{
  "schema_version": "source_control_approval_board_v1",
  "status": "draft",
  "date": "2026-05-12",
  "default_mode": "mirror_only",
  "authenticated_inventory_gate": {
    "status": "blocked",
    "reason": "GITEA_READONLY_TOKEN 未提供，且不使用可 push 的既有 remote credential 當 read-only token；server-side private/internal repo list 仍未完成。",
    "allowed_next_step": [
      "提供 read-only token 後重跑 gitea-repo-inventory",
      "或提供 redacted admin export JSON",
      "依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 收到 GitHub target owner / visibility / canonical response 後更新 read-only board 欄位",
      "在 gate 前仍可維護 approval board 與 decision table"
    ],
    "still_forbidden": [
      "使用 write-capable credential 當作 read-only token",
      "建立 GitHub repo",
      "修改 repo visibility",
      "sync refs",
      "switch GitHub primary"
    ]
  },
  "item_count": 10,
  "pending_approval_count": 9,
  "board_items": [
    {
      "github_repo": "owenhytsai/awoooi",
      "source_key": "wooo/awoooi",
      "lane": "refs_reconcile",
      "risk": "HIGH",
      "probe_status": "exists",
      "target_state": "exists_refs_blocked",
      "approval_status": "pending",
      "required_decision": "決定 Gitea / GitHub refs 真相來源，並批准只產生 reconcile plan。",
      "low_friction_next_step": "先產生 draft reconcile plan，不 push refs、不切 primary。",
      "blocked_until": [
        "Gitea server-side 全量 repo inventory status=ok",
        "branches/tags/workflows/webhooks/secrets 名稱 inventory 完成",
        "部署真相來源已決定",
        "GitHub primary ADR 與 rollback plan 完成"
      ],
      "allowed_after_approval": [
        "產生 refs reconcile plan",
        "產生 draft migration PR 或 ADR",
        "更新 migration matrix 與 evidence"
      ],
      "still_forbidden": [
        "直接 push refs",
        "直接切 GitHub primary",
        "直接停用 Gitea",
        "搬 secret value"
      ],
      "evidence_refs": [
        "docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md",
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/clawbot-v5",
      "source_key": "wooo/clawbot-v5",
      "lane": "refs_reconcile",
      "risk": "MEDIUM",
      "probe_status": "exists",
      "target_state": "exists_refs_blocked",
      "approval_status": "pending",
      "required_decision": "決定 Gitea / GitHub refs 真相來源，並批准只產生 reconcile plan。",
      "low_friction_next_step": "先產生 draft reconcile plan，不 push refs、不切 primary。",
      "blocked_until": [
        "Gitea/GitHub main SHA 對齊或人工指定真相來源",
        "GitHub 缺 Gitea tag 的處理方式已決定"
      ],
      "allowed_after_approval": [
        "產生 refs reconcile plan",
        "更新 migration matrix"
      ],
      "still_forbidden": [
        "直接 push refs",
        "直接切 primary",
        "刪除任一端 repo"
      ],
      "evidence_refs": [
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/wooo-aiops",
      "source_key": "wooo/wooo-aiops",
      "lane": "refs_reconcile",
      "risk": "MEDIUM",
      "probe_status": "exists",
      "target_state": "exists_refs_blocked",
      "approval_status": "pending",
      "required_decision": "決定 Gitea / GitHub refs 真相來源，並批准只產生 reconcile plan。",
      "low_friction_next_step": "先產生 draft reconcile plan，不 push refs、不切 primary。",
      "blocked_until": [
        "Gitea/GitHub main SHA 對齊或人工指定真相來源",
        "GitHub-only branch 與 tags 的來源已釐清"
      ],
      "allowed_after_approval": [
        "產生 refs reconcile plan",
        "更新 migration matrix"
      ],
      "still_forbidden": [
        "直接 push refs",
        "直接切 primary",
        "刪除 GitHub-only refs"
      ],
      "evidence_refs": [
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/wooo-infra-config",
      "source_key": "wooo/wooo-infra-config",
      "lane": "internal_remote_purpose",
      "risk": "MEDIUM",
      "probe_status": "exists",
      "target_state": "exists_aligned",
      "approval_status": "pending",
      "required_decision": "決定 110 internal remote 是 active source、legacy mirror 或應降級。",
      "low_friction_next_step": "先文件化用途與風險，不刪除 remote、不同步 refs。",
      "blocked_until": [
        "110 internal remote 用途已確認",
        "若 110 remote 為舊主控，已降級或移除",
        "infra secrets 名稱 inventory 完成"
      ],
      "allowed_after_approval": [
        "標記 110 remote 為 mirror、legacy 或 active source",
        "更新 canonical decision table"
      ],
      "still_forbidden": [
        "直接刪除 remote",
        "直接同步 refs",
        "搬 infra secret value"
      ],
      "evidence_refs": [
        "docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md",
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/ewoooc",
      "source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees",
      "lane": "target_creation_or_access",
      "risk": "HIGH",
      "probe_status": "not_found_or_private",
      "target_state": "not_found_or_private",
      "approval_status": "pending",
      "required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
      "low_friction_next_step": "先取得 owner / visibility 決策，不自動建立 repo。",
      "blocked_until": [
        "ewoooc/momo-pro-system canonical 關係人工確認",
        "server-side refs diff 完成",
        "GitHub repo owner 與 visibility 決策完成"
      ],
      "allowed_after_approval": [
        "決定建立 GitHub repo 或授權既有 private repo",
        "產生 migration plan"
      ],
      "still_forbidden": [
        "自動建立 mirror",
        "自動合併 unrelated histories",
        "刪除任一 momo/ewoooc working tree",
        "切 GitHub primary"
      ],
      "evidence_refs": [
