{ "schema_version": "security_approval_review_packet_v1", "status": "draft", "date": "2026-05-17", "mode": "approval_review_packet_only", "runtime_execution_authorized": false, "source_indexes": [ "docs/security/security-approval-queue.snapshot.json", "docs/security/security-approval-gate.snapshot.json", "docs/security/security-approval-decision-record.snapshot.json", "docs/security/security-approval-state-transition.snapshot.json", "docs/security/security-followup-runtime-gate.snapshot.json", "docs/security/security-mirror-status-rollup.snapshot.json", "docs/security/security-rollout-policy.snapshot.json", "docs/security/gitea-inventory-coverage-attestation.snapshot.json", "docs/security/gitea-inventory-owner-attestation-response.snapshot.json", "docs/security/source-control-ref-truth-owner-response.snapshot.json" ], "summary": { "total_review_packets": 8, "ready_for_human_review_count": 7, "block_candidate_count": 1, "decision_records_created_count": 0, "runtime_actions_authorized": false, "action_buttons_allowed": false, "raw_secret_storage_authorized": false }, "review_packets": [ { "packet_id": "review-packet-redacted-finding-ingestion-20260513", "review_order": 1, "gate_id": "gate-redacted-finding-ingestion-20260513", "source_queue_item_id": "kali-finding-runtime-ingestion-approval-20260513", "risk": "MEDIUM", "review_state": "ready_for_human_review", "review_lane": "design_or_draft_review", "requested_decision": "是否允許先設計或建立 draft PR,讓 AwoooP 未來可接收已脫敏 security_finding_v1 摘要與 evidence_ref。", "required_reviewers": [ "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/SECURITY-FINDING-CONTRACT.md", "docs/security/security-finding-kali-sample.snapshot.json", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ], "allowed_pre_decision_actions": [ "顯示 packet 與 evidence refs", "要求 reviewer 補充 scope 或資料欄位", "保留 sample snapshot mirror-only" ], "allowed_after_decision_actions": [ "若 approve_scope,只能進入設計或 draft PR", "若 reject/defer/request_more_evidence,寫入 decision record 並維持 blocked" ], "still_forbidden": [ "保存 raw secret/token/cookie/private key/exploit payload", "讓 AwoooP 直接啟動 scan", "自動封鎖 deploy 或自動修復" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-safe-web-crawl-20260513", "review_order": 2, "gate_id": "gate-safe-web-crawl-20260513", "source_queue_item_id": "kali-safe-web-crawl-approval-20260513", "risk": "MEDIUM", "review_state": "ready_for_human_review", "review_lane": "low_noise_scan_scope_review", "requested_decision": "是否允許定義公開產品 domains 的 TLS、security header 與 basic crawl 低噪音 scope。", "required_reviewers": [ "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", "docs/security/KALI-SECURITY-MESH-BLUEPRINT.md" ], "allowed_pre_decision_actions": [ "顯示公開 web perimeter 候選範圍", "要求補 scan window、頻率與排除清單", "維持 observe-only" ], "allowed_after_decision_actions": [ "若 approve_scope,只能整理低噪音 scope 與 redacted finding 格式", "任何實際掃描仍需 follow-up runtime gate" ], "still_forbidden": [ "active DAST fuzz", "auth flow 改狀態測試", "credentialed scan", "阻擋 release" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-gitea-readonly-inventory-20260513", "review_order": 3, "gate_id": "gate-gitea-readonly-inventory-20260513", "source_queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12", "risk": "MEDIUM", "review_state": "ready_for_human_review", "review_lane": "read_only_inventory_review", "requested_decision": "是否先要求 owner 依 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / response 收件包完成 S4.7 coverage attestation,並在 scope decision 被接受後,才允許 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md", "docs/security/gitea-readonly-inventory-approval.snapshot.json", "docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md", "docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md", "docs/security/gitea-inventory-coverage-attestation.snapshot.json", "docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md", "docs/security/gitea-inventory-owner-attestation-response.snapshot.json", "docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md", "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md" ], "allowed_pre_decision_actions": [ "顯示 public-only 與 blocked endpoint evidence", "顯示 S4.7 的 5 個 owner attestation items 與 received_attestation_count=0", "顯示 S4.9 的 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、5 個 owner response templates、6 個 intake preflight checks、5 個 outcome lanes、received_response_count=0、audit_events_emitted=0 與 rejection rules", "要求 owner 確認 read-only token 或 redacted export 來源", "不保存 token value" ], "allowed_after_decision_actions": [ "若 approve_scope,先依 S4.9 request packet 要求 owner 回覆,用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner response,再更新 attestation evidence 與 scope decision", "若 approve_scope,只能做一次 read-only inventory 或匯入 redacted export", "更新 migration matrix 與 repo decision table" ], "still_forbidden": [ "保存 token value", "使用 write-capable token", "未完成 owner attestation 就標記 inventory complete", "把 owner attestation 當成 repo migration 或 primary approval", "把 S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 或 response packet 當成 inventory 執行授權", "建立 GitHub repo", "sync refs", "切 GitHub primary" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-github-target-decisions-20260513", "review_order": 4, "gate_id": "gate-github-target-decisions-20260513", "source_queue_item_id": "source-control-target-repo-approval-bundle-20260513", "risk": "HIGH", "review_state": "ready_for_human_review", "review_lane": "design_or_draft_review", "requested_decision": "是否依 S4.10 逐 repo 確認 GitHub target、owner、visibility、canonical response 與 refs reconcile review;本封包不授權建立 repo 或改 visibility。", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md", "docs/security/source-control-approval-board.snapshot.json", "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md", "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md", "docs/security/github-target-owner-decision-response.snapshot.json", "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md", "docs/security/source-control-workflow-secret-name-owner-response.snapshot.json" ], "allowed_pre_decision_actions": [ "顯示 9 個 approval-required target", "顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、owner response templates、received_response_count=0 與 rejection rules", "顯示 S4.12 workflow / secret 名稱 owner response request packet、template statuses、audit event templates、redaction examples、collection checks、intake preflight checks、templates、received_response_count=0 與 rejection rules", "要求 repo owner 補 owner/visibility/canonical 判定", "維持 refs action disabled" ], "allowed_after_decision_actions": [ "若 approve_scope,只能更新 S4.10 / S4.12 response 驗收結果、決策草案、workflow parity wording、draft reconcile plan 或 ADR", "任何 repo creation 或 visibility change 仍需後續 runtime gate" ], "still_forbidden": [ "建立 repo", "修改 visibility", "把 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation 或 visibility approval", "把 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification 或 runner enablement approval", "push refs", "delete refs", "切 GitHub primary" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-ref-truth-review-20260513", "review_order": 5, "gate_id": "gate-ref-truth-review-20260513", "source_queue_item_id": "source-control-ref-truth-review-bundle-20260513", "risk": "HIGH", "review_state": "ready_for_human_review", "review_lane": "design_or_draft_review", "requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs;先依 S4.11 驗收 owner response,分類結果不得自動執行。", "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md", "docs/security/source-control-ref-truth-classification.snapshot.json", "docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md", "docs/security/source-control-ref-truth-owner-response.snapshot.json", "docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md" ], "allowed_pre_decision_actions": [ "顯示 194 個 refs review items", "顯示 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、五個 owner response templates 與 received_response_count=0", "依 repo / branch / tag 分組給 owner 判定", "產生人工 review checklist" ], "allowed_after_decision_actions": [ "若 approve_scope,只能依 S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收後更新 truth classification 或 reconcile draft", "任何 refs sync/delete 