484 lines
14 KiB
JSON
484 lines
14 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "urn:awoooi:security-mirror-status-rollup-v1",
|
|
"title": "資安供應鏈鏡像狀態彙整契約 v1",
|
|
"description": "定義 AwoooP mirror-only 資安供應鏈接入狀態、下一個安全 gate 與跨 Session 同步摘要。此契約不授權 runtime execution。",
|
|
"type": "object",
|
|
"required": [
|
|
"schema_version",
|
|
"status",
|
|
"date",
|
|
"mode",
|
|
"rollup_status",
|
|
"runtime_execution_authorized",
|
|
"source_indexes",
|
|
"summary",
|
|
"phase_status",
|
|
"progress_display_policy",
|
|
"progress_delta_ledger",
|
|
"next_safe_actions",
|
|
"session_sync_notes",
|
|
"forbidden_actions"
|
|
],
|
|
"properties": {
|
|
"schema_version": {
|
|
"const": "security_mirror_status_rollup_v1"
|
|
},
|
|
"status": {
|
|
"type": "string",
|
|
"enum": ["draft"]
|
|
},
|
|
"date": {
|
|
"type": "string"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": ["mirror_only"]
|
|
},
|
|
"rollup_status": {
|
|
"type": "string",
|
|
"enum": [
|
|
"framework_ready_waiting_approval",
|
|
"mirror_ingestion_ready",
|
|
"mirror_ingestion_warn",
|
|
"blocked"
|
|
]
|
|
},
|
|
"runtime_execution_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"source_indexes": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"minItems": 1
|
|
},
|
|
"summary": {
|
|
"type": "object",
|
|
"required": [
|
|
"total_contracts",
|
|
"ready_for_mirror_count",
|
|
"partial_ready_count",
|
|
"contract_only_count",
|
|
"blocked_count",
|
|
"approval_queue_total",
|
|
"approval_review_packet_total",
|
|
"approval_state_transition_rule_total",
|
|
"followup_runtime_gate_template_total",
|
|
"active_runtime_gate_count",
|
|
"gitea_inventory_status",
|
|
"gitea_inventory_public_only_repo_count",
|
|
"gitea_inventory_local_gitea_repo_count",
|
|
"gitea_inventory_export_source_option_count",
|
|
"gitea_inventory_token_value_collection_allowed",
|
|
"gitea_inventory_import_acceptance_status",
|
|
"gitea_inventory_import_acceptance_payload_count",
|
|
"gitea_inventory_import_acceptance_quarantine_required",
|
|
"gitea_inventory_import_acceptance_execution_authorized",
|
|
"gitea_inventory_coverage_attestation_status",
|
|
"gitea_inventory_coverage_attestation_required_count",
|
|
"gitea_inventory_coverage_attestation_received_count",
|
|
"gitea_inventory_coverage_attestation_execution_authorized",
|
|
"primary_readiness_candidate_repo_count",
|
|
"github_primary_ready_count",
|
|
"primary_rollback_adr_repo_plan_count",
|
|
"primary_rollback_adr_owner_approved_count",
|
|
"primary_rollback_adr_dry_run_completed_count",
|
|
"primary_rollback_execution_authorized",
|
|
"workflow_secret_inventory_candidate_repo_count",
|
|
"workflow_secret_inventory_complete_count",
|
|
"workflow_secret_inventory_local_evidence_repo_count",
|
|
"workflow_secret_inventory_local_workflow_file_count",
|
|
"workflow_secret_inventory_unique_secret_name_count",
|
|
"workflow_secret_inventory_export_request_count",
|
|
"workflow_secret_inventory_export_lane_count",
|
|
"workflow_secret_inventory_write_token_allowed",
|
|
"secret_value_collection_allowed",
|
|
"secret_value_detected",
|
|
"pending_approval_count",
|
|
"block_candidate_count",
|
|
"dry_run_status",
|
|
"runtime_actions_executed",
|
|
"payloads_ingested"
|
|
],
|
|
"properties": {
|
|
"total_contracts": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"ready_for_mirror_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"partial_ready_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"contract_only_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"blocked_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"approval_queue_total": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"approval_review_packet_total": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"approval_state_transition_rule_total": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"followup_runtime_gate_template_total": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"active_runtime_gate_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_status": {
|
|
"type": "string"
|
|
},
|
|
"gitea_inventory_public_only_repo_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_local_gitea_repo_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_export_source_option_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_token_value_collection_allowed": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"gitea_inventory_import_acceptance_status": {
|
|
"type": "string"
|
|
},
|
|
"gitea_inventory_import_acceptance_payload_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_import_acceptance_quarantine_required": {
|
|
"type": "boolean"
|
|
},
|
|
"gitea_inventory_import_acceptance_execution_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"gitea_inventory_coverage_attestation_status": {
|
|
"type": "string"
|
|
},
|
|
"gitea_inventory_coverage_attestation_required_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_coverage_attestation_received_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"gitea_inventory_coverage_attestation_execution_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"primary_readiness_candidate_repo_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"github_primary_ready_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"primary_rollback_adr_repo_plan_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"primary_rollback_adr_owner_approved_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"primary_rollback_adr_dry_run_completed_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"primary_rollback_execution_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"workflow_secret_inventory_candidate_repo_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_complete_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_local_evidence_repo_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_local_workflow_file_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_unique_secret_name_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_export_request_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_export_lane_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"workflow_secret_inventory_write_token_allowed": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"secret_value_collection_allowed": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"secret_value_detected": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"pending_approval_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"block_candidate_count": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"dry_run_status": {
