{ "schema_version": "security_mirror_route_v1", "status": "draft", "date": "2026-05-13", "mode": "mirror_only", "runtime_execution_authorized": false, "source_indexes": [ "docs/security/security-mirror-readiness.snapshot.json", "docs/security/security-supply-chain-contract-manifest.snapshot.json", "docs/security/security-mirror-intake-plan.snapshot.json", "docs/security/security-mirror-event-sample.snapshot.json", "docs/security/source-control-workflow-secret-name-inventory.snapshot.json", "docs/security/source-control-primary-rollback-adr.snapshot.json", "docs/security/iwooos-posture-projection.snapshot.json" ], "summary": { "total_contracts": 36, "route_group_count": 5, "channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 不發阻擋事件。", "approval_queue_policy": "只有 approval-only、suggest-only 或 blocked-until-approved 項目可進 approval queue;approval queue 不代表可執行。" }, "route_groups": [ { "wave_id": "M0_index_bootstrap", "title": "契約索引與只讀路由啟動", "contracts": [ "security_mirror_readiness_v1", "security_rollout_policy_v1", "security_mirror_event_v1", "security_mirror_intake_plan_v1", "security_mirror_route_v1", "security_mirror_acceptance_v1", "security_mirror_quarantine_v1", "security_mirror_dry_run_v1", "security_mirror_status_rollup_v1", "iwooos_posture_projection_v1" ], "destinations": [ "operator_console", "runtime_state", "audit_evidence" ], "channel_policy": "no_channel_event", "review_lane": "observe", "allowed_processing": [ "顯示 contract readiness 與 manifest", "顯示 mirror-only policy", "顯示每個 wave 的目的地與 blocked processing", "要求所有鏡像 payload 使用 security_mirror_event_v1 信封", "顯示 security_mirror_acceptance_v1 驗收結果", "顯示 security_mirror_quarantine_v1 隔離 lane 與 retry gate", "顯示 security_mirror_dry_run_v1 dry-run steps", "顯示 security_mirror_status_rollup_v1 跨 Session 狀態與下一個 gate", "顯示 S3 review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory contract 位置", "顯示 iwooos_posture_projection_v1 前端資安態勢投影" ], "blocked_processing": [ "新增執行按鈕", "把 readiness 當執行授權", "runtime blocking", "自動批准任何 queue item" ], "exit_gate": "AwoooP 可顯示 36 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且所有 route 都維持 runtime_execution_authorized=false。" }, { "wave_id": "M1_kali_visibility", "title": "Kali 112 與掃描範圍能見度", "contracts": [ "kali_integration_status_v1", "kali_scan_scope_approval_v1", "security_approval_queue_v1", "security_finding_v1" ], "destinations": [ "operator_console", "runtime_state", "channel_event", "approval_queue", "audit_evidence" ], "channel_policy": "approval_required_only", "review_lane": "approval_required", "allowed_processing": [ "顯示 Kali 112 health、更新狀態與缺口", "顯示 111 / 168 與核心主機 observe-only scope", "顯示 scan scope approval gates", "顯示 redacted finding sample" ], "blocked_processing": [ "啟動 active scan", "呼叫 Kali execute endpoint", "credentialed scan", "full-upgrade 或 reboot", "保存 secret value" ], "exit_gate": "AwoooP 能顯示 Kali visibility 與 approval gates,但沒有 scan / execute action。" }, { "wave_id": "M2_source_control_visibility", "title": "Gitea / GitHub 版本與 refs 能見度", "contracts": [ "source_control_migration_event_v1", "gitea_repo_inventory_v1", "local_git_remote_inventory_v1", "github_target_probe_v1", "github_target_decision_v1", "github_target_repo_approval_package_v1", "source_control_approval_board_v1", "source_control_reconcile_plan_v1", "source_control_ref_detail_diff_v1", "source_control_ref_truth_classification_v1", "source_control_primary_readiness_gate_v1", "source_control_primary_rollback_adr_v1", "source_control_workflow_secret_name_inventory_v1", "local_repo_canonical_probe_v1", "git_remote_refs_probe_v1", "approval_required_event_v1" ], "destinations": [ "operator_console", "runtime_state", "approval_queue", "audit_evidence" ], "channel_policy": "low_noise_status", "review_lane": "source_control_review", "allowed_processing": [ "顯示 repo / branch / tag 差異", "顯示 owner、visibility、canonical 與 refs review lane", "顯示 GitHub primary readiness blockers 與 rollback ADR 草案", "顯示 workflow / webhook / runner / secret 名稱 inventory 缺口,不保存 secret value", "顯示 Gitea inventory partial reason", "顯示 GitHub primary cutover blocked reason" ], "blocked_processing": [ "建立 GitHub repo", "修改 repo visibility", "sync refs", "切 GitHub primary", "刪除、停用或封存 Gitea repo" ], "exit_gate": "AwoooP 能看見 migration blockers 與 review lanes,所有 repo / refs action 都 disabled。" }, { "wave_id": "M3_approval_candidates", "title": "人工批准候選與留痕", "contracts": [ "approval_required_event_v1", "security_approval_queue_v1", "security_approval_gate_v1", "security_approval_decision_record_v1", "security_approval_review_packet_v1", "security_approval_state_transition_v1", "security_followup_runtime_gate_v1", "source_control_primary_readiness_gate_v1", "source_control_primary_rollback_adr_v1", "source_control_workflow_secret_name_inventory_v1", "github_target_repo_approval_package_v1", "source_control_approval_board_v1", "kali_scan_scope_approval_v1" ], "destinations": [ "approval_queue", "operator_console", "audit_evidence" ], "channel_policy": "approval_required_only", "review_lane": "approval_required", "allowed_processing": [ "建立 approval candidate", "顯示 S3 approval gate 與 follow-up runtime gate", "顯示人工 decision record 與 execution_authorized=false", "顯示人工 review packet、review lane 與 action_buttons_allowed=false", "顯示人工 decision next state,且 approve_scope 仍需 follow-up runtime gate", "顯示 follow-up runtime gate template,且 active_runtime_gates=0", "顯示 GitHub primary readiness gate,且 primary_ready_count=0", "顯示 GitHub primary rollback ADR 草案,且 owner_approved_count=0、active_cutover_count=0", "顯示 workflow / secret 名稱 inventory gate,且 inventory_complete_count=0", "顯示 required reviewers", "顯示 blocked_until_approved", "記錄人工決策結果" ], "blocked_processing": [ "auto approve", "批准後自動執行", "把人工批准記錄轉成 runtime executor", "保存 token 或 secret value" ], "exit_gate": "Approval candidate、S3 approval gate、decision record、review packet、state transition 與 follow-up runtime gate preparation 可顯示與留痕,但批准後執行仍需要下一階段 runtime gate。" }, { "wave_id": "M4_patch_only_backlog", "title": "Code Review 後的 Codex patch-only 工作列", "contracts": [ "coding_task_v1" ], "destinations": [ "operator_console", "approval_queue", "audit_evidence" ], "channel_policy": "no_channel_event", "review_lane": "patch_only", "allowed_processing": [ "顯示 patch-only backlog lane", "產生 draft patch task", "要求 reviewer 與風險標籤" ], "blocked_processing": [ "自動 merge", "production deploy", "secret rotation", "NetworkPolicy 或 firewall change" ], "exit_gate": "AwoooP 只建立 patch-only backlog lane;沒有 Codex runner action。" } ], "acceptance_gates": [ { "gate_id": "ROUTE_COVERS_ALL_CONTRACTS", "requirement": "route_groups 合併後必須涵蓋 manifest 的 36 個 contracts。" }, { "gate_id": "NO_EXECUTION_SURFACE", "requirement": "所有 route groups 都必須維持 runtime_execution_authorized=false,且不得新增執行按鈕。" }, { "gate_id": "LOW_NOISE_CHANNEL", "requirement": "Channel Event 初期只發低噪音摘要或人工批准必要事件,不把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 變成阻擋。" }, { "gate_id": "APPROVAL_IS_NOT_EXECUTION", "requirement": "Approval Queue 只保存人工決策候選與留痕,不代表任何後續動作可自動執行。" } ], "forbidden_actions": [ "start_kali_scan", "call_kali_execute_endpoint", "run_credentialed_scan", "create_github_repo", "change_repo_visibility", "sync_git_refs", "switch_github_primary", "auto_merge", "production_deploy", "store_secret_token_cookie_private_key_or_exploit_payload" ] }