{ "schema_version": "security_followup_runtime_gate_v1", "status": "draft", "date": "2026-05-17", "mode": "runtime_gate_preparation_only", "runtime_execution_authorized": false, "source_indexes": [ "docs/security/security-approval-state-transition.snapshot.json", "docs/security/security-approval-review-packet.snapshot.json", "docs/security/security-approval-gate.snapshot.json", "docs/security/security-approval-decision-record.snapshot.json", "docs/security/security-mirror-status-rollup.snapshot.json", "docs/security/security-rollout-policy.snapshot.json", "docs/security/gitea-inventory-coverage-attestation.snapshot.json", "docs/security/gitea-inventory-owner-attestation-response.snapshot.json", "docs/security/source-control-ref-truth-owner-response.snapshot.json", "docs/security/source-control-workflow-secret-name-owner-response.snapshot.json" ], "summary": { "total_gate_templates": 8, "active_runtime_gates": 0, "approved_scope_count": 0, "runtime_actions_authorized": false, "action_buttons_allowed": false, "raw_secret_storage_authorized": false }, "gate_templates": [ { "template_id": "runtime-gate-redacted-finding-ingestion-20260513", "source_packet_id": "review-packet-redacted-finding-ingestion-20260513", "source_gate_id": "gate-redacted-finding-ingestion-20260513", "action_family": "redacted_finding_ingestion", "risk": "MEDIUM", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "security_finding_v1 欄位對照表", "redaction test snapshot", "不保存 raw secret/token/cookie/private key/exploit payload 的證明", "Audit evidence 寫入位置" ], "required_reviewers": [ "security-commander", "human-owner" ], "preflight_checks": [ "確認 payload 只含摘要與 evidence_ref", "確認 LOW/MEDIUM finding 不會變成 blocking gate", "確認沒有 scan trigger 或修復 trigger", "確認沒有新增執行按鈕" ], "allowed_pre_runtime_artifacts": [ "draft ingestion adapter design", "draft PR", "redacted sample payload", "audit mapping note" ], "rollback_or_disable_requirement": "必須有可停用 ingestion adapter 的 feature flag 或 config gate。", "still_forbidden": [ "啟動 Kali scan", "保存 raw sensitive value", "自動封鎖 deploy", "自動修復" ], "execution_authorized": false }, { "template_id": "runtime-gate-safe-web-crawl-20260513", "source_packet_id": "review-packet-safe-web-crawl-20260513", "source_gate_id": "gate-safe-web-crawl-20260513", "action_family": "safe_web_crawl_scope", "risk": "MEDIUM", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "批准的 public domain / URL scope", "scan window 與 frequency cap", "rate limit 與 timeout", "排除 auth flow、state-changing route 與 active fuzz 的清單" ], "required_reviewers": [ "security-commander", "human-owner" ], "preflight_checks": [ "確認只做 TLS/header/basic crawl", "確認不帶憑證", "確認不碰寫入型 endpoint", "確認輸出只產生 redacted findings" ], "allowed_pre_runtime_artifacts": [ "safe crawl target list", "rate-limit plan", "redacted output schema", "maintenance-safe timing note" ], "rollback_or_disable_requirement": "必須能立即停用 safe crawl job,且不得影響產品 runtime。", "still_forbidden": [ "active DAST fuzz", "credentialed scan", "auth flow 改狀態測試", "阻擋 release" ], "execution_authorized": false }, { "template_id": "runtime-gate-gitea-readonly-inventory-20260513", "source_packet_id": "review-packet-gitea-readonly-inventory-20260513", "source_gate_id": "gate-gitea-readonly-inventory-20260513", "action_family": "gitea_readonly_inventory", "risk": "MEDIUM", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "S4.9 owner response request packet 已顯示,template status ledger、audit event templates、redaction examples、display sections 與 collection checks 已確認 request / received / accepted 分離,audit events emitted=0,owner response 已完成 intake preflight、outcome lane 判定與驗收,且 S4.7 owner coverage attestation 的 5 個 items 都有 scope decision", "read-only token scope 或 redacted admin export 來源", "token_present=true/false,不保存 token value", "allowed export fields checklist", "repo list redaction