個,不保存 token value
4. GitHub target / owner / visibility / canonical。
5. Kali `/execute` 維持 block candidate。
6. GitHub primary readiness blockers 與 rollback ADR 缺口。

4
docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md
View File

@@ -39,7 +39,7 @@
| `security_mirror_status_rollup_v1` | mirror-only | AwoooP / Security Supply Chain 跨 Session 狀態總覽 | `security-mirror-status-rollup.snapshot.json` |
| `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot |
| `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi``clawbot-v5``wooo-aiops` |
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory | public-only / blocked endpoint snapshots |
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventoryS4.5 已補認證清冊匯出請求 | public-only / blocked endpoint / S4.5 export request snapshots |
| `local_git_remote_inventory_v1` | mirror-only | 本機 remote coverage | `local-git-remote-inventory.snapshot.json` |
| `github_target_probe_v1` | mirror-only | GitHub target visibility | `github-target-probe.snapshot.json` |
| `github_target_decision_v1` | mirror-only | GitHub target 決策 | `github-target-decision.snapshot.json` |
@@ -60,7 +60,7 @@
1. 先讀 `security_rollout_policy_v1`,確認目前仍是 `mirror_only`
2. 再讀本 manifest取得可消費 contract 與禁止動作。
3. 將 snapshot mirror 成 Runtime State / Channel Event / Audit evidence。
4. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display。
4. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求與覆蓋缺口,不得觸發 token collection 或 Gitea write
5. 不新增執行按鈕,不做 runtime enforcement。
## 3. 永久禁止

11
docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
View File

@@ -4,7 +4,7 @@
|------|------|
| 日期 | 2026-05-13 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + Gitea 認證清冊匯出請求 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -43,6 +43,7 @@
| S4.2 Workflow / Secret 名稱 local evidence | 完成草案 | 已建立 local read-only collector 與 snapshot7 個 local repos visible、4 個 local evidence repos、31 個 workflow files、43 個 referenced secret names、secret value detected=false | 補 webhook / deploy key / branch protection / repository secret parity 的 redacted evidence仍不可切 primary |
| S4.3 Workflow / Secret 名稱 redacted export request | 完成草案 | 已建立 export request schema / snapshot / 人讀版7 個 in-scope repos、5 類 export laneswebhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name paritywrite token allowed=false | repo owner 或未來只讀 API 依 request 補 redacted export仍不可收 secret value、不可修改 GitHub/Gitea |
| S4.4 GitHub Primary rollback ADR | 完成草案 | 已建立 rollback ADR schema / snapshot / 人讀版7 個 in-scope rollback drafts、0 owner approved、0 dry-run completed、0 active cutover | repo owner 審查 rollback owner、validation window 與 triggers仍不可切 primary 或執行 rollback |
| S4.5 Gitea 認證清冊匯出請求 | 完成草案 | 已建立匯出請求 schema / snapshot / 人讀版;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;允許收集 token value=false | repo owner 依只讀 token API 或已脫敏管理匯出補私有 / 內部全量 repo list仍不可保存 token、不可 write Gitea、不可 refs sync |
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證rollback ADR 仍待 owner approval | SHA/tag/workflow parity、rollback ADR owner approval 與 runtime gate |
## 1. 已建立的主要 evidence
@@ -55,6 +56,8 @@
| Gitea server-side inventory runbook | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
| Gitea read-only inventory approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
| Gitea read-only inventory approval JSON | `docs/security/gitea-readonly-inventory-approval.snapshot.json` |
| Gitea 認證清冊匯出請求 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| Gitea 認證清冊匯出請求 JSON | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
| Gitea 管理匯出 redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| Gitea org endpoint blocked evidence | `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
| Source-control migration matrix | `docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md` |
@@ -140,11 +143,11 @@
## 3. 下一階段建議
1. 等待 Gitea read-only inventory approval 被批准後,再用只讀 token 或管理匯出補 private/internal server-side 全量 repo list。
1. 依 S4.5 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` 取得 Gitea 認證清冊:目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list,不保存 token value
2.`SOURCE-CONTROL-APPROVAL-BOARD.md` 對 7 個 `approval_required=true` 的 GitHub target 做 owner / visibility / canonical 決策。
3.`SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md``awoooi``clawbot-v5``wooo-aiops` 做單 repo / 單 ref owner 判定;仍不得 push refs。
4.`ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
5.`KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`
6. AwoooP 主線先讀 `security_mirror_readiness_v1``security_mirror_intake_plan_v1``security_mirror_event_v1``security_mirror_route_v1``security_mirror_acceptance_v1``security_mirror_quarantine_v1``security_mirror_dry_run_v1``security_mirror_status_rollup_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 workflow / secret inventory 需同時顯示 S4.3 redacted export requestprimary readiness 需同時顯示 S4.4 rollback ADR 草案。
6. AwoooP 主線先讀 `security_mirror_readiness_v1``security_mirror_intake_plan_v1``security_mirror_event_v1``security_mirror_route_v1``security_mirror_acceptance_v1``security_mirror_quarantine_v1``security_mirror_dry_run_v1``security_mirror_status_rollup_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求,workflow / secret inventory 需同時顯示 S4.3 redacted export requestprimary readiness 需同時顯示 S4.4 rollback ADR 草案。
7. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy不做 runtime blocking。
8. AwoooP 主線再讀 `security_approval_queue_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1``security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason不新增 execution router。
8. AwoooP 主線再讀 `security_approval_queue_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1``security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason不新增 execution router。

