{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "urn:awoooi:kali-scan-scope-approval-v1", "title": "AWOOOI Kali 掃描範圍批准包 (v1)", "description": "定義 Kali 112 可觀測資產、允許掃描深度、需人工批准的 gate 與 finding ingestion 邊界。初期只作為 approval-only / mirror-only 契約。", "type": "object", "required": [ "schema_version", "status", "date", "source_host", "mode", "scope_groups", "approval_gates", "finding_ingestion_policy", "still_forbidden" ], "properties": { "schema_version": { "const": "kali_scan_scope_approval_v1" }, "status": { "type": "string", "enum": ["draft_waiting_approval"] }, "date": { "type": "string" }, "source_host": { "type": "object", "required": ["asset_key", "ip", "role"], "properties": { "asset_key": {"type": "string"}, "ip": {"type": "string"}, "role": {"type": "string"} }, "additionalProperties": false }, "mode": { "type": "string", "enum": ["approval_only"] }, "scope_groups": { "type": "array", "minItems": 1, "items": { "type": "object", "required": [ "group_id", "title", "default_mode", "scan_level", "assets" ], "properties": { "group_id": {"type": "string"}, "title": {"type": "string"}, "default_mode": { "type": "string", "enum": ["observe", "warn", "approve_required", "block_candidate"] }, "scan_level": { "type": "string", "enum": [ "health_only", "passive", "safe_active", "active_dast", "credentialed", "execute", "maintenance" ] }, "assets": { "type": "array", "minItems": 1, "items": { "type": "object", "required": [ "asset_key", "target_type", "target", "environment", "owner_team", "allowed_scan_modes", "approval_required", "notes" ], "properties": { "asset_key": {"type": "string"}, "target_type": { "type": "string", "enum": [ "host", "website", "api_endpoint", "container", "package", "repo", "k8s_resource", "tool" ] }, "target": {"type": "string"}, "environment": { "type": "string", "enum": [ "prod", "staging", "dev", "infra", "monitoring", "source_control", "unknown" ] }, "owner_team": {"type": "string"}, "allowed_scan_modes": { "type": "array", "minItems": 1, "items": { "type": "string", "enum": [ "health_only", "passive_inventory", "tls_header_check", "basic_crawl", "unauthenticated_port_discovery", "safe_active_scan", "active_dast", "credentialed_scan", "execute_endpoint", "full_upgrade_reboot", "blocked" ] }, "uniqueItems": true }, "approval_required": {"type": "boolean"}, "notes": {"type": "string"} }, "additionalProperties": false } } }, "additionalProperties": false } }, "approval_gates": { "type": "array", "items": { "type": "object", "required": [ "gate_id", "requested_action", "risk", "required_reviewers", "blocked_until_approved", "evidence_refs" ], "properties": { "gate_id": {"type": "string"}, "requested_action": { "type": "string", "enum": [ "run_passive_inventory", "run_safe_active_scan", "run_active_dast", "run_credentialed_scan", "call_execute_endpoint", "ingest_findings_to_awooop_runtime", "change_firewall_or_network_policy", "run_full_upgrade_reboot" ] }, "risk": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] }, "required_reviewers": { "type": "array", "minItems": 1, "items": { "type": "string", "enum": [ "critic", "vuln-verifier", "migration-engineer", "security-commander", "human-owner" ] }, "uniqueItems": true }, "blocked_until_approved": { "type": "boolean", "const": true }, "evidence_refs": { "type": "array", "items": {"type": "string"} } }, "additionalProperties": false } }, "finding_ingestion_policy": { "type": "object", "required": [ "finding_contract", "consumption_mode", "redaction_required", "runtime_ingestion_status", "storage_landing", "awooop_allowed_actions", "awooop_forbidden_actions" ], "properties": { "finding_contract": {"type": "string"}, "consumption_mode": { "type": "string", "enum": ["mirror_only", "approval_only"] }, "redaction_required": {"type": "boolean"}, "runtime_ingestion_status": {"type": "string"}, "storage_landing": { "type": "array", "items": {"type": "string"} }, "awooop_allowed_actions": { "type": "array", "items": {"type": "string"} }, "awooop_forbidden_actions": { "type": "array", "items": {"type": "string"} } }, "additionalProperties": false }, "still_forbidden": { "type": "array", "items": {"type": "string"} } }, "additionalProperties": false }