{ "changed_files": [ { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "docs/LOGBOOK.md", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "docs/security/HIGH-VALUE-CONFIG-CHANGE-GATE.md", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "docs/security/HIGH-VALUE-CONFIG-OWNER-PACKET.md", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "docs/security/high-value-config-change-gate.snapshot.json", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "docs/security/high-value-config-owner-packet.snapshot.json", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "scripts/security/high-value-config-change-gate.py", "strongest_priority": "P3", "strongest_tier": "C3" }, { "categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "matched": true, "path": "scripts/security/high-value-config-owner-packet.py", "strongest_priority": "P3", "strongest_tier": "C3" } ], "control_category_inventory": [ { "category_id": "nginx_public_gateway", "control_tier": "C0", "label": "Nginx / reverse proxy / public route", "path_patterns": [ "infra/ansible/roles/nginx/templates/*.j2", "infra/ansible/playbooks/nginx-sync.yml", "ops/nginx/**", "docs/runbooks/disaster-recovery/DR-Nginx.md" ], "priority": "P0", "required_gate": "public_gateway_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "rendered_diff", "nginx_t", "affected_route_smoke", "admin_route_smoke_if_affected", "acme_path_smoke_if_affected", "rollback_ref" ] }, { "category_id": "dns_tls_certbot", "control_tier": "C0", "label": "DNS / TLS / certbot / certificate path", "path_patterns": [ "docs/runbooks/REGISTRY-CERTBOT-188.md", "docs/runbooks/**/*CERTBOT*.md", "docs/runbooks/**/*TLS*.md", "ops/**/*cert*", "ops/**/*tls*", "infra/**/*cert*", "infra/**/*tls*", "k8s/**/*tls*" ], "priority": "P0", "required_gate": "domain_tls_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "domain_inventory", "certificate_path_check", "renewal_window", "acme_path_smoke", "public_https_smoke", "rollback_ref" ] }, { "category_id": "k8s_production_gitops", "control_tier": "C0", "label": "K8s / ArgoCD / production manifests", "path_patterns": [ "k8s/awoooi-prod/**", "k8s/argocd/**", "k8s/velero/**", "k8s/monitoring/**" ], "priority": "P0", "required_gate": "gitops_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "gitops_diff", "argocd_health_readback", "sync_authorization_check", "rollback_revision", "post_deploy_health_if_executed" ] }, { "category_id": "secret_metadata", "control_tier": "C0", "label": "Secret metadata / injection / redaction", "path_patterns": [ "k8s/**/*secret*", "k8s/**/*Secret*", ".gitea/workflows/*.yml", ".gitea/workflows/*.yaml", ".github/workflows/*.yml", ".github/workflows/*.yaml", "docs/runbooks/SECRETS-MANAGEMENT.md", "docs/security/SECRETS_REFERENCE.md" ], "priority": "P0", "required_gate": "secret_metadata_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "secret_name_parity", "metadata_only_check", "no_secret_value_check", "rotation_owner", "injection_readback_if_deployed" ] }, { "category_id": "gitea_workflow_runner_source_control", "control_tier": "C0", "label": "Gitea workflow / runner / deploy key / webhook / branch protection", "path_patterns": [ ".gitea/workflows/**", ".github/workflows/**", "ops/runner/**", "scripts/setup-runner*.sh", "scripts/**/*runner*", "docs/security/SOURCE-CONTROL-*", "docs/security/GITEA-*", "docs/security/GITHUB-*" ], "priority": "P0", "required_gate": "workflow_source_control_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "workflow_diff", "runner_label_owner", "deploy_key_metadata_only", "webhook_metadata_only", "branch_protection_metadata", "no_token_value_check" ] }, { "category_id": "public_admin_api_runtime_config", "control_tier": "C0", "label": "Public / admin / API / frontend runtime config", "path_patterns": [ "apps/web/next.config.*", "apps/web/src/lib/config.*", "apps/api/src/core/config.py", "apps/api/src/api/v1/monitoring.py", "apps/api/src/middleware/**", "apps/web/src/middleware.*" ], "priority": "P0", "required_gate": "public_runtime_config_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "public_url_check", "frontend_internal_ip_ban", "cors_boundary_check", "admin_auth_boundary_check", "desktop_mobile_smoke_if_frontend" ] }, { "category_id": "backup_restore_credential", "control_tier": "C0", "label": "Backup / restore / escrow / retention", "path_patterns": [ "scripts/backup/**", "k8s/velero/**", "docs/runbooks/disaster-recovery/**", "docs/runbooks/**/*RESTORE*.md", "docs/runbooks/**/*BACKUP*.md" ], "priority": "P0", "required_gate": "backup_restore_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "credential_absence_check", "restore_drill_gate", "retention_policy", "escrow_owner", "rollback_ref" ] }, { "category_id": "agent_bounty_protocol_runtime", "control_tier": "C0", "label": "agent-bounty-protocol runtime / MCP / A2A / treasury boundary", "path_patterns": [ "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json", "docs/schemas/agent_bounty_iwooos_onboarding_handoff_v1.schema.json", "agent-bounty-protocol/**" ], "priority": "P0", "required_gate": "agent_bounty_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "repo_owner_scope", "runtime_gate_false", "no_payout_or_treasury_execution", "no_mcp_a2a_runtime_execution", "redacted_evidence_refs_only" ] }, { "category_id": "monitoring_alerting_observability", "control_tier": "C1", "label": "Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse", "path_patterns": [ "ops/monitoring/**", "ops/alertmanager/**", "ops/grafana/**", "ops/signoz/**", "ops/sentry-self-hosted/**", "infra/langfuse/**", "k8s/monitoring/**" ], "priority": "P1", "required_gate": "monitoring_observability_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "rule_diff", "receiver_diff", "reload_gate", "failure_notification_policy", "public_route_smoke_if_affected" ] }, { "category_id": "docker_compose_systemd_host_config", "control_tier": "C1", "label": "Docker Compose / systemd / host service config", "path_patterns": [ "docker-compose*.yml", "docker-compose*.yaml", "ops/**/docker-compose*.yml", "ops/**/docker-compose*.yaml", "scripts/reboot-recovery/**", "scripts/**/*.service", "ops/**/*.service" ], "priority": "P1", "required_gate": "host_service_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "port_conflict_check", "volume_diff", "env_name_diff", "restart_window", "rollback_owner" ] }, { "category_id": "ssh_firewall_network_access", "control_tier": "C1", "label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort", "path_patterns": [ "infra/ansible/inventory/**", "infra/ansible/**/*known_hosts*", "infra/ansible/**/*ssh*", "scripts/**/*ssh*", "scripts/**/*known_hosts*", "ops/**/*wireguard*", "ops/**/*firewall*", "k8s/**/*network*", "k8s/**/*Network*" ], "priority": "P1", "required_gate": "network_access_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "target_whitelist", "host_key_policy", "ingress_egress_matrix", "rollback_owner", "maintenance_window" ] }, { "category_id": "ai_provider_model_routing", "control_tier": "C1", "label": "AI provider / model routing / Ollama proxy / cost and privacy", "path_patterns": [ "apps/api/src/services/ai_providers/**", "apps/api/src/services/**/*model*", "apps/api/src/services/**/*provider*", "infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2", "docs/ai/**", "docs/**/*Ollama*" ], "priority": "P1", "required_gate": "ai_provider_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "dry_run", "benchmark", "cost_review", "privacy_review", "fallback_order_check" ] }, { "category_id": "product_surface_runtime_routes", "control_tier": "C2", "label": "AWOOOI / AwoooP / IwoooS / VibeWork / other product runtime routes", "path_patterns": [ "apps/web/src/app/**", "apps/web/messages/*.json", "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/vibework-iwooos-onboarding-handoff.snapshot.json" ], "priority": "P2", "required_gate": "product_surface_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "product_boundary_check", "i18n_traditional_chinese_check", "no_internal_transcript_check", "desktop_mobile_smoke_if_frontend" ] }, { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "path_patterns": [ "docs/security/**", "docs/schemas/**", "scripts/security/**", "docs/LOGBOOK.md" ], "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "diff": { "base": null, "changed_file_count": 8, "head": "HEAD" }, "execution_boundaries": { "active_scan_executed": false, "dns_tls_modified": false, "host_write_executed": false, "nginx_reload_executed": false, "runtime_deploy_executed": false, "runtime_gate_opened": false, "secret_value_collected": false, "ssh_executed": false, "workflow_modified": false }, "generated_at": "2026-06-11T13:00:00+08:00", "git_commit": "ccf87213", "impacted_categories": [ { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "mode": "classification_only", "next_steps": [ "若 impacted_c0_category_count > 0,先建立 owner response packet,不得直接 reload、deploy、sync 或修改主機。", "owner response 必須包含 owner role / team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan。", "若只有 C3 security evidence / tooling,仍需跑 guard 與 doc secret sanity,但不得藉此提高 runtime gate。" ], "owner_evidence_validation": { "complete": false, "invalid_false_flags": [], "missing_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "note": "未提供 owner response evidence;本階段只能分類,不得執行 runtime 變更。", "provided": false }, "required_false_flags": [ "runtime_execution_authorized", "host_write_authorized", "secret_value_collection_allowed", "workflow_modification_authorized", "runner_change_authorized", "refs_sync_authorized", "force_push_authorized", "active_scan_authorized", "action_buttons_allowed" ], "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "schema_version": "high_value_config_change_gate_v1", "summary": { "changed_file_count": 8, "impacted_c0_category_count": 0, "impacted_c1_category_count": 0, "impacted_category_count": 1, "matched_high_value_file_count": 8, "owner_evidence_complete": false, "owner_evidence_provided": false, "runtime_execution_authorized": false, "strongest_priority": "P3", "strongest_tier": "C3" } }