|
|
"type": "string"
|
|
},
|
|
"runtime_actions_executed": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"payloads_ingested": {
|
|
"type": "boolean",
|
|
"const": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"progress_estimate": {
|
|
"type": "object",
|
|
"description": "跨 Session 進度估算,用於 AwoooP 顯示框架期與落地期的差異;此欄位不代表 runtime approval。",
|
|
"required": [
|
|
"overall_percent",
|
|
"framework_percent_min",
|
|
"framework_percent_max",
|
|
"runtime_landing_percent_min",
|
|
"runtime_landing_percent_max",
|
|
"basis",
|
|
"interpretation",
|
|
"not_authorization"
|
|
],
|
|
"properties": {
|
|
"overall_percent": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 100
|
|
},
|
|
"framework_percent_min": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 100
|
|
},
|
|
"framework_percent_max": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 100
|
|
},
|
|
"runtime_landing_percent_min": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 100
|
|
},
|
|
"runtime_landing_percent_max": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 100
|
|
},
|
|
"basis": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"minItems": 1
|
|
},
|
|
"interpretation": {
|
|
"type": "string"
|
|
},
|
|
"not_authorization": {
|
|
"type": "boolean",
|
|
"const": true
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"phase_status": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"phase_id",
|
|
"state",
|
|
"current_result",
|
|
"next_gate"
|
|
],
|
|
"properties": {
|
|
"phase_id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": ["completed", "in_progress", "draft_ready", "not_started", "blocked"]
|
|
},
|
|
"current_result": {
|
|
"type": "string"
|
|
},
|
|
"next_gate": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"progress_display_policy": {
|
|
"type": "object",
|
|
"description": "說明 headline percent 為何維持不動,以及哪些 gate 通過後才允許調整整體進度;此欄位只供顯示與跨 Session 同步,不代表批准。",
|
|
"required": [
|
|
"headline_percent",
|
|
"headline_status",
|
|
"why_headline_is_holding",
|
|
"recent_micro_progress_visible",
|
|
"headline_can_increase_after",
|
|
"runtime_execution_authorized",
|
|
"not_authorization"
|
|
],
|
|
"properties": {
|
|
"headline_percent": {"type": "integer", "minimum": 0, "maximum": 100},
|
|
"headline_status": {"type": "string", "enum": ["holding_until_owner_response_or_runtime_gate"]},
|
|
"why_headline_is_holding": {"type": "array", "items": {"type": "string"}, "minItems": 1},
|
|
"recent_micro_progress_visible": {"type": "boolean", "const": true},
|
|
"headline_can_increase_after": {"type": "array", "items": {"type": "string"}, "minItems": 1},
|
|
"runtime_execution_authorized": {"type": "boolean", "const": false},
|
|
"not_authorization": {"type": "boolean", "const": true}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"progress_delta_ledger": {
|
|
"type": "array",
|
|
"description": "列出 headline 58% 內部已完成的框架微進度;每筆 delta 都不得當成 runtime、scan、repo 或 primary 授權。",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"delta_id",
|
|
"display_order",
|
|
"completed_stage",
|
|
"progress_axis",
|
|
"headline_percent_delta",
|
|
"framework_delta_visible",
|
|
"why_headline_unchanged",
|
|
"runtime_delta",
|
|
"execution_authorized",
|
|
"not_authorization"
|
|
],
|
|
"properties": {
|
|
"delta_id": {"type": "string"},
|
|
"display_order": {"type": "integer", "minimum": 1},
|
|
"completed_stage": {"type": "string"},
|
|
"progress_axis": {"type": "string", "enum": ["framework_detail"]},
|
|
"headline_percent_delta": {"type": "integer", "const": 0},
|
|
"framework_delta_visible": {"type": "boolean", "const": true},
|
|
"why_headline_unchanged": {"type": "string"},
|
|
"runtime_delta": {"type": "boolean", "const": false},
|
|
"execution_authorized": {"type": "boolean", "const": false},
|
|
"not_authorization": {"type": "boolean", "const": true}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"minItems": 1
|
|
},
|
|
"next_safe_actions": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"action_id",
|
|
"title",
|
|
"mode",
|
|
"source_contract",
|
|
"allowed_processing",
|
|
"blocked_processing"
|
|
],
|
|
"properties": {
|
|
"action_id": {
|
|
"type": "string"
|
|
},
|
|
"title": {
|
|
"type": "string"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": ["observe", "approval_required", "block_candidate"]
|
|
},
|
|
"source_contract": {
|
|
"type": "string"
|
|
},
|
|
"allowed_processing": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"minItems": 1
|
|
},
|
|
"blocked_processing": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"minItems": 1
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"session_sync_notes": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"minItems": 1
|
|
},
|
|
"forbidden_actions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"minItems": 1
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|