{ "schema_version": "github_target_owner_decision_response_v1", "status": "draft_waiting_owner_response", "date": "2026-05-17", "mode": "owner_decision_response_intake_only", "runtime_execution_authorized": false, "source_contract": "github_target_decision_v1", "target_contract": "github_target_repo_approval_package_v1", "source_indexes": [ "docs/security/github-target-decision.snapshot.json", "docs/security/github-target-repo-approval-package.snapshot.json", "docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md", "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md", "docs/security/source-control-approval-board.snapshot.json", "docs/security/source-control-primary-readiness-gate.snapshot.json", "docs/security/security-approval-review-packet.snapshot.json", "docs/security/security-followup-runtime-gate.snapshot.json" ], "summary": { "owner_response_status": "waiting_owner_response", "target_decision_count": 8, "approval_required_target_count": 7, "owner_response_request_packet_count": 1, "owner_response_template_status_count": 7, "response_template_count": 7, "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "acceptance_check_count": 8, "rejection_rule_count": 10, "repo_creation_authorized": false, "visibility_change_authorized": false, "refs_sync_authorized": false, "github_primary_switch_authorized": false, "secret_value_collection_allowed": false, "action_buttons_allowed": false }, "owner_response_request_packet": { "request_id": "s4_10_github_target_owner_decision_response_request", "display_status": "ready_to_request_owner_response", "requested_packet": "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md", "required_response_item_count": 7, "requested_template_ids": [ "target-awoooi-refs-blocked", "target-clawbot-v5-refs-blocked", "target-wooo-aiops-refs-blocked", "target-wooo-infra-config-internal-remote", "target-ewoooc-private-or-new", "target-bitan-pharmacy-private-or-new", "target-tsenyang-website-private-or-new" ], "owner_instruction_summary": "請 owner 只依 S4.10 七個 templates 回覆 GitHub target 的 owner / visibility / canonical / target disposition,並只引用脫敏 evidence refs;不要貼 token、secret、private clone URL credential、repo archive、git object、API request body 或任何可執行 payload。", "allowed_response_fields": [ "owner_role_or_team", "decision", "decision_reason", "canonical_source", "github_target_disposition", "visibility_review_owner", "refs_truth_review_owner", "tag_disposition_owner", "github_only_refs_owner", "internal_remote_disposition", "secret_name_inventory_owner", "server_side_refs_diff_owner", "active_status", "evidence_refs", "followup_owner" ], "evidence_ref_rules": [ "只允許 repo 內既有文件、snapshot 或已脫敏 owner metadata pointer", "not_found_or_private 只能作為需補證或 private access request 的 evidence,不得自動視為 repo 不存在", "canonical_source 未知時必須明確選 unknown_requires_more_evidence 或指定補證 owner", "不得提供 token value、secret value、private clone URL credential、cookie、session、deploy key value 或截圖中的敏感值", "不確定是否含敏感值時先走 mirror quarantine,不得直接貼入 response" ], "forbidden_payloads": [ "token_value", "secret_value", "private_key", "cookie_or_session", "private_clone_url_credential", "repo_creation_command", "visibility_change_command", "write_or_admin_api_request", "refs_sync_or_delete_request", "force_push_or_tag_rewrite_request", "github_primary_switch_request", "repo_archive", "git_object_pack", "db_dump", "unrelated_history_merge_request" ], "allowed_submission_modes": [ "read_only_markdown_response", "redacted_metadata_pointer", "request_more_evidence", "out_of_scope_disposition" ], "awooop_display_mode": "display_owner_response_request_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, "owner_response_template_statuses": [ { "template_id": "target-awoooi-refs-blocked", "github_repo": "owenhytsai/awoooi", "source_key": "wooo/awoooi", "display_order": 1, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/awoooi` 的 canonical source、visibility review owner 與 refs truth owner;不得把既有 GitHub target 視為可直接 primary。