{ "schema_version": "security_approval_gate_v1", "status": "draft", "date": "2026-05-17", "mode": "approval_gate_only", "runtime_execution_authorized": false, "source_indexes": [ "docs/security/security-approval-queue.snapshot.json", "docs/security/security-followup-runtime-gate.snapshot.json", "docs/security/security-mirror-status-rollup.snapshot.json", "docs/security/security-rollout-policy.snapshot.json", "docs/security/kali-scan-scope-approval.snapshot.json", "docs/security/source-control-approval-board.snapshot.json", "docs/security/source-control-ref-truth-classification.snapshot.json", "docs/security/source-control-ref-truth-owner-response.snapshot.json", "docs/security/gitea-inventory-coverage-attestation.snapshot.json", "docs/security/gitea-inventory-owner-attestation-response.snapshot.json" ], "summary": { "total_gate_items": 8, "pending_human_decision_count": 7, "block_candidate_count": 1, "approved_count": 0, "runtime_actions_authorized": false, "immediate_execution_after_approval_allowed": false, "raw_secret_storage_authorized": false }, "gate_items": [ { "gate_id": "gate-redacted-finding-ingestion-20260513", "source_queue_item_id": "kali-finding-runtime-ingestion-approval-20260513", "source_contract": "security_approval_queue_v1", "risk": "MEDIUM", "gate_state": "pending_human_decision", "approval_scope": "design_or_draft_only", "required_reviewers": [ "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "設計 redacted security_finding_v1 ingestion adapter", "建立 draft PR 或 patch-only backlog", "只定義摘要欄位與 evidence_ref" ], "still_forbidden": [ "保存 raw secret/token/cookie/private key/exploit payload", "讓 AwoooP 直接啟動 scan", "自動修復或自動封鎖 deploy" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/SECURITY-FINDING-CONTRACT.md", "docs/security/security-finding-kali-sample.snapshot.json", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ] }, { "gate_id": "gate-safe-web-crawl-20260513", "source_queue_item_id": "kali-safe-web-crawl-approval-20260513", "source_contract": "security_approval_queue_v1", "risk": "MEDIUM", "gate_state": "pending_human_decision", "approval_scope": "low_noise_scan_scope_only", "required_reviewers": [ "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "定義 TLS/header/basic crawl 的目標清單", "限制掃描頻率與時間窗", "只輸出 redacted findings" ], "still_forbidden": [ "active DAST fuzz", "auth flow 改狀態測試", "credentialed scan", "阻擋 release" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", "docs/security/KALI-SECURITY-MESH-BLUEPRINT.md" ] }, { "gate_id": "gate-gitea-readonly-inventory-20260513", "source_queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12", "source_contract": "security_approval_queue_v1", "risk": "MEDIUM", "gate_state": "pending_human_decision", "approval_scope": "read_only_inventory_only", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "先依 S4.9 request packet 要求 owner 回覆,用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response,保留 scope decision evidence", "使用 read-only token 或 redacted admin export 補齊 repo list", "只保存 token_present=true/false", "更新 migration matrix 與 repo decision table" ], "still_forbidden": [ "保存 token value", "使用 write-capable token", "未完成 S4.7 owner attestation 就標記 inventory complete", "把 owner attestation 當成 repo migration 或 primary cutover approval", "把 S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 或 response packet 當成 inventory 執行授權", "建立 GitHub repo", "sync refs", "切 GitHub primary" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md", "docs/security/gitea-readonly-inventory-approval.snapshot.json", "docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md", "docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md", "docs/security/gitea-inventory-coverage-attestation.snapshot.json", "docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md", "docs/security/gitea-inventory-owner-attestation-response.snapshot.json", "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md" ] }, { "gate_id": "gate-github-target-decisions-20260513", "source_queue_item_id": "source-control-target-repo-approval-bundle-20260513", "source_contract": "security_approval_queue_v1", "risk": "HIGH", "gate_state": "pending_human_decision", "approval_scope": "design_or_draft_only", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 owner decision response", "依 S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 workflow / secret 名稱 owner response", "逐 repo 更新 owner/visibility/canonical decision", "更新 workflow / secret name parity read-only wording", "產生 draft reconcile plan 或 ADR", "更新 GitHub target decision snapshot" ], "still_forbidden": [ "建立 repo", "修改 visibility", "把 