168
docs/security/gitea-authenticated-inventory-export-request.snapshot.json Normal file
View File

@@ -0,0 +1,168 @@
{
"schema_version": "gitea_authenticated_inventory_export_request_v1",
"status": "draft_waiting_owner_export",
"date": "2026-05-13",
"mode": "redacted_export_request_only",
"runtime_execution_authorized": false,
"source_contract": "gitea_repo_inventory_v1",
"source_indexes": [
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/local-git-remote-inventory.snapshot.json",
"docs/security/gitea-readonly-inventory-approval.snapshot.json",
"docs/security/security-rollout-policy.snapshot.json"
],
"summary": {
"gitea_base_url": "http://192.168.0.110:3001",
"org_or_user": "wooo",
"public_only_repo_count": 2,
"local_gitea_unique_repo_count": 4,
"local_gitea_gap_count": 2,
"export_source_option_count": 2,
"target_inventory_status": "gitea_repo_inventory_v1.status=ok",
"token_value_collection_allowed": false,
"write_token_allowed": false,
"repo_write_allowed": false,
"refs_sync_allowed": false,
"github_primary_switch_authorized": false,
"action_buttons_allowed": false
},
"export_source_options": [
{
"option_id": "gitea_readonly_token_api_inventory",
"title": "Gitea read-only token API inventory",
"request_status": "waiting_human_approval_or_owner_export",
"producer": "repo owner or security commander runs existing read-only inventory tool",
"allowed_processing": [
"使用 `GITEA_READONLY_TOKEN` 環境變數執行 `scripts/security/gitea-repo-inventory.py`",
"輸出只保存 `token_present=true`,不保存 token value",
"只查 repo metadatafull name、owner、private、archived、empty、default branch、redacted clone / ssh URL",
"產出 `gitea_repo_inventory_v1.status=ok` snapshot 等待人工 review"
],
"blocked_processing": [
"把 token value 寫入文件、LOGBOOK、shell script、snapshot 或對話",
"使用 write-capable token",
"建立、刪除、封存或修改 Gitea repo",
"sync refs 或切 GitHub primary"
],
"acceptance_gate": [
"`visibility_scope=authenticated`",
"`status=ok`",
"`repo_count` 大於或等於 public-only repo count",
"owner 必須確認 read-only token 沒有 write / admin / secret scope",
"敏感字串掃描不得出現 token、password、private key、webhook secret 或 repository secret value"
],
"execution_authorized": false
},
{
"option_id": "gitea_redacted_admin_export_inventory",
"title": "Gitea redacted admin export inventory",
"request_status": "waiting_human_approval_or_owner_export",
"producer": "Gitea administrator exports repo metadata and redacts before import",
"allowed_processing": [
"匯入已脫敏的 repo list JSON",
"只保留 repo metadata不保留 secret、webhook、deploy key 或 token material",
"產出 `visibility_scope=admin_export` 與 `status=ok` 的 inventory snapshot",
"將 export 與 local remote inventory 做 coverage review"
],
"blocked_processing": [
"匯入 Gitea DB dump、完整 git object pack、private key 或 webhook secret",
"保存 API token、PAT、cookie、session、CSRF token",
"用管理匯出直接建立 GitHub repo 或同步 refs",
"把 admin export 當成 primary cutover approval"
],
"acceptance_gate": [
"`visibility_scope=admin_export`",
"`status=ok`",
"每筆 repo 都可識別 `full_name` 或 `owner.login + name`",
