{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "urn:awoooi:security-approval-gate-v1", "title": "資安供應鏈人工批准 Gate 契約 v1", "description": "定義 Security Supply Chain 進入 S3 時，AwoooP 如何顯示、記錄與限制人工批准。此契約不授權 runtime execution。", "type": "object", "required": [ "schema_version", "status", "date", "mode", "runtime_execution_authorized", "source_indexes", "summary", "gate_items", "decision_recording_rules", "forbidden_actions" ], "properties": { "schema_version": { "const": "security_approval_gate_v1" }, "status": { "type": "string", "enum": ["draft"] }, "date": { "type": "string" }, "mode": { "type": "string", "enum": ["approval_gate_only"] }, "runtime_execution_authorized": { "type": "boolean", "const": false }, "source_indexes": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "summary": { "type": "object", "required": [ "total_gate_items", "pending_human_decision_count", "block_candidate_count", "approved_count", "runtime_actions_authorized", "immediate_execution_after_approval_allowed", "raw_secret_storage_authorized" ], "properties": { "total_gate_items": { "type": "integer", "minimum": 0 }, "pending_human_decision_count": { "type": "integer", "minimum": 0 }, "block_candidate_count": { "type": "integer", "minimum": 0 }, "approved_count": { "type": "integer", "minimum": 0 }, "runtime_actions_authorized": { "type": "boolean", "const": false }, "immediate_execution_after_approval_allowed": { "type": "boolean", "const": false }, "raw_secret_storage_authorized": { "type": "boolean", "const": false } }, "additionalProperties": false }, "gate_items": { "type": "array", "minItems": 1, "items": { "type": "object", "required": [ "gate_id", "source_queue_item_id", "source_contract", "risk", "gate_state", "approval_scope", "required_reviewers", "decision_options", "allowed_after_approval", "still_forbidden", "requires_followup_runtime_gate", "evidence_refs" ], "properties": { "gate_id": { "type": "string" }, "source_queue_item_id": { "type": "string" }, "source_contract": { "type": "string" }, "risk": { "type": "string", "enum": ["MEDIUM", "HIGH", "CRITICAL"] }, "gate_state": { "type": "string", "enum": ["pending_human_decision", "block_candidate", "approved", "rejected", "expired"] }, "approval_scope": { "type": "string", "enum": [ "design_or_draft_only", "read_only_inventory_only", "low_noise_scan_scope_only", "manual_exception_only", "blocked_by_default" ] }, "required_reviewers": { "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "decision_options": { "type": "array", "items": { "type": "string", "enum": ["approve_scope", "reject", "defer", "request_more_evidence", "keep_blocked"] }, "minItems": 1 }, "allowed_after_approval": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "still_forbidden": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "requires_followup_runtime_gate": { "type": "boolean", "const": true }, "evidence_refs": { "type": "array", "items": { "type": "string" }, "minItems": 1 } }, "additionalProperties": false } }, "decision_recording_rules": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "forbidden_actions": { "type": "array", "items": { "type": "string" }, "minItems": 1 } }, "additionalProperties": false }