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation 或 visibility approval", "把 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification 或 runner enablement approval", "push refs", "delete refs", "切 GitHub primary" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md", "docs/security/source-control-approval-board.snapshot.json", "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md", "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md", "docs/security/github-target-owner-decision-response.snapshot.json", "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md", "docs/security/source-control-workflow-secret-name-owner-response.snapshot.json" ] }, { "gate_id": "gate-ref-truth-review-20260513", "source_queue_item_id": "source-control-ref-truth-review-bundle-20260513", "source_contract": "security_approval_queue_v1", "risk": "HIGH", "gate_state": "pending_human_decision", "approval_scope": "design_or_draft_only", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "依 S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 owner response", "標記單 ref 真相來源候選", "更新 source control reconcile plan", "產生人工 review checklist" ], "still_forbidden": [ "把 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync/delete/force push approval", "push refs", "delete refs", "force push", "切 GitHub primary" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md", "docs/security/source-control-ref-truth-classification.snapshot.json", "docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md", "docs/security/source-control-ref-truth-owner-response.snapshot.json", "docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md" ] }, { "gate_id": "gate-credentialed-scan-20260513", "source_queue_item_id": "kali-credentialed-scan-approval-20260513", "source_contract": "security_approval_queue_v1", "risk": "HIGH", "gate_state": "pending_human_decision", "approval_scope": "manual_exception_only", "required_reviewers": [ "security-commander", "vuln-verifier", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "先定義 credential source、scope、audit trail 與停用方式", "限制到批准 asset", "只保存 redacted finding summary" ], "still_forbidden": [ "保存 credential value", "擴大到未批准資產", "自動修復", "改 firewall/RBAC/NetworkPolicy" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md" ] }, { "gate_id": "gate-kali-full-upgrade-reboot-20260513", "source_queue_item_id": "kali-full-upgrade-reboot-approval-20260513", "source_contract": "security_approval_queue_v1", "risk": "HIGH", "gate_state": "pending_human_decision", "approval_scope": "manual_exception_only", "required_reviewers": [ "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "allowed_after_approval": [ "先排維護窗口", "先確認 snapshot 與 rollback", "定義 post-health gate" ], "still_forbidden": [ "未排窗口直接 reboot", "未 snapshot 直接 full-upgrade", "未驗證 scanner health 就宣告完成" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ] }, { "gate_id": "gate-kali-execute-endpoint-20260513", "source_queue_item_id": "kali-execute-endpoint-approval-20260513", "source_contract": "security_approval_queue_v1", "risk": "CRITICAL", "gate_state": "block_candidate", "approval_scope": "blocked_by_default", "required_reviewers": [ "critic", "security-commander", "human-owner" ], "decision_options": [ "keep_blocked", "defer", "request_more_evidence" ], "allowed_after_approval": [ "僅設計 disable/allowlist/audit gate", "只在人工 exception 下測試", "維持 AwoooP runtime 不可直接呼叫" ], "still_forbidden": [ "AwoooP runtime 直接呼叫 /execute", "把 /execute 當成一般 MCP action", "執行 shell command 自動修復", "保存 command 中可能含有的敏感輸出" ], "requires_followup_runtime_gate": true, "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ] } ], "decision_recording_rules": [ "每個 gate item 必須記錄人工決策、reviewer、時間、evidence refs 與批准範圍。", "每個 gate item 可被包成 security_approval_review_packet_v1,但 review packet 不代表批准。", "每個人工決策後的 next state 必須依 security_approval_state_transition_v1 顯示,且不得直接執行。", "security_followup_runtime_gate_v1 只顯示批准後若要走 runtime gate 時的前置 evidence、preflight checks 與 rollback / disable requirement。", "批准只代表該 scope 可進下一步設計、草案、只讀 inventory 或人工 exception;不代表可立即執行 runtime action。", "任何 scan、/execute、repo、refs、deploy、secret、RBAC、NetworkPolicy、firewall 變更都需要 follow-up runtime gate。", "拒絕、延後或要求補 evidence 時,只更新 gate 狀態與 audit evidence,不觸發修復。" ], "forbidden_actions": [ "execute_gate_item", "auto_approve", "execute_after_approval_without_runtime_gate", "start_kali_scan", "call_kali_execute_endpoint", "run_credentialed_scan", "create_github_repo", "change_repo_visibility", "sync_git_refs", "switch_github_primary", "auto_merge", "production_deploy", "store_secret_token_cookie_private_key_or_exploit_payload", "turn_low_medium_observations_into_blocking_gates" ] }