{ "schema_version": "github_target_repo_approval_package_v1", "status": "draft", "source_snapshot": "docs/security/github-target-decision.snapshot.json", "package_count": 9, "approval_items": [ { "github_repo": "owenhytsai/awoooi", "source_key": "wooo/awoooi", "risk": "HIGH", "approval_action": "reconcile_refs_after_full_inventory", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "blocked_until": [ "Gitea server-side 全量 repo inventory status=ok", "branches/tags/workflows/webhooks/secrets 名稱 inventory 完成", "部署真相來源已決定", "GitHub primary ADR 與 rollback plan 完成" ], "allowed_after_approval": [ "產生 refs reconcile plan", "產生 draft migration PR 或 ADR", "更新 migration matrix 與 evidence" ], "still_forbidden": [ "直接 push refs", "直接切 GitHub primary", "直接停用 Gitea", "搬 secret value" ], "evidence_refs": [ "docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "Gitea/GitHub main SHA、branches、tags 未對齊,必須先做 reconcile plan。" }, { "github_repo": "owenhytsai/clawbot-v5", "source_key": "wooo/clawbot-v5", "risk": "MEDIUM", "approval_action": "reconcile_refs_after_full_inventory", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "human-owner" ], "blocked_until": [ "Gitea/GitHub main SHA 對齊或人工指定真相來源", "GitHub 缺 Gitea tag 的處理方式已決定" ], "allowed_after_approval": [ "產生 refs reconcile plan", "更新 migration matrix" ], "still_forbidden": [ "直接 push refs", "直接切 primary", "刪除任一端 repo" ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "GitHub repo 可見,但 main SHA 與 tag 狀態未對齊。" }, { "github_repo": "owenhytsai/wooo-aiops", "source_key": "wooo/wooo-aiops", "risk": "MEDIUM", "approval_action": "reconcile_refs_after_full_inventory", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "human-owner" ], "blocked_until": [ "Gitea/GitHub main SHA 對齊或人工指定真相來源", "GitHub-only branch 與 tags 的來源已釐清" ], "allowed_after_approval": [ "產生 refs reconcile plan", "更新 migration matrix" ], "still_forbidden": [ "直接 push refs", "直接切 primary", "刪除 GitHub-only refs" ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "GitHub tags 比 Gitea 多,需先釐清真相來源。" }, { "github_repo": "owenhytsai/wooo-infra-config", "source_key": "wooo/wooo-infra-config", "risk": "MEDIUM", "approval_action": "confirm_internal_remote_purpose", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "blocked_until": [ "110 internal remote 用途已確認", "若 110 remote 為舊主控,已降級或移除", "infra secrets 名稱 inventory 完成" ], "allowed_after_approval": [ "標記 110 remote 為 mirror、legacy 或 active source", "更新 canonical decision table" ], "still_forbidden": [ "直接刪除 remote", "直接同步 refs", "搬 infra secret value" ], "evidence_refs": [ "docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "GitHub 與本機 main 對齊,但 110 internal remote 不可讀,需判斷用途。" }, { "github_repo": "owenhytsai/ewoooc", "source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees", "risk": "HIGH", "approval_action": "create_or_grant_access_after_canonical_approval", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "blocked_until": [ "ewoooc/momo-pro-system canonical 關係人工確認", "server-side refs diff 完成", "GitHub repo owner 與 visibility 決策完成" ], "allowed_after_approval": [ "決定建立 GitHub repo 或授權既有 private repo", "產生 migration plan" ], "still_forbidden": [ "自動建立 mirror", "自動合併 unrelated histories", "刪除任一 momo/ewoooc working tree", "切 GitHub primary" ], "evidence_refs": [ "docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md", "docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "momo/ewoooc lineage sample 目前 unrelated,不能自動視為同 