{ "schema_version": "security_approval_queue_v1", "status": "draft", "date": "2026-05-17", "default_mode": "approval_only", "execution_authorized": false, "runtime_changes_authorized": false, "raw_secret_storage_authorized": false, "summary": { "total_items": 8, "pending_approval_count": 7, "block_candidate_count": 1, "observe_or_warn_count": 0 }, "queue_items": [ { "queue_item_id": "kali-finding-runtime-ingestion-approval-20260513", "source_contract": "kali_scan_scope_approval_v1", "source_event_id": "kali-finding-runtime-ingestion-approval-20260513", "title": "Kali redacted finding runtime ingestion", "risk": "MEDIUM", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否批准先建立 redacted security_finding_v1 ingestion adapter 或 endpoint;批准前只能使用 sample snapshot 與 mirror-only 文件。", "blocked_until_approved": true, "required_reviewers": [ "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/SECURITY-FINDING-CONTRACT.md", "docs/security/security-finding-kali-sample.snapshot.json", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ], "allowed_after_approval": [ "設計或實作 redacted finding ingestion adapter", "只接收 security_finding_v1 摘要與 evidence_ref", "mirror 到 AwoooP Runtime State / Channel Event / Audit" ], "still_forbidden": [ "保存 raw secret/token/cookie/private key/exploit payload", "讓 AwoooP 直接啟動 scan", "自動封鎖 deploy", "自動修復" ] }, { "queue_item_id": "kali-safe-web-crawl-approval-20260513", "source_contract": "kali_scan_scope_approval_v1", "source_event_id": "kali-safe-web-crawl-approval-20260513", "title": "Public web perimeter TLS/header/basic crawl", "risk": "MEDIUM", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否批准對公開產品 domains 執行 TLS、security header 與 basic crawl 類低噪音檢查。", "blocked_until_approved": true, "required_reviewers": [ "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", "docs/security/KALI-SECURITY-MESH-BLUEPRINT.md" ], "allowed_after_approval": [ "執行 TLS/header/basic crawl 類 safe scan", "只產出 redacted findings", "LOW/MEDIUM finding 只走 observe/warn" ], "still_forbidden": [ "active DAST fuzz", "auth flow 改狀態測試", "credentialed scan", "阻擋 release" ] }, { "queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12", "source_contract": "approval_required_event_v1", "source_event_id": "gitea-private-internal-server-side-inventory-2026-05-12", "title": "Gitea private/internal read-only inventory", "risk": "MEDIUM", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否先要求 owner 依 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / response 收件包完成 S4.7 coverage attestation,並在 scope decision 被接受後,批准使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。", "blocked_until_approved": true, "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md", "docs/security/gitea-readonly-inventory-approval.snapshot.json", "docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md", "docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md", "docs/security/gitea-inventory-coverage-attestation.snapshot.json", "docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md", "docs/security/gitea-inventory-owner-attestation-response.snapshot.json", "docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md", "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md" ], "allowed_after_approval": [ "先依 S4.9 request packet 要求 owner 回覆,用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response,更新 migration matrix 與 decision table", "使用 read-only token 或 redacted admin export 執行一次 inventory", "只保存 token_present=true/false", "更新 migration matrix 與 repo decision table" ], "still_forbidden": [ "保存 token value", "使用 write-capable token", "未完成 S4.7 owner attestation 就標記 inventory complete", "把 S4.7 owner attestation 當成 repo migration approval", "把 S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 或 response packet 當成 inventory 執行授權", "建立 GitHub repo", "sync refs", "切 GitHub primary" ], "expires_at": "2026-05-19T23:59:59+08:00" }, { "queue_item_id": "source-control-target-repo-approval-bundle-20260513", "source_contract": "source_control_approval_board_v1", "source_event_id": "source-control-approval-board-20260512", "title": "7 個 GitHub target / owner / visibility / canonical 決策", "risk": "HIGH", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 逐 repo 收到並驗收 GitHub target、owner、visibility、canonical response,並依 S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 workflow / secret 名稱 owner response;此 bundle 不授權執行。", "blocked_until_approved": true, "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md", "docs/security/source-control-approval-board.snapshot.json", "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md", "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md", "docs/security/github-target-owner-decision-response.snapshot.json", "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md", "docs/security/source-control-workflow-secret-name-owner-response.snapshot.json" ], "allowed_after_approval": [ "依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 owner decision response", "依 S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 workflow / secret 名稱 owner response", "逐 repo 更新 owner/visibility/canonical decision", "更新 workflow / secret name parity read-only wording", "產生 draft reconcile plan 或 ADR", "更新 GitHub target decision snapshot" ], "still_forbidden": [ "建立 repo", "修改 visibility", "把 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation 或 visibility approval", "把 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification 或 runner enablement approval", "push refs", "delete refs", "切 GitHub primary" ] }, { "queue_item_id": "source-control-ref-truth-review-bundle-20260513", "source_contract": "source_control_ref_truth_classification_v1", "source_event_id": "source-control-ref-truth-classification-20260513", "title": "141 個 refs truth / deprecated / release tag review items", "risk": "HIGH", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs;先依 S4.11 驗收 owner response,分類結果不得自動執行。", "blocked_until_approved": true, "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md", "docs/security/source-control-ref-truth-classification.snapshot.json", "docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md", "docs/security/source-control-ref-truth-owner-response.snapshot.json", "docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md" ], "allowed_after_approval": [ "依 S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 owner response", "標記單 ref 真相來源候選", "更新 source control reconcile plan", "產生人工 review checklist" ], "still_forbidden": [ "把 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync/delete/force push approval", "push refs", "delete refs", "force push", "切 GitHub primary" ] }, { "queue_item_id": "kali-credentialed-scan-approval-20260513", "source_contract": "kali_scan_scope_approval_v1", "source_event_id": "kali-credentialed-scan-approval-20260513", "title": "Kali credentialed host/API scan", "risk": "HIGH", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否批准對指定主機或 API 使用憑證做掃描;必須先定義 credential source、scope、audit trail 與停用方式。", "blocked_until_approved": true, "required_reviewers": [ "security-commander", "vuln-verifier", "human-owner" ], "evidence_refs": [ "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md" ], "allowed_after_approval": [ "只對批准 asset 做 credentialed scan", "只保存 redacted finding summary", "產生 audit evidence" ], "still_forbidden": [ "保存 credential value", "擴大到未批准資產", "自動修復", "改 firewall/RBAC/NetworkPolicy" ] }, { "queue_item_id": "kali-full-upgrade-reboot-approval-20260513", "source_contract": "kali_scan_scope_approval_v1", "source_event_id": "kali-full-upgrade-reboot-approval-20260513", "title": "Kali rolling full-upgrade / autoremove / reboot", "risk": "HIGH", "state": "pending_approval", "recommended_awooop_mode": "approve_required", "requested_decision": "是否安排 Kali 112 維護窗口執行 full-upgrade、必要 autoremove 與 reboot;必須先有 snapshot、rollback 與 post-health gate。", "blocked_until_approved": true, "required_reviewers": [ "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ], "allowed_after_approval": [ "在維護窗口執行 full-upgrade", "必要時 reboot", "完成 ssh/cron/docker/kali-scanner health 複驗" ], "still_forbidden": [ "未排窗口直接 reboot", "未 snapshot 直接 full-upgrade", "未驗證 scanner health 就宣告完成" ] }, { "queue_item_id": "kali-execute-endpoint-approval-20260513", "source_contract": "kali_scan_scope_approval_v1", "source_event_id": "kali-execute-endpoint-approval-20260513", "title": "Kali /execute endpoint high-risk command path", "risk": "CRITICAL", "state": "block_candidate", "recommended_awooop_mode": "block_candidate", "requested_decision": "是否保留或停用 Kali /execute;預設不應接入 AwoooP runtime,若保留必須獨立 high-risk approval、allowlist、audit、disable gate。", "blocked_until_approved": true, "required_reviewers": [ "critic", "security-commander", "human-owner" ], "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md" ], "allowed_after_approval": [ "僅設計 disable/allowlist/audit gate", "只在人工 exception 下測試" ], "still_forbidden": [ "AwoooP runtime 直接呼叫 /execute", "把 /execute 當成一般 MCP action", "執行 shell command 自動修復", "保存 command 中可能含有的敏感輸出" ] } ], "next_recommended_review_order": [ "kali-finding-runtime-ingestion-approval-20260513", "kali-safe-web-crawl-approval-20260513", "gitea-private-internal-server-side-inventory-2026-05-12", "source-control-target-repo-approval-bundle-20260513", "source-control-ref-truth-review-bundle-20260513", "kali-credentialed-scan-approval-20260513", "kali-full-upgrade-reboot-approval-20260513", "kali-execute-endpoint-approval-20260513" ] }