{ "schema_version": "dependency_risk_policy_v1", "generated_at": "2026-06-04T20:30:12+08:00", "program_status": { "overall_completion_percent": 98, "current_priority": "P1", "current_task_id": "P1-204", "next_task_id": "P1-205", "read_only_mode": true }, "source_refs": [ "docs/evaluations/package_supply_chain_inventory_2026-06-04.json", "docs/evaluations/javascript_package_inventory_2026-06-04.json", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json", "apps/api/pyproject.toml", "apps/api/requirements.txt", "apps/web/package.json", "pnpm-lock.yaml", "apps/api/Dockerfile", "apps/web/Dockerfile" ], "risk_taxonomy": { "severity_levels": [ { "severity": "critical", "definition": "已批准外部查詢後,確認為 actively exploited / known exploited,且影響 production runtime、公開入口、憑證路徑、備份 / restore、AI Router 或資料完整性。", "default_gate": "OpenClaw 仲裁 + 人工批准 + 回滾方案;NemoTron 僅能提供離線比較建議。" }, { "severity": "high", "definition": "影響 runtime 或 build trust chain,可能導致不可重現 build、供應鏈污染、授權違規、digest / binary source 不可追溯,或 manifest 權威性衝突。", "default_gate": "OpenClaw 風險仲裁;Hermes 產生批准包;任何安裝、升級、rebuild、push 都需人工批准。" }, { "severity": "medium", "definition": "尚未造成已知 exploit,但會提高漂移、freshness、健康檢查、publish boundary 或 build-time network fetch 風險。", "default_gate": "Hermes 維持只讀追蹤;OpenClaw 決定是否升級為批准包。" }, { "severity": "low", "definition": "目前證據顯示一致或已被接受,但仍需排入週期性只讀監控。", "default_gate": "read-only monitor;不得自動變更。" } ], "statuses": [ "accepted", "action_required", "planned_next", "blocked" ], "policy_states": [ "monitor_only", "approval_package_required", "external_lookup_required", "blocked_until_approval" ] }, "rollups": { "total_rules": 12, "by_severity": { "critical": 1, "high": 5, "medium": 5, "low": 1 }, "by_status": { "action_required": 8, "planned_next": 3, "accepted": 1 }, "action_required_rule_ids": [ "python_manifest_authority_drift", "python_no_lockfile_reproducibility_gap", "js_caret_range_high_impact", "shared_types_publish_boundary", "docker_base_not_digest_pinned", "binary_source_without_checksum", "build_time_network_fetch_unpinned", "web_runtime_healthcheck_gap" ], "planned_next_rule_ids": [ "cve_critical_known_exploited", "cve_high_runtime_exposure", "license_strong_copyleft_or_unknown" ], "accepted_rule_ids": [ "js_lockfile_currently_in_sync" ] }, "severity_rules": [ { "rule_id": "cve_critical_known_exploited", "domain": "cve", "severity": "critical", "status": "planned_next", "trigger": "已批准外部 CVE / advisory 查詢後,確認依賴或 image 有 known exploited / actively exploited 記錄,且位於 production runtime 或公開入口鏈路。", "current_evidence": "本輪未查外部 CVE / advisory;只建立政策與批准邊界。", "required_gate": "external_lookup_approval + OpenClaw arbitration + HITL approval", "blocked_operations": [ "external_cve_lookup", "package_install", "package_upgrade", "lockfile_write", "docker_build", "image_pull", "image_rebuild", "registry_push", "production_routing" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 只做仲裁與批准包判定;不得自動修復或切流量。", "evidence_refs": [ "docs/evaluations/package_supply_chain_inventory_2026-06-04.json", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ], "next_action": "P1-205 建立外部 CVE / advisory data source 批准包,先定義來源、頻率、成本、速率與失敗告警。" }, { "rule_id": "cve_high_runtime_exposure", "domain": "cve", "severity": "high", "status": "planned_next", "trigger": "已批准外部查詢後,production/runtime dependency 或 base image 出現 high CVE,且缺少固定版本、digest、rollback 或 smoke gate。", "current_evidence": "本輪未查外部 CVE;Python / JS / Docker 只讀基線已建立。", "required_gate": "external_lookup_approval + upgrade_approval_package", "blocked_operations": [ "external_cve_lookup", "package_upgrade", "lockfile_write", "docker_build", "image_pull", "image_rebuild", "registry_push" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 判定 high CVE 是否需要升級包;Hermes 才能整理執行候選清單。", "evidence_refs": [ "docs/evaluations/package_supply_chain_inventory_2026-06-04.json", "docs/evaluations/javascript_package_inventory_2026-06-04.json", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ], "next_action": "P1-205 先建立 read-only freshness / advisory