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, { "template_id": "target-clawbot-v5-refs-blocked", "github_repo": "owenhytsai/clawbot-v5", "source_key": "wooo/clawbot-v5", "display_order": 2, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/clawbot-v5` 的 main SHA / tag 真相來源與 tag disposition owner;不得用單一句話批准 refs sync。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, { "template_id": "target-wooo-aiops-refs-blocked", "github_repo": "owenhytsai/wooo-aiops", "source_key": "wooo/wooo-aiops", "display_order": 3, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/wooo-aiops` 的 GitHub-only refs owner 與 disposition;不得刪除 GitHub-only refs。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, { "template_id": "target-wooo-infra-config-internal-remote", "github_repo": "owenhytsai/wooo-infra-config", "source_key": "wooo/wooo-infra-config", "display_order": 4, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/wooo-infra-config` 的 110 internal remote 用途與 secret name inventory owner;不得刪除 remote 或搬移 secret value。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, { "template_id": "target-ewoooc-private-or-new", "github_repo": "owenhytsai/ewoooc", "source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees", "display_order": 5, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/ewoooc` 與 momo-pro-system 的 canonical 關係、private access request 或 new target candidate disposition;不得自動建立 repo 或合併 unrelated histories。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, { "template_id": "target-bitan-pharmacy-private-or-new", "github_repo": "owenhytsai/bitan-pharmacy", "source_key": "bitan-pharmacy", "display_order": 6, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/bitan-pharmacy` 是否仍 active、GitHub target disposition 與 visibility review owner;不得把 not_found_or_private 當成可直接建立 repo。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] }, { "template_id": "target-tsenyang-website-private-or-new", "github_repo": "owenhytsai/tsenyang-website", "source_key": "tsenyang-website", "display_order": 7, "collection_status": "waiting_owner_response", "request_status": "request_ready_not_sent", "received_response_count": 0, "accepted_response_count": 0, "rejected_response_count": 0, "latest_outcome_lane": "keep_waiting_owner_response", "next_owner_action": "Owner 需回覆 `owenhytsai/tsenyang-website` 是否仍 active、GitHub target disposition 與 visibility review owner;不得把 not_found_or_private 當成可直接建立 repo。", "awooop_display_mode": "display_template_status_only", "execution_authorized": false, "not_approval": true, "still_forbidden": [ "create_github_repo", "change_repo_visibility", "push_refs", "delete_refs", "force_push", "switch_github_primary", "store_secret_value", "store_token_value" ] } ], "response_templates": [ { "template_id": "target-awoooi-refs-blocked", "github_repo": "owenhytsai/awoooi", "source_key": "wooo/awoooi", "target_state": "exists_refs_blocked", "risk": "HIGH", "requested_owner_decision": "指定 owner、canonical source、visibility review owner 與 refs truth review owner;維持 refs action disabled。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "canonical_source", "github_target_disposition", "visibility_review_owner", "refs_truth_review_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_existing_target_as_candidate", "hold_pending_refs_truth", "hold_pending_canonical_review", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md", "docs/security/source-control-ref-detail-diff.snapshot.json", "docs/security/source-control-workflow-secret-name-inventory.snapshot.json" ], "acceptance_criteria": [ "必須明確指定 `wooo/awoooi` 的 canonical source 與 owner review 責任人。", "必須承認 refs truth / workflow-secret parity / rollback ADR 未完成前不得推 refs 或切 primary。", "若 decision 是 hold,必須說明下一個 evidence owner。" ], "rejection_conditions": [ "把既有 GitHub repo 視為可直接 primary。", "要求 push、delete、force push refs 或修改 visibility。", "缺 canonical source、visibility review owner 或 refs truth review owner。" ], "allowed_outputs": [ "更新 GitHub target decision table 的 owner / canonical / visibility read-only 欄位。", "更新 repo approval package 的 blocked_until 說明。", "維持 primary readiness blocked。" ], "execution_authorized": false }, { "template_id": "target-clawbot-v5-refs-blocked", "github_repo": "owenhytsai/clawbot-v5", "source_key": "wooo/clawbot-v5", "target_state": "exists_refs_blocked", "risk": "MEDIUM", "requested_owner_decision": "指定 main SHA / tag 真相來源與 owner;維持 refs action disabled。