proof" ], "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "preflight_checks": [ "確認 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition 已依 S4.9 request packet / response template 由 owner 判定", "確認 token 不具 write 權限", "確認不保存 token value", "確認 export 不含 webhook secret / deploy key private key / repository secret value", "確認只更新 inventory snapshot" ], "allowed_pre_runtime_artifacts": [ "owner coverage attestation response update", "redacted admin export sample", "read-only inventory command plan", "updated migration matrix draft", "audit evidence note" ], "rollback_or_disable_requirement": "read-only token 必須可撤銷;admin export 必須可刪除本地暫存原檔,只保留 redacted snapshot。", "still_forbidden": [ "未完成 S4.7 owner attestation 就執行 inventory", "未完成 S4.9 owner response request packet 顯示、template status ledger、audit event templates、redaction examples、display sections、collection checks 與 owner response 驗收就執行 inventory", "使用 write-capable token", "建立 GitHub repo", "sync refs", "切 GitHub primary" ], "execution_authorized": false }, { "template_id": "runtime-gate-github-target-decision-20260513", "source_packet_id": "review-packet-github-target-decisions-20260513", "source_gate_id": "gate-github-target-decisions-20260513", "action_family": "github_target_decision", "risk": "HIGH", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "S4.10 owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / decision response 驗收結果:docs/security/github-target-owner-decision-response.snapshot.json", "S4.12 workflow / secret 名稱 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與驗收結果:docs/security/source-control-workflow-secret-name-owner-response.snapshot.json", "repo owner / visibility / canonical decision", "GitHub target 是否已存在的最新 probe", "workflow parity checklist", "rollback ADR draft" ], "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "preflight_checks": [ "確認 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 未被當成 repo creation、visibility change、refs sync 或 primary approval", "確認 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 未被當成 secret value collection、workflow modification、runner enablement 或 primary approval", "確認 not_found_or_private 不被當成可自動建立 repo", "確認 visibility change 仍未授權", "確認 refs action disabled", "確認只更新決策草案" ], "allowed_pre_runtime_artifacts": [ "owner decision response acceptance note", "workflow-secret owner response acceptance note", "target decision table update", "draft reconcile ADR", "repo owner review note", "workflow parity checklist draft" ], "rollback_or_disable_requirement": "任何 repo creation 或 visibility change 未來都必須有獨立 rollback / ownership ADR。", "still_forbidden": [ "建立 GitHub repo", "修改 visibility", "push refs", "delete refs", "切 GitHub primary" ], "execution_authorized": false }, { "template_id": "runtime-gate-ref-truth-review-20260513", "source_packet_id": "review-packet-ref-truth-review-20260513", "source_gate_id": "gate-ref-truth-review-20260513", "action_family": "ref_truth_review", "risk": "HIGH", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "單 repo / 單 ref owner 判定", "S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response 驗收結果", "真相來源與 deprecated refs 清單", "branch/tag diff 最新 snapshot", "不得 sync/delete 的確認" ], "required_reviewers": [ "migration-engineer", "security-commander", "human-owner" ], "preflight_checks": [ "確認 owner response 已依 S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 / 拒收 / 隔離", "確認分類結果不會自動執行", "確認 force push 禁用", "確認 release tags 需人工保留 / 棄用判定", "確認 GitHub primary 仍 blocked" ], "allowed_pre_runtime_artifacts": [ "source-control-ref-truth-owner-response acceptance note", "updated ref truth classification snapshot", "manual review checklist", "draft reconcile plan update", "audit evidence note" ], "rollback_or_disable_requirement": "任何 refs sync/delete 未來都必須先有可回復 refs backup 與逐 repo rollback gate。", "still_forbidden": [ "push refs", "delete refs", "force push", "切 GitHub