        "docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md",
        "docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md",
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/bitan-pharmacy",
      "source_key": "bitan-pharmacy",
      "lane": "target_creation_or_access",
      "risk": "MEDIUM",
      "probe_status": "not_found_or_private",
      "target_state": "not_found_or_private",
      "approval_status": "pending",
      "required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
      "low_friction_next_step": "先取得 owner / visibility 決策，不自動建立 repo。",
      "blocked_until": [
        "確認 repo 是否仍 active",
        "GitHub repo owner 與 visibility 決策完成"
      ],
      "allowed_after_approval": [
        "決定建立 GitHub repo 或授權既有 private repo",
        "產生 migration plan"
      ],
      "still_forbidden": [
        "自動建立 repo",
        "自動 push refs",
        "刪除 110 remote"
      ],
      "evidence_refs": [
        "docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/tsenyang-website",
      "source_key": "tsenyang-website",
      "lane": "target_creation_or_access",
      "risk": "MEDIUM",
      "probe_status": "not_found_or_private",
      "target_state": "not_found_or_private",
      "approval_status": "pending",
      "required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
      "low_friction_next_step": "先取得 owner / visibility 決策，不自動建立 repo。",
      "blocked_until": [
        "確認 repo 是否仍 active",
        "GitHub repo owner 與 visibility 決策完成"
      ],
      "allowed_after_approval": [
        "決定建立 GitHub repo 或授權既有 private repo",
        "產生 migration plan"
      ],
      "still_forbidden": [
        "自動建立 repo",
        "自動 push refs",
        "刪除 110 remote"
      ],
      "evidence_refs": [
        "docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "nexu-io/open-design",
      "source_key": "open-design",
      "lane": "scope_review",
      "risk": "LOW",
      "probe_status": "exists",
      "target_state": "external_scope",
      "approval_status": "not_required",
      "required_decision": "決定此 repo 是否屬於 AWOOOI 資安供應鏈範圍。",
      "low_friction_next_step": "只標記 scope review，不納入主控切換。",
      "blocked_until": [
        "確認是否屬於 AWOOOI 資安網範圍"
      ],
      "allowed_after_approval": [
        "mirror_decision_only"
      ],
      "still_forbidden": [
        "auto_execute",
        "sync_refs",
        "switch_primary"
      ],
      "evidence_refs": [
        "docs/security/github-target-probe.snapshot.json"
      ],
      "awooop_consumption": "scope_review_only"
    },
    {
      "github_repo": "owenhytsai/VibeWork",
      "source_key": "vibework",
      "lane": "target_creation_or_access",
      "risk": "HIGH",
      "probe_status": "not_found_or_private",
      "target_state": "not_found_or_private",
      "approval_status": "pending",
      "required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
      "low_friction_next_step": "先取得 owner / visibility 決策，不自動建立 repo。",
      "blocked_until": [
        "VibeWork 產品 / repo / surface owner 與 canonical source 決策完成",
        "確認是否存在 private GitHub target 或需要建立候選 repo",
        "保留 VibeWork 獨立產品邊界，不得由 AWOOOI primary readiness 直接併入",
        "workflow / CODEOWNERS / deploy key / repository secret name parity owner response 完成"
      ],
      "allowed_after_approval": [
        "決定授權既有 private target 或建立候選 GitHub repo 計畫",
        "補 repo / product / surface owner metadata",
        "更新 source-control primary readiness 的 VibeWork read-only 欄位"
      ],
      "still_forbidden": [
        "自動建立 repo",
        "自動 push refs",
        "修改 workflow 或 CODEOWNERS",
        "搬移 secret value",
        "把 VibeWork 產品邊界併入 AWOOOI",
        "切 GitHub primary"
      ],
      "evidence_refs": [
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/source-control-primary-readiness-gate.snapshot.json",
        "docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "github_repo": "owenhytsai/agent-bounty-protocol",
      "source_key": "agent-bounty-protocol",
      "lane": "target_creation_or_access",
      "risk": "HIGH",
      "probe_status": "not_found_or_private",
      "target_state": "not_found_or_private",
      "approval_status": "pending",
      "required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
      "low_friction_next_step": "先取得 owner / visibility 決策，不自動建立 repo。",
      "blocked_until": [
        "agent-bounty-protocol repo / deployment / external agent / treasury owner 決策完成",
        "確認是否存在 private GitHub target 或需要建立候選 repo",
        "A2A / MCP / bounty / treasury / payout / withdrawal runtime gate 維持 0",
        "branch protection / CODEOWNERS / repository secret name parity owner response 完成"
      ],
      "allowed_after_approval": [
        "決定授權既有 private target 或建立候選 GitHub repo 計畫",
        "補 agent / bounty / treasury / execution surface owner metadata",
        "更新 source-control primary readiness 的 agent-bounty-protocol read-only 欄位"
      ],
      "still_forbidden": [
        "自動建立 repo",
        "自動 push refs",
        "修改 workflow",
        "啟用 agent claim / submit / daemon",
        "執行 payout 或 withdrawal",
        "搬移 secret value",
        "切 GitHub primary"
      ],
      "evidence_refs": [
        "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/source-control-primary-readiness-gate.snapshot.json",
        "docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json"
      ],
      "awooop_consumption": "approval_candidate"
    }
  ]
}