仍需後續 runtime gate" ], "still_forbidden": [ "把 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync/delete/force push approval", "push refs", "delete refs", "force push", "切 GitHub primary" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-credentialed-scan-20260513", "review_order": 6, "gate_id": "gate-credentialed-scan-20260513", "source_queue_item_id": "kali-credentialed-scan-approval-20260513", "risk": "HIGH", "review_state": "ready_for_human_review", "review_lane": "manual_exception_review", "requested_decision": "是否允許先設計 credentialed scan 的人工 exception、credential source、scope、audit trail 與停用方式。", "required_reviewers": [ "security-commander", "vuln-verifier", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md" ], "allowed_pre_decision_actions": [ "顯示需人工 exception 的原因", "要求補 credential lifecycle、scope 與停用方式", "不接收或保存 credential value" ], "allowed_after_decision_actions": [ "若 approve_scope,只能設計 exception 流程與 audit trail", "任何 credentialed scan 仍需 follow-up runtime gate 與維護窗口" ], "still_forbidden": [ "保存 credential value", "擴大到未批准資產", "自動修復", "改 firewall/RBAC/NetworkPolicy" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-kali-full-upgrade-reboot-20260513", "review_order": 7, "gate_id": "gate-kali-full-upgrade-reboot-20260513", "source_queue_item_id": "kali-full-upgrade-reboot-approval-20260513", "risk": "HIGH", "review_state": "ready_for_human_review", "review_lane": "manual_exception_review", "requested_decision": "是否安排 Kali 112 full-upgrade、必要 autoremove 與 reboot 的維護窗口;必須先有 snapshot、rollback 與 post-health gate。", "required_reviewers": [ "security-commander", "human-owner" ], "decision_options": [ "approve_scope", "reject", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ], "allowed_pre_decision_actions": [ "顯示目前 Kali update 與 no reboot required 狀態", "要求補維護窗口、snapshot、rollback 與 post-check", "不直接 reboot" ], "allowed_after_decision_actions": [ "若 approve_scope,只能安排維護窗口與 rollback 計畫", "實際 full-upgrade/reboot 仍需 follow-up runtime gate" ], "still_forbidden": [ "未排窗口直接 reboot", "未 snapshot 直接 full-upgrade", "未驗證 scanner health 就宣告完成" ], "followup_runtime_gate_required": true, "execution_authorized": false }, { "packet_id": "review-packet-kali-execute-endpoint-20260513", "review_order": 8, "gate_id": "gate-kali-execute-endpoint-20260513", "source_queue_item_id": "kali-execute-endpoint-approval-20260513", "risk": "CRITICAL", "review_state": "block_candidate", "review_lane": "blocked_by_default_review", "requested_decision": "是否維持 Kali /execute blocked by default;若未來保留,只能先設計 disable、allowlist、audit gate 與人工 exception。", "required_reviewers": [ "critic", "security-commander", "human-owner" ], "decision_options": [ "keep_blocked", "defer", "request_more_evidence" ], "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ], "allowed_pre_decision_actions": [ "顯示 blocked reason", "要求補 disable/allowlist/audit gate 設計", "維持 AwoooP runtime 不可直接呼叫" ], "allowed_after_decision_actions": [ "若 keep_blocked,寫入 decision record 並維持 disabled posture", "若 defer/request_more_evidence,只補設計資料,不啟用 runtime" ], "still_forbidden": [ "AwoooP runtime 直接呼叫 /execute", "把 /execute 當成一般 MCP action", "執行 shell command 自動修復", "保存 command 中可能含有的敏感輸出" ], "followup_runtime_gate_required": true, "execution_authorized": false } ], "packet_rules": [ "Review packet 只能準備人工審查資料,不能代表批准。", "每個 packet 都必須對應 security_approval_gate_v1 gate item 與 security_approval_queue_v1 queue item。", "人工決策必須另外寫入 security_approval_decision_record_v1。", "人工決策後的 next state 必須依 security_approval_state_transition_v1 顯示。", "即使 decision=approve_scope,execution_authorized 仍必須是 false,且仍需依 security_followup_runtime_gate_v1 顯示後續 runtime gate 準備條件。", "AwoooP 初期不得對 packet 顯示 scan、execute、repo、refs、deploy、secret 類 action button。" ], "forbidden_actions": [ "start_kali_scan", "call_kali_execute_endpoint", "run_credentialed_scan", "create_github_repo", "change_repo_visibility", "sync_git_refs", "switch_github_primary", "auto_merge", "production_deploy", "store_secret_token_cookie_private_key_or_exploit_payload", "treat_review_packet_as_approval", "treat_review_packet_as_execution_authorization" ] }