{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "urn:awoooi:security-followup-runtime-gate-v1", "title": "資安供應鏈後續 Runtime Gate 準備契約 v1", "description": "定義 Security Supply Chain 在 approve_scope 之後,若未來要進入 runtime gate,AwoooP 需要顯示哪些前置條件。此契約只做準備,不授權 runtime execution。", "type": "object", "required": [ "schema_version", "status", "date", "mode", "runtime_execution_authorized", "source_indexes", "summary", "gate_templates", "gate_rules", "forbidden_actions" ], "properties": { "schema_version": { "const": "security_followup_runtime_gate_v1" }, "status": { "type": "string", "enum": ["draft"] }, "date": { "type": "string" }, "mode": { "type": "string", "enum": ["runtime_gate_preparation_only"] }, "runtime_execution_authorized": { "type": "boolean", "const": false }, "source_indexes": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "summary": { "type": "object", "required": [ "total_gate_templates", "active_runtime_gates", "approved_scope_count", "runtime_actions_authorized", "action_buttons_allowed", "raw_secret_storage_authorized" ], "properties": { "total_gate_templates": { "type": "integer", "minimum": 0 }, "active_runtime_gates": { "type": "integer", "minimum": 0 }, "approved_scope_count": { "type": "integer", "minimum": 0 }, "runtime_actions_authorized": { "type": "boolean", "const": false }, "action_buttons_allowed": { "type": "boolean", "const": false }, "raw_secret_storage_authorized": { "type": "boolean", "const": false } }, "additionalProperties": false }, "gate_templates": { "type": "array", "minItems": 1, "items": { "type": "object", "required": [ "template_id", "source_packet_id", "source_gate_id", "action_family", "risk", "gate_state", "applies_after_decision", "minimum_required_evidence", "required_reviewers", "preflight_checks", "allowed_pre_runtime_artifacts", "rollback_or_disable_requirement", "still_forbidden", "execution_authorized" ], "properties": { "template_id": { "type": "string" }, "source_packet_id": { "type": "string" }, "source_gate_id": { "type": "string" }, "action_family": { "type": "string", "enum": [ "redacted_finding_ingestion", "safe_web_crawl_scope", "gitea_readonly_inventory", "github_target_decision", "ref_truth_review", "credentialed_scan_exception", "kali_full_upgrade_reboot_window", "kali_execute_endpoint_exception" ] }, "risk": { "type": "string", "enum": ["MEDIUM", "HIGH", "CRITICAL"] }, "gate_state": { "type": "string", "enum": ["template_only_not_active", "waiting_approved_scope", "blocked_by_default"] }, "applies_after_decision": { "type": "string", "enum": ["approve_scope", "keep_blocked"] }, "minimum_required_evidence": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "required_reviewers": { "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "preflight_checks": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "allowed_pre_runtime_artifacts": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "rollback_or_disable_requirement": { "type": "string" }, "still_forbidden": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "execution_authorized": { "type": "boolean", "const": false } }, "additionalProperties": false } }, "gate_rules": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "forbidden_actions": { "type": "array", "items": { "type": "string" }, "minItems": 1 } }, "additionalProperties": false }