primary" ], "execution_authorized": false }, { "template_id": "runtime-gate-credentialed-scan-exception-20260513", "source_packet_id": "review-packet-credentialed-scan-20260513", "source_gate_id": "gate-credentialed-scan-20260513", "action_family": "credentialed_scan_exception", "risk": "HIGH", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "credential source 與 lifecycle,不含 credential value", "asset allowlist", "scan window", "audit trail 與停用方式" ], "required_reviewers": [ "security-commander", "vuln-verifier", "human-owner" ], "preflight_checks": [ "確認只對批准 asset", "確認不保存 credential value", "確認 scan 可立即停用", "確認不改 firewall/RBAC/NetworkPolicy" ], "allowed_pre_runtime_artifacts": [ "credential lifecycle design", "asset allowlist draft", "scan window proposal", "audit trail plan" ], "rollback_or_disable_requirement": "必須先有 credential revoke 與 scanner disable gate。", "still_forbidden": [ "保存 credential value", "擴大到未批准資產", "自動修復", "改 firewall/RBAC/NetworkPolicy" ], "execution_authorized": false }, { "template_id": "runtime-gate-kali-full-upgrade-reboot-20260513", "source_packet_id": "review-packet-kali-full-upgrade-reboot-20260513", "source_gate_id": "gate-kali-full-upgrade-reboot-20260513", "action_family": "kali_full_upgrade_reboot_window", "risk": "HIGH", "gate_state": "waiting_approved_scope", "applies_after_decision": "approve_scope", "minimum_required_evidence": [ "維護窗口", "snapshot / backup evidence", "rollback plan", "post-health check list" ], "required_reviewers": [ "security-commander", "human-owner" ], "preflight_checks": [ "確認 scanner API、ssh、cron、docker health baseline", "確認 no active scan running", "確認 snapshot 已完成", "確認 post-reboot health gate" ], "allowed_pre_runtime_artifacts": [ "maintenance window proposal", "snapshot evidence", "rollback checklist", "post-health checklist" ], "rollback_or_disable_requirement": "必須有 VM / filesystem snapshot 或等效 rollback,且 post-health gate 未通過不得宣告完成。", "still_forbidden": [ "未排窗口直接 reboot", "未 snapshot 直接 full-upgrade", "未驗證 scanner health 就宣告完成" ], "execution_authorized": false }, { "template_id": "runtime-gate-kali-execute-endpoint-20260513", "source_packet_id": "review-packet-kali-execute-endpoint-20260513", "source_gate_id": "gate-kali-execute-endpoint-20260513", "action_family": "kali_execute_endpoint_exception", "risk": "CRITICAL", "gate_state": "blocked_by_default", "applies_after_decision": "keep_blocked", "minimum_required_evidence": [ "disable gate design", "allowlist design", "full audit trail design", "human exception workflow" ], "required_reviewers": [ "critic", "security-commander", "human-owner" ], "preflight_checks": [ "確認 AwoooP runtime 不可直接呼叫 /execute", "確認 command path 預設 disabled", "確認沒有一般 MCP action route", "確認敏感輸出不保存" ], "allowed_pre_runtime_artifacts": [ "disable gate design note", "allowlist draft", "audit trail design", "manual exception proposal" ], "rollback_or_disable_requirement": "必須預設 disabled;任何 exception 都必須可立即撤回且有完整 audit trail。", "still_forbidden": [ "AwoooP runtime 直接呼叫 /execute", "把 /execute 當成一般 MCP action", "執行 shell command 自動修復", "保存 command output 中可能含有的敏感資訊" ], "execution_authorized": false } ], "gate_rules": [ "本契約只定義 follow-up runtime gate 的準備資料,不代表 runtime gate 已啟用。", "active_runtime_gates 必須維持 0,直到統帥明確批准 runtime integration。", "任何 template 即使 gate_state=waiting_approved_scope,也不得顯示執行按鈕。", "所有 template 的 execution_authorized 必須維持 false。", "真正 runtime action 必須另有人工批准、preflight evidence、rollback/disable plan 與 post-check。" ], "forbidden_actions": [ "activate_runtime_gate", "execute_runtime_gate_template", "add_action_button", "start_kali_scan", "call_kali_execute_endpoint", "run_credentialed_scan", "create_github_repo", "change_repo_visibility", "sync_git_refs", "switch_github_primary", "auto_merge", "production_deploy", "store_secret_token_cookie_private_key_or_exploit_payload", "turn_low_medium_observations_into_blocking_gates" ] }