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "canonical_source", "tag_disposition_owner", "visibility_review_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_existing_target_as_candidate", "hold_pending_refs_truth", "mark_external_or_out_of_scope", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md", "docs/security/source-control-reconcile-plan.snapshot.json", "docs/security/source-control-ref-truth-classification.snapshot.json" ], "acceptance_criteria": [ "必須說明 main SHA 與 tag 差異要由哪個 owner 判定。", "若仍 active,必須保留 refs review lane。", "若排除 scope,必須附 owner 理由與後續 disposition。" ], "rejection_conditions": [ "用單一句話批准 refs sync。", "未處理 GitHub 缺 Gitea tag 的 disposition。", "要求刪除任一端 repo 或 refs。" ], "allowed_outputs": [ "更新 refs truth review lane。", "更新 approval package 的 owner decision 欄位。", "維持 refs action disabled。" ], "execution_authorized": false }, { "template_id": "target-wooo-aiops-refs-blocked", "github_repo": "owenhytsai/wooo-aiops", "source_key": "wooo/wooo-aiops", "target_state": "exists_refs_blocked", "risk": "MEDIUM", "requested_owner_decision": "指定 GitHub-only branch / tags 的來源 owner 與 disposition;維持 refs action disabled。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "canonical_source", "github_only_refs_owner", "visibility_review_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_existing_target_as_candidate", "hold_pending_refs_truth", "mark_external_or_out_of_scope", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md", "docs/security/source-control-ref-detail-diff.snapshot.json", "docs/security/source-control-ref-truth-classification.snapshot.json" ], "acceptance_criteria": [ "必須指定 GitHub-only branch / tags 的 owner 或補證 owner。", "必須說明 main SHA truth source 尚未判定時要維持 blocked。", "若標為 out_of_scope,必須說明與 AwoooP / AWOOOI scope 的關係。" ], "rejection_conditions": [ "要求刪除 GitHub-only refs。", "未指定 GitHub-only refs owner。", "把 refs classification 當成已批准 sync。" ], "allowed_outputs": [ "更新 refs truth classification 的 owner review 欄位。", "更新 GitHub target decision table。", "維持 GitHub primary readiness blocked。" ], "execution_authorized": false }, { "template_id": "target-wooo-infra-config-internal-remote", "github_repo": "owenhytsai/wooo-infra-config", "source_key": "wooo/wooo-infra-config", "target_state": "exists_aligned", "risk": "MEDIUM", "requested_owner_decision": "判定 110 internal remote 用途、infra owner 與 secret name inventory owner。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "canonical_source", "internal_remote_disposition", "secret_name_inventory_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_existing_target_as_candidate", "hold_pending_canonical_review", "mark_external_or_out_of_scope", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md", "docs/security/source-control-workflow-secret-name-inventory.snapshot.json", "docs/security/source-control-workflow-secret-name-export-request.snapshot.json" ], "acceptance_criteria": [ "必須判定 110 internal remote 是 active source、mirror、legacy 或需要補證。", "必須指定 infra secret 名稱 inventory owner。", "不得把 internal remote disposition 當成刪除 remote 的批准。" ], "rejection_conditions": [ "要求直接刪除 remote 或改 remote URL。", "要求搬移或貼出 secret value。", "未說明 110 internal remote 用途。" ], "allowed_outputs": [ "更新 canonical decision table 的 remote disposition。", "更新 workflow / secret name inventory 的 owner gap。", "維持 repo / secret / refs 執行 disabled。" ], "execution_authorized": false }, { "template_id": "target-ewoooc-private-or-new", "github_repo": "owenhytsai/ewoooc", "source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees", "target_state": "not_found_or_private", "risk": "HIGH", "requested_owner_decision": "判定 ewoooc / momo-pro-system canonical 關係與 GitHub target 是既有 private repo、候選新 repo 或需補證。