repo。" }, { "github_repo": "owenhytsai/bitan-pharmacy", "source_key": "bitan-pharmacy", "risk": "MEDIUM", "approval_action": "create_or_grant_access_after_canonical_approval", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "human-owner" ], "blocked_until": [ "確認 repo 是否仍 active", "GitHub repo owner 與 visibility 決策完成" ], "allowed_after_approval": [ "決定建立 GitHub repo 或授權既有 private repo", "產生 migration plan" ], "still_forbidden": [ "自動建立 repo", "自動 push refs", "刪除 110 remote" ], "evidence_refs": [ "docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "110 remote 與本機 main 對齊,可作 source candidate;GitHub target 未確認。" }, { "github_repo": "owenhytsai/tsenyang-website", "source_key": "tsenyang-website", "risk": "MEDIUM", "approval_action": "create_or_grant_access_after_canonical_approval", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "human-owner" ], "blocked_until": [ "確認 repo 是否仍 active", "GitHub repo owner 與 visibility 決策完成" ], "allowed_after_approval": [ "決定建立 GitHub repo 或授權既有 private repo", "產生 migration plan" ], "still_forbidden": [ "自動建立 repo", "自動 push refs", "刪除 110 remote" ], "evidence_refs": [ "docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "110 remote 與本機 main 對齊,可作 source candidate;GitHub target 未確認。" }, { "github_repo": "owenhytsai/VibeWork", "source_key": "vibework", "risk": "HIGH", "approval_action": "create_or_grant_access_after_product_boundary_approval", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "security-commander", "product-owner", "human-owner" ], "blocked_until": [ "VibeWork 產品 / repo / surface owner 與 canonical source 決策完成", "確認是否存在 private GitHub target 或需要建立候選 repo", "保留 VibeWork 獨立產品邊界,不得由 AWOOOI primary readiness 直接併入", "workflow / CODEOWNERS / deploy key / repository secret name parity owner response 完成" ], "allowed_after_approval": [ "決定授權既有 private target 或建立候選 GitHub repo 計畫", "補 repo / product / surface owner metadata", "更新 source-control primary readiness 的 VibeWork read-only 欄位" ], "still_forbidden": [ "自動建立 repo", "自動 push refs", "修改 workflow 或 CODEOWNERS", "搬移 secret value", "把 VibeWork 產品邊界併入 AWOOOI", "切 GitHub primary" ], "evidence_refs": [ "docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "GitHub unauthenticated probe 為 not_found_or_private;只能代表公開未授權看不到,不得視為 repo 不存在或可直接建立。VibeWork 仍維持獨立產品邊界。" }, { "github_repo": "owenhytsai/agent-bounty-protocol", "source_key": "agent-bounty-protocol", "risk": "HIGH", "approval_action": "create_or_grant_access_after_agent_runtime_boundary_approval", "approval_status": "pending", "required_reviewers": [ "migration-engineer", "security-commander", "product-owner", "treasury-owner", "human-owner" ], "blocked_until": [ "agent-bounty-protocol repo / deployment / external agent / treasury owner 決策完成", "確認是否存在 private GitHub target 或需要建立候選 repo", "A2A / MCP / bounty / treasury / payout / withdrawal runtime gate 維持 0", "branch protection / CODEOWNERS / repository secret name parity owner response 完成" ], "allowed_after_approval": [ "決定授權既有 private target 或建立候選 GitHub repo 計畫", "補 agent / bounty / treasury / execution surface owner metadata", "更新 source-control primary readiness 的 agent-bounty-protocol read-only 欄位" ], "still_forbidden": [ "自動建立 repo", "自動 push refs", "修改 workflow", "啟用 agent claim / submit / daemon", "執行 payout 或 withdrawal", "搬移 secret value", "切 GitHub primary" ], "evidence_refs": [ "docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/github-target-owner-decision-response.snapshot.json" ], "notes": "GitHub unauthenticated probe 為 not_found_or_private;只能代表公開未授權看不到,不得視為 repo 不存在或可直接建立。agent / bounty / treasury / execution surface 仍需 owner response。" } ] }