"每筆 repo 都有 `private`、`archived`、`empty` 與 `default_branch` metadata",
"所有 URL 必須 redacted且不含 username、password 或 token"
],
"execution_authorized": false
}
],
"required_inventory_fields": [
"full_name or owner.login + name",
"name",
"owner.login",
"private",
"archived",
"empty",
"default_branch",
"clone_url_redacted",
"ssh_url_redacted",
"github_repo_candidate"
],
"coverage_gap_hints": [
{
"gap_id": "public_only_vs_local_gitea_gap",
"title": "Public-only API 與本機 Gitea remote 覆蓋差異",
"current_evidence": [
"Public-only Gitea API 目前只看到 `wooo/awoooi` 與 `wooo/ewoooc`",
"本機 remote inventory 看到 4 個 unique Gitea repos`wooo/awoooi`、`wooo/clawbot-v5`、`wooo/ewoooc`、`wooo/wooo-aiops`",
"至少 `wooo/clawbot-v5` 與 `wooo/wooo-aiops` 需要 authenticated inventory 或 owner attestation 解釋"
],
"required_resolution": [
"authenticated inventory 或 admin export 必須包含這些 local-gitea repos或由 owner 明確標註為 external / legacy / inaccessible",
"缺口只能進 owner review不得自動建立、刪除或封存 repo"
],
"execution_authorized": false
},
{
"gap_id": "org_endpoint_blocked_gap",
"title": "Gitea org endpoint 未認證查詢 blocked",
"current_evidence": [
"`orgs/wooo/repos` 未認證查詢先前為 blocked / 404 evidence",
"`users/wooo/repos` 與 public search 都只代表 public-only 可見範圍"
],
"required_resolution": [
"用 read-only token 或 redacted admin export 確認 `wooo` 是 user、org 或混合來源",
"不得把未認證 404 解讀為沒有 private/internal repos"
],
"execution_authorized": false
},
{
"gap_id": "internal_110_adjacent_source_gap",
"title": "110 internal git adjacent source-control gap",
"current_evidence": [
"本機 remote inventory 另看到 internal 110 repos`bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config`",
"這些不等同 Gitea org inventory但會影響完整專案版本遷移"
],
"required_resolution": [
"Gitea authenticated inventory 完成後,仍需 owner 判定 internal 110 repos 是否屬於同一輪 GitHub migration scope",
"不得在 Gitea inventory request 中自動合併 internal 110 source"
],
"execution_authorized": false
}
],
"acceptance_rules": [
"S4.5 完成只代表 Gitea authenticated inventory export request 已定義,不代表 inventory 已取得。",
"真正完成 gate 必須讓 `gitea_repo_inventory_v1.status=ok`,且 `visibility_scope` 為 `authenticated` 或 `admin_export`。",
"export 必須能解釋 public-only repo count 2 與 local Gitea unique repo count 4 之間的 gap。",
"所有敏感值必須拒收並進 mirror quarantine。",
"通過 inventory gate 後仍只能更新 migration matrix、decision table、approval board 與 readiness gate不得同步 refs 或切 GitHub primary。"
],
"redaction_rules": [
"API token 只允許以 `token_present=true|false` 表示,不保存 value。",
"URL 必須移除 username、password、token 與 query secret只保留 redacted clone / ssh URL。",
"不得保存 webhook secret、repository secret value、deploy key private key、runner registration token、cookie、session 或 CSRF token。",
"不得保存 Gitea DB dump、完整 git object pack 或任何可還原 credentials 的 partial token。",
"任何含敏感值的 export 必須拒收,不得人工手改後直接入庫。"
],
"forbidden_actions": [
"store_token_value",
"use_write_capable_token",
"write_to_gitea",
"create_gitea_repo",
"delete_or_archive_gitea_repo",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"delete_git_refs",
"force_push",
"switch_github_primary",
"disable_gitea",
"add_action_button"
]
}