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "canonical_source", "github_target_disposition", "visibility_review_owner", "server_side_refs_diff_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_private_target_access_request", "approve_new_target_creation_candidate", "hold_pending_canonical_review", "mark_external_or_out_of_scope", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md", "docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md", "docs/security/github-target-decision.snapshot.json" ], "acceptance_criteria": [ "必須明確說明 `not_found_or_private` 不能自動視為不存在。", "必須指定 ewoooc / momo-pro-system canonical 判定 owner。", "若只是批准候選新 repo,仍不得建立 repo,必須先產生 migration plan。" ], "rejection_conditions": [ "把 `not_found_or_private` 當成建立 repo 的直接批准。", "自動合併 unrelated histories。", "要求刪除任一 momo / ewoooc working tree。" ], "allowed_outputs": [ "更新 target decision table 的 disposition。", "更新 approval package 的 canonical blocker。", "建立 request_more_evidence lane。" ], "execution_authorized": false }, { "template_id": "target-bitan-pharmacy-private-or-new", "github_repo": "owenhytsai/bitan-pharmacy", "source_key": "bitan-pharmacy", "target_state": "not_found_or_private", "risk": "MEDIUM", "requested_owner_decision": "判定 repo 是否仍 active、GitHub target disposition、owner 與 visibility review owner。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "active_status", "canonical_source", "github_target_disposition", "visibility_review_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_private_target_access_request", "approve_new_target_creation_candidate", "hold_pending_canonical_review", "mark_external_or_out_of_scope", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md", "docs/security/github-target-decision.snapshot.json", "docs/security/source-control-primary-readiness-gate.snapshot.json" ], "acceptance_criteria": [ "必須說明 repo 是否仍 active。", "必須指定 GitHub target 是既有 private、候選新 repo、out-of-scope 或需補證。", "若 active,必須保留 workflow / secret name parity gate。" ], "rejection_conditions": [ "把 target 看不到當成可直接建立 repo。", "沒有 active_status 或 visibility review owner。", "要求自動 push refs 或刪除 110 remote。" ], "allowed_outputs": [ "更新 target decision table 的 active / disposition 欄位。", "更新 approval package 的 blocked_until。", "維持 repo creation 與 refs action disabled。" ], "execution_authorized": false }, { "template_id": "target-tsenyang-website-private-or-new", "github_repo": "owenhytsai/tsenyang-website", "source_key": "tsenyang-website", "target_state": "not_found_or_private", "risk": "MEDIUM", "requested_owner_decision": "判定 repo 是否仍 active、GitHub target disposition、owner 與 visibility review owner。", "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "active_status", "canonical_source", "github_target_disposition", "visibility_review_owner", "evidence_refs" ], "acceptable_decisions": [ "approve_private_target_access_request", "approve_new_target_creation_candidate", "hold_pending_canonical_review", "mark_external_or_out_of_scope", "unknown_requires_more_evidence" ], "minimum_evidence_refs": [ "docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md", "docs/security/github-target-decision.snapshot.json", "docs/security/source-control-primary-readiness-gate.snapshot.json" ], "acceptance_criteria": [ "必須說明 repo 是否仍 active。", "必須指定 GitHub target 是既有 private、候選新 repo、out-of-scope 或需補證。", "若 active,必須保留 workflow / secret name parity gate。" ], "rejection_conditions": [ "把 target 看不到當成可直接建立 repo。", "沒有 active_status 或 visibility review owner。", "要求自動 push refs 或刪除 110 remote。" ], "allowed_outputs": [ "更新 target decision table 的 active / disposition 欄位。", "更新 approval package 的 blocked_until。", "維持 repo creation 與 refs