cadence;P1-206 才能產生升級批准包。" }, { "rule_id": "license_strong_copyleft_or_unknown", "domain": "license", "severity": "high", "status": "planned_next", "trigger": "已批准 license database 查詢後,production path 出現 AGPL / GPL 類強 copyleft、unknown license,或 package metadata 與 publish boundary 衝突。", "current_evidence": "本輪未查外部 license database;shared-types publish boundary 已標為 action_required。", "required_gate": "external_license_lookup_approval + legal_or_owner_review", "blocked_operations": [ "external_license_lookup", "package_install", "package_upgrade", "lockfile_write", "package_publish" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 決定 license 風險分級;NemoTron 可做離線比較與條款摘要,不得替代人工授權判定。", "evidence_refs": [ "packages/shared-types/package.json", "docs/evaluations/javascript_package_inventory_2026-06-04.json" ], "next_action": "P1-205 把 license source、cache、審核人與失敗告警寫進批准包。" }, { "rule_id": "python_manifest_authority_drift", "domain": "python", "severity": "high", "status": "action_required", "trigger": "同一 runtime 存在 pyproject.toml 與 requirements.txt,且依賴集合或版本下限不一致。", "current_evidence": "apps/api/pyproject.toml 與 apps/api/requirements.txt 不一致;Dockerfile 目前使用 pyproject + uv。", "required_gate": "manifest_authority_decision_package", "blocked_operations": [ "package_install", "package_upgrade", "requirements_delete", "lockfile_write", "docker_build" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 決定權威 manifest 與廢止策略;Hermes 只能整理差異與後續 PR 範本。", "evidence_refs": [ "apps/api/pyproject.toml", "apps/api/requirements.txt", "apps/api/Dockerfile", "docs/evaluations/package_supply_chain_inventory_2026-06-04.json" ], "next_action": "P1-206 產生 Python manifest authority / constraints 批准包。" }, { "rule_id": "python_no_lockfile_reproducibility_gap", "domain": "python", "severity": "medium", "status": "action_required", "trigger": "Python runtime / package surfaces 以 range constraints 為主,未發現 uv.lock、poetry.lock、Pipfile.lock 或等價 constraints policy。", "current_evidence": "P1-201 已確認 Python 6 個表面未形成完整 lockfile policy。", "required_gate": "reproducible_build_policy_package", "blocked_operations": [ "lockfile_write", "package_install", "package_upgrade", "docker_build" ], "owner_agent": "hermes", "role_contract": "Hermes 整理 constraints / lockfile 選項;OpenClaw 決定採用與否。", "evidence_refs": [ "apps/api/pyproject.toml", "packages/lewooogo-data/pyproject.toml", "packages/lewooogo-brain/pyproject.toml", "docs/evaluations/package_supply_chain_inventory_2026-06-04.json" ], "next_action": "P1-206 將 lockfile / constraints 策略納入升級批准包模板。" }, { "rule_id": "js_lockfile_currently_in_sync", "domain": "javascript", "severity": "low", "status": "accepted", "trigger": "pnpm-lock.yaml importer specifier 與 6 個 workspace package.json manifest 同步,missing、mismatch、extra 均為 0。", "current_evidence": "P1-202 已確認 manifest / lockfile drift 為 0。", "required_gate": "read_only_monitor", "blocked_operations": [ "pnpm_install", "npm_audit", "package_upgrade", "lockfile_write" ], "owner_agent": "hermes", "role_contract": "Hermes 維持只讀 drift 監控;不得因 accepted 狀態自動執行 install 或 audit。", "evidence_refs": [ "docs/evaluations/javascript_package_inventory_2026-06-04.json", "pnpm-lock.yaml" ], "next_action": "P1-205 建立週期性只讀 lockfile drift 檢查,不寫 lockfile。" }, { "rule_id": "js_caret_range_high_impact", "domain": "javascript", "severity": "medium", "status": "action_required", "trigger": "高影響 workspace 使用大量 caret range,雖然 lockfile 目前固定解析結果,但 version freshness、CVE 與 upgrade blast radius 尚未分級。", "current_evidence": "@awoooi/web 有 33 條 direct dependencies,其中 28 條使用 caret range;全 repo 44 條 caret specs。", "required_gate": "js_dependency_drift_policy_package", "blocked_operations": [ "pnpm_install", "npm_update", "npm_audit", "package_upgrade", "lockfile_write" ], "owner_agent": "hermes", "role_contract": "Hermes 追蹤 drift 與高影響套件清單;OpenClaw 決定升級候選是否進批准包。", "evidence_refs": [ "apps/web/package.json", "docs/evaluations/javascript_package_inventory_2026-06-04.json" ], "next_action": "P1-205 產生 Next / React / Sentry / Playwright / visualization 