{ "allowed_decisions": [ "confirm", "defer", "reject", "request_more_evidence" ], "canonical_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "control_category_inventory": [ { "category_id": "nginx_public_gateway", "control_tier": "C0", "label": "Nginx / reverse proxy / public route", "path_patterns": [ "infra/ansible/roles/nginx/templates/*.j2", "infra/ansible/playbooks/nginx-sync.yml", "ops/nginx/**", "docs/runbooks/disaster-recovery/DR-Nginx.md" ], "priority": "P0", "required_gate": "public_gateway_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "rendered_diff", "nginx_t", "affected_route_smoke", "admin_route_smoke_if_affected", "acme_path_smoke_if_affected", "rollback_ref" ] }, { "category_id": "dns_tls_certbot", "control_tier": "C0", "label": "DNS / TLS / certbot / certificate path", "path_patterns": [ "docs/runbooks/REGISTRY-CERTBOT-188.md", "docs/runbooks/**/*CERTBOT*.md", "docs/runbooks/**/*TLS*.md", "ops/**/*cert*", "ops/**/*tls*", "infra/**/*cert*", "infra/**/*tls*", "k8s/**/*tls*" ], "priority": "P0", "required_gate": "domain_tls_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "domain_inventory", "certificate_path_check", "renewal_window", "acme_path_smoke", "public_https_smoke", "rollback_ref" ] }, { "category_id": "k8s_production_gitops", "control_tier": "C0", "label": "K8s / ArgoCD / production manifests", "path_patterns": [ "k8s/awoooi-prod/**", "k8s/argocd/**", "k8s/velero/**", "k8s/monitoring/**" ], "priority": "P0", "required_gate": "gitops_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "gitops_diff", "argocd_health_readback", "sync_authorization_check", "rollback_revision", "post_deploy_health_if_executed" ] }, { "category_id": "secret_metadata", "control_tier": "C0", "label": "Secret metadata / injection / redaction", "path_patterns": [ "k8s/**/*secret*", "k8s/**/*Secret*", ".gitea/workflows/*.yml", ".gitea/workflows/*.yaml", ".github/workflows/*.yml", ".github/workflows/*.yaml", "docs/runbooks/SECRETS-MANAGEMENT.md", "docs/security/SECRETS_REFERENCE.md" ], "priority": "P0", "required_gate": "secret_metadata_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "secret_name_parity", "metadata_only_check", "no_secret_value_check", "rotation_owner", "injection_readback_if_deployed" ] }, { "category_id": "gitea_workflow_runner_source_control", "control_tier": "C0", "label": "Gitea workflow / runner / deploy key / webhook / branch protection", "path_patterns": [ ".gitea/workflows/**", ".github/workflows/**", "ops/runner/**", "scripts/setup-runner*.sh", "scripts/**/*runner*", "docs/security/SOURCE-CONTROL-*", "docs/security/GITEA-*", "docs/security/GITHUB-*" ], "priority": "P0", "required_gate": "workflow_source_control_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "workflow_diff", "runner_label_owner", "deploy_key_metadata_only", "webhook_metadata_only", "branch_protection_metadata", "no_token_value_check" ] }, { "category_id": "public_admin_api_runtime_config", "control_tier": "C0", "label": "Public / admin / API / frontend runtime config", "path_patterns": [ "apps/web/next.config.*", "apps/web/src/lib/config.*", "apps/api/src/core/config.py", "apps/api/src/api/v1/monitoring.py", "apps/api/src/middleware/**", "apps/web/src/middleware.*" ], "priority": "P0", "required_gate": "public_runtime_config_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "public_url_check", "frontend_internal_ip_ban", "cors_boundary_check", "admin_auth_boundary_check", "desktop_mobile_smoke_if_frontend" ] }, { "category_id": "backup_restore_credential", "control_tier": "C0", "label": "Backup / restore / escrow / retention", "path_patterns": [ "scripts/backup/**", "k8s/velero/**", "docs/runbooks/disaster-recovery/**", "docs/runbooks/**/*RESTORE*.md", "docs/runbooks/**/*BACKUP*.md" ], "priority": "P0", "required_gate": "backup_restore_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "credential_absence_check", "restore_drill_gate", "retention_policy", "escrow_owner", "rollback_ref" ] }, { "category_id": "agent_bounty_protocol_runtime", "control_tier": "C0", "label": "agent-bounty-protocol runtime / MCP / A2A / treasury boundary", "path_patterns": [ "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json", "docs/schemas/agent_bounty_iwooos_onboarding_handoff_v1.schema.json", "agent-bounty-protocol/**" ], "priority": "P0", "required_gate": "agent_bounty_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "repo_owner_scope", "runtime_gate_false", "no_payout_or_treasury_execution", "no_mcp_a2a_runtime_execution", "redacted_evidence_refs_only" ] }, { "category_id": "monitoring_alerting_observability", "control_tier": "C1", "label": "Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse", "path_patterns": [ "ops/monitoring/**", "ops/alertmanager/**", "ops/grafana/**", "ops/signoz/**", "ops/sentry-self-hosted/**", "infra/langfuse/**", "k8s/monitoring/**" ], "priority": "P1", "required_gate": "monitoring_observability_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "rule_diff", "receiver_diff", "reload_gate", "failure_notification_policy", "public_route_smoke_if_affected" ] }, { "category_id": "docker_compose_systemd_host_config", "control_tier": "C1", "label": "Docker Compose / systemd / host service config", "path_patterns": [ "docker-compose*.yml", "docker-compose*.yaml", "ops/**/docker-compose*.yml", "ops/**/docker-compose*.yaml", "scripts/reboot-recovery/**", "scripts/**/*.service", "ops/**/*.service" ], "priority": "P1", "required_gate": "host_service_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "port_conflict_check", "volume_diff", "env_name_diff", "restart_window", "rollback_owner" ] }, { "category_id": "ssh_firewall_network_access", "control_tier": "C1", "label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort", "path_patterns": [ "infra/ansible/inventory/**", "infra/ansible/**/*known_hosts*", "infra/ansible/**/*ssh*", "scripts/**/*ssh*", "scripts/**/*known_hosts*", "ops/**/*wireguard*", "ops/**/*firewall*", "k8s/**/*network*", "k8s/**/*Network*" ], "priority": "P1", "required_gate": "network_access_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "target_whitelist", "host_key_policy", "ingress_egress_matrix", "rollback_owner", "maintenance_window" ] }, { "category_id": "ai_provider_model_routing", "control_tier": "C1", "label": "AI provider / model routing / Ollama proxy / cost and privacy", "path_patterns": [ "apps/api/src/services/ai_providers/**", "apps/api/src/services/**/*model*", "apps/api/src/services/**/*provider*", "infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2", "docs/ai/**", "docs/**/*Ollama*" ], "priority": "P1", "required_gate": "ai_provider_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "dry_run", "benchmark", "cost_review", "privacy_review", "fallback_order_check" ] }, { "category_id": "product_surface_runtime_routes", "control_tier": "C2", "label": "AWOOOI / AwoooP / IwoooS / VibeWork / other product runtime routes", "path_patterns": [ "apps/web/src/app/**", "apps/web/messages/*.json", "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/vibework-iwooos-onboarding-handoff.snapshot.json" ], "priority": "P2", "required_gate": "product_surface_owner_response_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "product_boundary_check", "i18n_traditional_chinese_check", "no_internal_transcript_check", "desktop_mobile_smoke_if_frontend" ] }, { "category_id": "security_evidence_tooling", "control_tier": "C3", "label": "Security evidence / snapshot / guard tooling", "path_patterns": [ "docs/security/**", "docs/schemas/**", "scripts/security/**", "docs/LOGBOOK.md" ], "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "followup_owner", "rollback_owner", "maintenance_window", "validation_plan" ], "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ] } ], "execution_boundaries": { "action_buttons_allowed": false, "host_write_authorized": false, "request_sent": false, "response_accepted": false, "response_received": false, "runtime_execution_authorized": false, "secret_value_collected": false }, "generated_at": "2026-06-11T13:00:00+08:00", "git_commit": "ccf87213", "next_steps": [ "若 packet_count > 0,將 packet 交給 owner 補 canonical 欄位;不得把草案視為已送件。", "若 owner 回覆含 secret 或執行要求,先 quarantine 或 reject_execution_request。", "只有 reviewer checklist 完成後才可進 accepted;accepted 仍不開 runtime gate。" ], "packets": [ { "affected_files": [ "docs/LOGBOOK.md", "docs/security/HIGH-VALUE-CONFIG-CHANGE-GATE.md", "docs/security/HIGH-VALUE-CONFIG-OWNER-PACKET.md", "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/high-value-config-change-gate.snapshot.json", "docs/security/high-value-config-owner-packet.snapshot.json", "scripts/security/high-value-config-change-gate.py", "scripts/security/high-value-config-owner-packet.py" ], "allowed_decisions": [ "confirm", "defer", "reject", "request_more_evidence" ], "blocked_requests": [ "repo_create", "visibility_change", "refs_sync", "refs_delete", "force_push", "workflow_modify", "runner_enable", "secret_value_submit", "ssh_host_modify", "nginx_reload", "dns_tls_modify", "argocd_sync", "kubectl_apply", "active_scan", "agent_bounty_runtime_execute", "payout_or_withdrawal" ], "category_id": "security_evidence_tooling", "control_tier": "C3", "false_flags": { "action_buttons_allowed": false, "active_scan_authorized": false, "dns_tls_change_authorized": false, "force_push_authorized": false, "host_write_authorized": false, "nginx_reload_authorized": false, "refs_sync_authorized": false, "request_sent": false, "response_accepted": false, "response_received": false, "runner_change_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "workflow_modification_authorized": false }, "field_templates": [ { "field": "owner_role_or_team", "instruction": "填角色或團隊,不填私人帳號、密碼、token 或私人聯絡資訊。", "required": true }, { "field": "decision", "instruction": "只能填 confirm、defer、reject、request_more_evidence;不得附帶 runtime 執行批准。", "required": true }, { "field": "decision_reason", "instruction": "填脫敏短理由;不可貼 raw log、raw API body、未脫敏截圖或內部對話。", "required": true }, { "field": "affected_scope", "instruction": "填受影響 repo、host、domain、namespace、route、service、secret name 或產品邊界。", "required": true }, { "field": "redacted_evidence_refs", "instruction": "只填文件路徑、snapshot id、ticket id、commit、hash 或脫敏 metadata pointer。", "required": true }, { "field": "followup_owner", "instruction": "填後續補證、審查或決策負責角色 / 團隊。", "required": true }, { "field": "rollback_owner", "instruction": "填回滾負責角色 / 團隊;不是直接執行授權。", "required": true }, { "field": "maintenance_window", "instruction": "填維護窗口或明確寫 deferred / not scheduled;不得用口頭同意代替。", "required": true }, { "field": "validation_plan", "instruction": "填 preflight、post-check、rollback check;若只讀文件變更,寫 guard / json / doc secret sanity。", "required": true } ], "label": "Security evidence / snapshot / guard tooling", "outcome_lanes": [ "keep_waiting_owner_response", "request_more_evidence", "quarantine_sensitive_payload", "reject_execution_request", "ready_for_reviewer_validation" ], "packet_id": "high_value_config_owner_packet:security_evidence_tooling", "priority": "P3", "redaction_rules": [ "只收 redacted evidence refs,不收 secret value。", "疑似 token、cookie、authorization header、private key、runner token 或 webhook secret 一律 quarantine。", "內部工作視窗對話、抱怨、口頭同意不得進產品文案或 LOGBOOK raw text。" ], "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ], "reviewer_checklist": [ "canonical owner fields 全部存在。", "decision 只使用允許值。", "affected scope 可映射到 repo / host / domain / route / service / secret name。", "redacted evidence refs 不含 raw payload。", "沒有夾帶執行要求。", "C0 / C1 若要進 runtime,需獨立人工批准與維護窗口。" ], "status": "draft_waiting_owner_response" } ], "schema_version": "high_value_config_owner_packet_v1", "source_gate_schema_version": "high_value_config_change_gate_v1", "source_gate_summary": { "changed_file_count": 8, "impacted_c0_category_count": 0, "impacted_c1_category_count": 0, "impacted_category_count": 1, "matched_high_value_file_count": 8, "owner_evidence_complete": false, "owner_evidence_provided": false, "runtime_execution_authorized": false, "strongest_priority": "P3", "strongest_tier": "C3" }, "status": "draft_waiting_owner_response", "summary": { "accepted_response_count": 0, "c0_packet_count": 0, "c1_packet_count": 0, "packet_count": 1, "received_response_count": 0, "request_sent_count": 0, "runtime_gate_count": 0 }, "universal_owner_response_template": { "allowed_decisions": [ "confirm", "defer", "reject", "request_more_evidence" ], "false_flags": { "action_buttons_allowed": false, "active_scan_authorized": false, "dns_tls_change_authorized": false, "force_push_authorized": false, "host_write_authorized": false, "nginx_reload_authorized": false, "refs_sync_authorized": false, "request_sent": false, "response_accepted": false, "response_received": false, "runner_change_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "workflow_modification_authorized": false }, "field_templates": [ { "field": "owner_role_or_team", "instruction": "填角色或團隊,不填私人帳號、密碼、token 或私人聯絡資訊。", "required": true }, { "field": "decision", "instruction": "只能填 confirm、defer、reject、request_more_evidence;不得附帶 runtime 執行批准。", "required": true }, { "field": "decision_reason", "instruction": "填脫敏短理由;不可貼 raw log、raw API body、未脫敏截圖或內部對話。", "required": true }, { "field": "affected_scope", "instruction": "填受影響 repo、host、domain、namespace、route、service、secret name 或產品邊界。", "required": true }, { "field": "redacted_evidence_refs", "instruction": "只填文件路徑、snapshot id、ticket id、commit、hash 或脫敏 metadata pointer。", "required": true }, { "field": "followup_owner", "instruction": "填後續補證、審查或決策負責角色 / 團隊。", "required": true }, { "field": "rollback_owner", "instruction": "填回滾負責角色 / 團隊;不是直接執行授權。", "required": true }, { "field": "maintenance_window", "instruction": "填維護窗口或明確寫 deferred / not scheduled;不得用口頭同意代替。", "required": true }, { "field": "validation_plan", "instruction": "填 preflight、post-check、rollback check;若只讀文件變更,寫 guard / json / doc secret sanity。", "required": true } ] } }