action disabled。" ], "execution_authorized": false } ], "acceptance_checks": [ { "check_id": "maps_to_known_github_target", "title": "回覆對應既有 GitHub target", "required": true, "pass_condition": "`github_repo` 必須對應 github_target_decision_v1 的 7 個 approval-required targets 之一。", "failure_lane": "reject_unknown_target", "execution_authorized": false }, { "check_id": "decision_value_allowed", "title": "決策值在允許範圍內", "required": true, "pass_condition": "`decision` 必須是該 target template 的 acceptable_decisions 之一。", "failure_lane": "request_owner_correction", "execution_authorized": false }, { "check_id": "owner_and_visibility_present", "title": "owner 與 visibility review 責任存在", "required": true, "pass_condition": "每筆回覆必須有 owner role/team、visibility review owner 或明確 out-of-scope disposition。", "failure_lane": "request_more_evidence", "execution_authorized": false }, { "check_id": "canonical_source_present", "title": "canonical source 已說明", "required": true, "pass_condition": "in-scope 或 candidate target 必須標示 canonical source;未知時必須選 unknown_requires_more_evidence。", "failure_lane": "keep_primary_blocked", "execution_authorized": false }, { "check_id": "blocked_until_respected", "title": "blocked_until 不被繞過", "required": true, "pass_condition": "回覆不得把 refs truth、workflow-secret parity、Gitea inventory、rollback ADR 或 server-side diff 缺口視為已完成。", "failure_lane": "reject_scope_jump", "execution_authorized": false }, { "check_id": "no_repo_creation_or_visibility_change", "title": "不含 repo creation 或 visibility change 指令", "required": true, "pass_condition": "回覆只能批准候選方向或補證方向,不得包含立即建立 repo 或修改 visibility 的執行要求。", "failure_lane": "reject_runtime_source_control_action", "execution_authorized": false }, { "check_id": "no_refs_or_primary_action", "title": "不含 refs 或 primary action", "required": true, "pass_condition": "回覆不得要求 push、delete、force push、mirror sync、primary switch 或 disable Gitea。", "failure_lane": "reject_refs_or_primary_action", "execution_authorized": false }, { "check_id": "secret_values_absent", "title": "未包含 secret value", "required": true, "pass_condition": "`evidence_refs` 只能指向 repo 內文件、snapshot 或已脫敏 owner metadata,不得含 token、credential、secret value、private key 或 deploy key value。", "failure_lane": "quarantine_sensitive_payload", "execution_authorized": false } ], "rejection_rules": [ "回覆含 token value、PAT、cookie、session、CSRF token、private key 或 partial credential 時必須拒收。", "回覆含 repo creation command、API request body、CLI command 或 automation payload 時必須拒收。", "回覆含 visibility change command 或要求立即修改 public/private/internal visibility 時必須拒收。", "回覆要求 push refs、delete refs、force push、mirror sync、tag rewrite 或 branch rewrite 時必須拒收。", "回覆要求切 GitHub primary、停用 Gitea、刪除 Gitea、封存 Gitea 或移除 fallback 時必須拒收。", "回覆缺 owner、visibility review owner、canonical source 或 out-of-scope disposition 時不得標記 accepted。", "回覆把 `not_found_or_private` 自動解釋為 repo 不存在或可建立時必須拒收。", "回覆要求自動合併 unrelated histories 或刪除 momo / ewoooc working tree 時必須拒收。", "回覆把 owner decision response 當成 repo migration approval、refs sync approval 或 primary approval 時必須拒收。", "任何不確定是否含敏感值、私有 URL 憑證或未脫敏截圖的回覆必須先進 mirror quarantine。" ], "allowed_outputs": [ "更新 `github-target-decision.snapshot.json` 的 read-only owner / visibility / canonical decision 欄位。", "更新 `github-target-repo-approval-package.snapshot.json` 的 blocked_until、review owner 與 evidence refs。", "更新 `source-control-primary-readiness-gate.snapshot.json` 的 blocker wording。", "更新 `source-control-approval-board.snapshot.json` 的 review lane。", "建立 request_more_evidence / quarantine lane。", "維持 `github_primary_ready_count=0` 與所有 execution flags false。" ], "forbidden_actions": [ "建立 GitHub repo。", "修改 GitHub repo visibility。", "push、delete、force push、mirror sync 或 rewrite refs。", "切 GitHub primary。", "停用、刪除、封存或降級 Gitea repo。", "保存 secret value、token value、private key、cookie、session 或 deploy key value。", "把 response packet 當成 migration execution approval。", "新增 AwoooP execution action button。" ] }