10
docs/security/security-mirror-readiness.snapshot.json
View File

@@ -232,10 +232,14 @@
"snapshot_paths": [
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json"
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json"
],
"human_docs": ["docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md"],
"notes": "目前仍是 public-only / blocked endpoint evidenceprivate/internal 全量需 approval。"
"human_docs": [
"docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md"
],
"notes": "目前仍是 public-only / blocked endpoint evidenceS4.5 已補 authenticated/admin export requestprivate/internal 全量需 approval。"
},
{
"contract": "local_git_remote_inventory_v1",

16
docs/security/security-mirror-status-rollup.snapshot.json
View File

@@ -19,6 +19,7 @@
"docs/security/security-approval-review-packet.snapshot.json",
"docs/security/security-approval-state-transition.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/source-control-primary-readiness-gate.snapshot.json",
"docs/security/source-control-primary-rollback-adr.snapshot.json",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
@@ -37,6 +38,11 @@
"approval_state_transition_rule_total": 5,
"followup_runtime_gate_template_total": 8,
"active_runtime_gate_count": 0,
"gitea_inventory_status": "partial_waiting_authenticated_inventory",
"gitea_inventory_public_only_repo_count": 2,
"gitea_inventory_local_gitea_repo_count": 4,
"gitea_inventory_export_source_option_count": 2,
"gitea_inventory_token_value_collection_allowed": false,
"primary_readiness_candidate_repo_count": 8,
"github_primary_ready_count": 0,
"primary_rollback_adr_repo_plan_count": 7,
@@ -69,8 +75,8 @@
{
"phase_id": "S1_readonly_inventory",
"state": "in_progress",
"current_result": "已完成多項 read-only evidenceGitea private/internal 全量 repo list 仍需批准後補齊。",
"next_gate": "只讀 token 或 redacted admin export approval。"
"current_result": "已完成多項 read-only evidenceS4.5 已補 Gitea authenticated/admin export request private/internal 全量 repo list 仍需批准後補齊。",
"next_gate": "只讀 token 或 redacted admin export owner approval;仍不得保存 token value。"
},
{
"phase_id": "S2_mirror_only_consumption",
@@ -87,7 +93,7 @@
{
"phase_id": "S4_migration_execution",
"state": "not_started",
"current_result": "GitHub primary 是長期方向source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary readyS4.1 已定義 workflow / secret 名稱 inventory 契約S4.2 已補 local evidenceS4.3 已補 redacted export requestS4.4 已補 7 個 in-scope repos 的 rollback ADR 草案owner_approved_count=0、dry_run_completed_count=0。",
"current_result": "GitHub primary 是長期方向source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary readyS4.1 已定義 workflow / secret 名稱 inventory 契約S4.2 已補 local evidenceS4.3 已補 redacted export requestS4.4 已補 rollback ADR 草案S4.5 已補 Gitea authenticated inventory export request但 inventory status 仍 partial。",
"next_gate": "Gitea authenticated inventory、refs truth、webhook / runner / deploy key / branch protection / repository secret parity redacted evidence、rollback ADR owner approval 與逐 repo 人工批准。"
}
],
@@ -179,6 +185,7 @@
"mode": "approval_required",
"source_contract": "gitea_repo_inventory_v1",
"allowed_processing": [
"顯示 S4.5 authenticated/admin export request 與 coverage gap",
"使用 read-only token 或 redacted admin export 補齊 repo list",
"只保存 token_present=true/false",
"更新 migration matrix 與 decision table"
@@ -286,7 +293,8 @@
"S4.1 只新增 workflow / secret 名稱 inventory 契約workflow_secret_inventory_complete_count=0secret_value_collection_allowed=false不新增 workflow、secret、repo、refs 或 primary switch action。",
"S4.2 只新增本機可見 workflow / CODEOWNERS / referenced secret name evidencelocal_evidence_repo_count=4、workflow_file_count=31、unique_secret_name_count=43secret_value_detected=false。",
"S4.3 只新增 redacted export request packageexport_request_count=7、export_lane_count=5、write_token_allowed=false不呼叫 API、不收 secret value、不修改 GitHub/Gitea 設定。",
"S4.4 只新增 GitHub primary rollback ADR 草案repo_rollback_plan_count=7、owner_approved_count=0、dry_run_completed_count=0、rollback_execution_authorized=false不切 primary、不執行 rollback。"
"S4.4 只新增 GitHub primary rollback ADR 草案repo_rollback_plan_count=7、owner_approved_count=0、dry_run_completed_count=0、rollback_execution_authorized=false不切 primary、不執行 rollback。",
"S4.5 只新增 Gitea authenticated inventory export requestpublic_only_repo_count=2、local_gitea_unique_repo_count=4、export_source_option_count=2、token_value_collection_allowed=false不使用 token、不寫入 Gitea、不 sync refs。"
],
"forbidden_actions": [
"start_kali_scan",

