# Source Control Approval Board | 項目 | 內容 | |------|------| | 日期 | 2026-06-11 | | 狀態 | `draft` | | 預設模式 | `mirror_only` | | authenticated inventory gate | `blocked` | | gate 原因 | GITEA_READONLY_TOKEN 未提供,且不使用可 push 的既有 remote credential 當 read-only token;server-side private/internal repo list 仍未完成。 | | GitHub target owner response | `docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md` | | repo items | 10 | | pending approval | 9 | ## 0. 核心原則 本 board 只整理決策,不授權執行。AwoooP 可以 mirror 成 approval candidate,但不得建立 repo、修改 visibility、同步 refs、切 GitHub primary 或保存 credential value。 S4.10 已補 1 個 GitHub target owner response request packet、9 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 9 個 owner decision response templates;目前 received / accepted response 皆為 0。 ## 1. 逐 repo 決策隊列 | GitHub repo | Lane | Risk | Probe | Approval | 下一步 | |-------------|------|------|-------|----------|--------| | `owenhytsai/awoooi` | `refs_reconcile` | `HIGH` | `exists` | `pending` | 先產生 draft reconcile plan,不 push refs、不切 primary。 | | `owenhytsai/clawbot-v5` | `refs_reconcile` | `MEDIUM` | `exists` | `pending` | 先產生 draft reconcile plan,不 push refs、不切 primary。 | | `owenhytsai/wooo-aiops` | `refs_reconcile` | `MEDIUM` | `exists` | `pending` | 先產生 draft reconcile plan,不 push refs、不切 primary。 | | `owenhytsai/wooo-infra-config` | `internal_remote_purpose` | `MEDIUM` | `exists` | `pending` | 先文件化用途與風險,不刪除 remote、不同步 refs。 | | `owenhytsai/ewoooc` | `target_creation_or_access` | `HIGH` | `not_found_or_private` | `pending` | 先取得 owner / visibility 決策,不自動建立 repo。 | | `owenhytsai/bitan-pharmacy` | `target_creation_or_access` | `MEDIUM` | `not_found_or_private` | `pending` | 先取得 owner / visibility 決策,不自動建立 repo。 | | `owenhytsai/tsenyang-website` | `target_creation_or_access` | `MEDIUM` | `not_found_or_private` | `pending` | 先取得 owner / visibility 決策,不自動建立 repo。 | | `nexu-io/open-design` | `scope_review` | `LOW` | `exists` | `not_required` | 只標記 scope review,不納入主控切換。 | | `owenhytsai/VibeWork` | `target_creation_or_access` | `HIGH` | `not_found_or_private` | `pending` | 先取得 owner / visibility 決策,不自動建立 repo。 | | `owenhytsai/agent-bounty-protocol` | `target_creation_or_access` | `HIGH` | `not_found_or_private` | `pending` | 先取得 owner / visibility 決策,不自動建立 repo。 | ## 2. 詳細阻塞點 ### owenhytsai/awoooi - Source key:`wooo/awoooi` - Required decision:決定 Gitea / GitHub refs 真相來源,並批准只產生 reconcile plan。 - AwoooP consumption:`approval_candidate` - Blocked until: - Gitea server-side 全量 repo inventory status=ok - branches/tags/workflows/webhooks/secrets 名稱 inventory 完成 - 部署真相來源已決定 - GitHub primary ADR 與 rollback plan 完成 - Still forbidden: - 直接 push refs - 直接切 GitHub primary - 直接停用 Gitea - 搬 secret value - Evidence refs: - `docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md` - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/clawbot-v5 - Source key:`wooo/clawbot-v5` - Required decision:決定 Gitea / GitHub refs 真相來源,並批准只產生 reconcile plan。 - AwoooP consumption:`approval_candidate` - Blocked until: - Gitea/GitHub main SHA 對齊或人工指定真相來源 - GitHub 缺 Gitea tag 的處理方式已決定 - Still forbidden: - 直接 push refs - 直接切 primary - 刪除任一端 repo - Evidence refs: - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/wooo-aiops - Source key:`wooo/wooo-aiops` - Required decision:決定 Gitea / GitHub refs 真相來源,並批准只產生 reconcile plan。 - AwoooP consumption:`approval_candidate` - Blocked until: - Gitea/GitHub main SHA 對齊或人工指定真相來源 - GitHub-only branch 與 tags 的來源已釐清 - Still forbidden: - 直接 push refs - 直接切 primary - 刪除 GitHub-only refs - Evidence refs: - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/wooo-infra-config - Source key:`wooo/wooo-infra-config` - Required decision:決定 110 internal remote 是 active source、legacy mirror 或應降級。 - AwoooP consumption:`approval_candidate` - Blocked until: - 110 internal remote 用途已確認 - 若 110 remote 為舊主控,已降級或移除 - infra secrets 名稱 inventory 完成 - Still forbidden: - 直接刪除 remote - 直接同步 refs - 搬 infra secret value - Evidence refs: - `docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md` - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/ewoooc - Source key:`wooo/ewoooc / root/momo-pro-system / momo working trees` - Required decision:決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。 - AwoooP consumption:`approval_candidate` - Blocked until: - ewoooc/momo-pro-system canonical 關係人工確認 - server-side refs diff 完成 - GitHub repo owner 與 visibility 決策完成 - Still forbidden: - 自動建立 mirror - 自動合併 unrelated histories - 刪除任一 momo/ewoooc working tree - 切 GitHub primary - Evidence refs: - `docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md` - `docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md` - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/bitan-pharmacy - Source key:`bitan-pharmacy` - Required decision:決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。 - AwoooP consumption:`approval_candidate` - Blocked until: - 確認 repo 是否仍 active - GitHub repo owner 與 visibility 決策完成 - Still forbidden: - 自動建立 repo - 自動 push refs - 刪除 110 remote - Evidence refs: - `docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/tsenyang-website - Source key:`tsenyang-website` - Required decision:決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。 - AwoooP consumption:`approval_candidate` - Blocked until: - 確認 repo 是否仍 active - GitHub repo owner 與 visibility 決策完成 - Still forbidden: - 自動建立 repo - 自動 push refs - 刪除 110 remote - Evidence refs: - `docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/github-target-probe.snapshot.json` ### nexu-io/open-design - Source key:`open-design` - Required decision:決定此 repo 是否屬於 AWOOOI 資安供應鏈範圍。 - AwoooP consumption:`scope_review_only` - Blocked until: - 確認是否屬於 AWOOOI 資安網範圍 - Still forbidden: - auto_execute - sync_refs - switch_primary - Evidence refs: - `docs/security/github-target-probe.snapshot.json` ### owenhytsai/VibeWork - Source key:`vibework` - Required decision:決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。 - AwoooP consumption:`approval_candidate` - Blocked until: - VibeWork 產品 / repo / surface owner 與 canonical source 決策完成 - 確認是否存在 private GitHub target 或需要建立候選 repo - 保留 VibeWork 獨立產品邊界,不得由 AWOOOI primary readiness 直接併入 - workflow / CODEOWNERS / deploy key / repository secret name parity owner response 完成 - Still forbidden: - 自動建立 repo - 自動 push refs - 修改 workflow 或 CODEOWNERS - 搬移 secret value - 把 VibeWork 產品邊界併入 AWOOOI - 切 GitHub primary - Evidence refs: - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/source-control-primary-readiness-gate.snapshot.json` - `docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json` ### owenhytsai/agent-bounty-protocol - Source key:`agent-bounty-protocol` - Required decision:決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。 - AwoooP consumption:`approval_candidate` - Blocked until: - agent-bounty-protocol repo / deployment / external agent / treasury owner 決策完成 - 確認是否存在 private GitHub target 或需要建立候選 repo - A2A / MCP / bounty / treasury / payout / withdrawal runtime gate 維持 0 - branch protection / CODEOWNERS / repository secret name parity owner response 完成 - Still forbidden: - 自動建立 repo - 自動 push refs - 修改 workflow - 啟用 agent claim / submit / daemon - 執行 payout 或 withdrawal - 搬移 secret value - 切 GitHub primary - Evidence refs: - `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` - `docs/security/github-target-owner-decision-response.snapshot.json` - `docs/security/source-control-primary-readiness-gate.snapshot.json` - `docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json` ## 3. Gate 前允許做的事 1. 更新 read-only evidence。 2. 更新 approval board / decision table。 3. 寫 draft reconcile plan。 4. 把 pending approval mirror 到 AwoooP。 ## 4. Gate 前仍禁止 - 使用 write-capable credential 當作 read-only token - 建立 GitHub repo - 修改 repo visibility - sync refs - switch GitHub primary