套件的 read-only freshness cadence。" }, { "rule_id": "shared_types_publish_boundary", "domain": "javascript", "severity": "medium", "status": "action_required", "trigger": "workspace package 未標記 private=true,且含 publishConfig access=public;需要確認是否為刻意 publish contract。", "current_evidence": "@awoooi/shared-types 未標記 private=true,publishConfig access=public。", "required_gate": "publish_boundary_approval_package", "blocked_operations": [ "package_publish", "package_metadata_change", "package_upgrade", "lockfile_write" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 仲裁 publish boundary;Hermes 只產生差異證據與 PR 範本。", "evidence_refs": [ "packages/shared-types/package.json", "docs/evaluations/javascript_package_inventory_2026-06-04.json" ], "next_action": "P1-206 產生 shared-types publish boundary 批准包。" }, { "rule_id": "docker_base_not_digest_pinned", "domain": "docker", "severity": "high", "status": "action_required", "trigger": "Dockerfile 使用 tag-pinned external images,但沒有 digest pin;base image freshness 與 rebuild provenance 不可追溯。", "current_evidence": "python:3.11-slim、node:20-alpine、ghcr.io/astral-sh/uv:0.6.9 均未 digest-pinned。", "required_gate": "image_digest_pin_approval_package", "blocked_operations": [ "image_pull", "docker_build", "image_rebuild", "registry_push", "production_routing" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 決定 digest pin 與 rebuild policy;Hermes 只能整理 Dockerfile 證據。", "evidence_refs": [ "apps/api/Dockerfile", "apps/web/Dockerfile", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ], "next_action": "P1-206 產生 base image digest pin / rollback / smoke gate 批准包。" }, { "rule_id": "binary_source_without_checksum", "domain": "docker", "severity": "high", "status": "action_required", "trigger": "Docker build-time binary 透過網路下載,但缺少 checksum / signature policy。", "current_evidence": "API Dockerfile 以 curl 下載 kubectl v1.29.0,未呈現 checksum / signature 驗證 policy。", "required_gate": "binary_source_verification_package", "blocked_operations": [ "docker_build", "image_rebuild", "registry_push" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 判定 binary source trust chain;Hermes 產生替代方案與驗證 gate。", "evidence_refs": [ "apps/api/Dockerfile", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ], "next_action": "P1-206 將 checksum / signature 驗證納入 image rebuild 批准包。" }, { "rule_id": "build_time_network_fetch_unpinned", "domain": "docker", "severity": "medium", "status": "action_required", "trigger": "Docker build 需要 apt-get、curl、corepack prepare 或 pnpm install 等 build-time network fetch,且外部來源白名單 / cache / 失敗告警尚未定義。", "current_evidence": "P1-203 已盤點 4 個 build-time network fetches。", "required_gate": "build_network_source_policy_package", "blocked_operations": [ "docker_build", "image_pull", "image_rebuild", "registry_push" ], "owner_agent": "hermes", "role_contract": "Hermes 整理外部來源、cache 與失敗模式;OpenClaw 決定 gate。", "evidence_refs": [ "apps/api/Dockerfile", "apps/web/Dockerfile", "pnpm-lock.yaml", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ], "next_action": "P1-205 建立 read-only build source freshness 檢查設計,不執行 build。" }, { "rule_id": "web_runtime_healthcheck_gap", "domain": "docker", "severity": "medium", "status": "action_required", "trigger": "Web runtime stage 缺少 Dockerfile HEALTHCHECK,需要確認 K8s probe 是否是唯一健康檢查來源。", "current_evidence": "P1-203 已確認 API 有 healthcheck,Web Dockerfile 未定義 HEALTHCHECK。", "required_gate": "runtime_health_contract_review", "blocked_operations": [ "docker_build", "image_rebuild", "production_routing" ], "owner_agent": "openclaw", "role_contract": "OpenClaw 決定 Dockerfile healthcheck 與 K8s probe contract;Hermes 只整理證據。", "evidence_refs": [ "apps/web/Dockerfile", "k8s/", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ], "next_action": "P1-206 或 P1-001 對齊 runtime health contract;不得直接改 image。" } ], "domain_policies": [ { "policy_id": "python_dependency_policy", "domain": "python", "status": "action_required", "owner_agent": "openclaw", "policy_summary": "Python 依賴先決定 pyproject / requirements 權威性與 lockfile / constraints 策略,再談升級;目前只允許 read-only diff。", "allowed_now": [ "read_only_manifest_diff", "read_only_policy_report" ], "blocked_now": [ "pip_install", "uv_sync", "requirements_delete", "lockfile_write", "docker_build" ], "required_next_gate": "P1-206 manifest authority approval package", "evidence_refs": [ "apps/api/pyproject.toml", "apps/api/requirements.txt", "docs/evaluations/package_supply_chain_inventory_2026-06-04.json" ] }, { "policy_id": "javascript_dependency_policy", "domain": "javascript", "status": "action_required", "owner_agent": "hermes", "policy_summary": "pnpm-lock.yaml 目前與 manifest 同步;後續只能做 read-only drift / freshness 報告,不執行 pnpm install、npm audit 或 lockfile rewrite。", "allowed_now": [ "read_only_lockfile_drift", "read_only_workspace_rollup" ], "blocked_now": [ "pnpm_install", "pnpm_update", "npm_audit", "package_upgrade", "lockfile_write", "package_publish" ], "required_next_gate": "P1-205 scheduled drift check design", "evidence_refs": [ "apps/web/package.json", "packages/shared-types/package.json", "pnpm-lock.yaml", "docs/evaluations/javascript_package_inventory_2026-06-04.json" ] }, { "policy_id": "docker_supply_chain_policy", "domain": "docker", "status": "action_required", "owner_agent": "openclaw", "policy_summary": "Docker build surface 必須先有 digest pin、binary checksum、build source cache 與 rollback policy;目前禁止 build / pull / push / rebuild。", "allowed_now": [ "read_only_dockerfile_inventory", "read_only_build_surface_report" ], "blocked_now": [ "docker_build", "image_pull", "image_rebuild", "registry_push", "production_routing" ], "required_next_gate": "P1-206 image rebuild approval package", "evidence_refs": [ "apps/api/Dockerfile", "apps/web/Dockerfile", "docs/evaluations/docker_build_surface_inventory_2026-06-04.json" ] }, { "policy_id": "external_source_policy", "domain": "external_sources", "status": "planned_next", "owner_agent": "openclaw", "policy_summary": "CVE、license、registry freshness 與 AI Agent 市場版本監控都必須先列出來源、成本、頻率、速率限制、cache、失敗告警與資料保留,再申請定期執行。", "allowed_now": [ "read_only_source_proposal", "offline_policy_comparison" ], "blocked_now": [ "external_cve_lookup", "external_license_lookup", "paid_api_call", "sdk_installation", "shadow_or_canary" ], "required_next_gate": "P1-205 external source approval package", "evidence_refs": [ "docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md", "docs/HARD_RULES.md" ] } ], "action_queue": [ { "task_id": "P1-205", "priority": "P1", "status": "planned_next", "owner_agent": "hermes", "title": "建立定期依賴漂移 / 外部資料來源檢查設計", "blocked_operations": [ "sdk_installation", "external_cve_lookup_without_approval", "external_license_lookup_without_approval", "package_install", "lockfile_write" ], "acceptance_criteria": [ "列出 CVE、license、registry freshness、AI Agent 市場版本監控來源", "定義頻率、cache、rate limit、失敗告警、資料保存與成本邊界", "只產生設計與 read-only API,不新增 SDK、不安裝套件、不呼叫付費 API" ] }, { "task_id": "P1-206", "priority": "P1", "status": "planned", "owner_agent": "openclaw", "title": "產生依賴升級 / digest pin / publish boundary 批准包模板", "blocked_operations": [ "package_upgrade", "lockfile_write", "docker_build", "image_rebuild", "registry_push", "package_publish" ], "acceptance_criteria": [ "批准包必須包含證據、風險分級、blast radius、rollback、測試與人工批准欄位", "NemoTron 僅提供離線比較建議,不做裁決或執行", "不得在模板建立時修改任何 manifest、lockfile、Dockerfile 或 registry 狀態" ] } ], "operation_boundaries": { "read_only_policy_allowed": true, "external_cve_lookup_allowed": false, "external_license_lookup_allowed": false, "package_installation_allowed": false, "package_upgrade_allowed": false, "lockfile_write_allowed": false, "docker_build_allowed": false, "image_pull_allowed": false, "image_rebuild_allowed": false, "registry_push_allowed": false, "paid_api_call_allowed": false, "shadow_or_canary_allowed": false, "production_routing_allowed": false }, "approval_boundaries": { "sdk_installation_allowed": false, "paid_api_call_allowed": false, "shadow_or_canary_allowed": false, "production_routing_allowed": false, "destructive_operation_allowed": false } }