10
docs/security/security-supply-chain-contract-manifest.snapshot.json
View File

@@ -377,17 +377,19 @@
"snapshot_paths": [
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json"
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json"
],
"human_docs": [
"docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md",
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md"
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md"
],
"consumer": "AwoooP migration matrix evidence",
"consumption_mode": "mirror_only",
"allowed_actions": ["mirror_public_only_inventory", "create_readonly_inventory_approval_candidate"],
"allowed_actions": ["mirror_public_only_inventory", "create_readonly_inventory_approval_candidate", "display_authenticated_inventory_export_request"],
"forbidden_actions": ["store_token_value", "write_to_gitea", "delete_or_archive_repo"],
"notes": "目前是 partial/public_onlyprivate/internal 全量需批准後補齊。"
"notes": "目前是 partial/public_onlyS4.5 已補 authenticated/admin export requestprivate/internal 全量需批准後補齊。"
},
{
"contract": "local_git_remote_inventory_v1",

4
docs/security/source-control-primary-readiness-gate.snapshot.json
View File

@@ -13,6 +13,7 @@
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/source-control-primary-rollback-adr.snapshot.json",
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json"
],
@@ -40,11 +41,14 @@
],
"current_gap": [
"目前只有 public-only / blocked endpoint evidence",
"S4.5 已建立 authenticated/admin export request但尚未取得 `gitea_repo_inventory_v1.status=ok` evidence",
"public-only API 只看到 2 個 repos本機 remote inventory 看到 4 個 unique Gitea reposgap 仍待 owner 解釋",
"GITEA_READONLY_TOKEN 未提供",
"不得使用 write-capable credential 當 read-only token"
],
"allowed_now": [
"顯示 blocked reason",
"mirror S4.5 authenticated inventory export request",
"等待 read-only token 或 redacted admin export",
"更新 approval board 與 decision table"
],