wooo/awoooi

Fork 0

Files

Your Name 3496a6be65

Code Review / ai-code-review (push) Successful in 13s

Details

CD Pipeline / tests (push) Successful in 1m30s

Details

CD Pipeline / build-and-deploy (push) Successful in 3m49s

Details

CD Pipeline / post-deploy-checks (push) Successful in 1m55s

Details

fix(iwooos): 鎖住 owner gate 與 tenants 前台遮罩

2026-06-15 06:42:25 +08:00

2.7 KiB

Raw Permalink Blame History

IwoooS Owner Gate Guard

項目	內容
日期	2026-06-15
狀態	`repo_snapshot_guard_ready_owner_gate_zero`
腳本	`scripts/security/iwooos-owner-gate-guard.py`
模式	repo snapshot only，不送件、不收件、不呼叫 API、不修改 repo / refs / workflow / secret / runner
runtime gate	`0`

1. 目的

此 guard 專門鎖住 S4.9 owner response gate 的安全邊界，避免把「文件、表單、request packet、AwoooP 顯示、reviewer checklist、rollup」誤讀成 owner response 已收到或已接受。

它檢查：

S4.9 canonical owner response envelope 六欄存在。
S4.9 五題 intake form 與 template id 存在。
s4-9-owner-response-gap-audit.snapshot.json 仍標示 owner gate 為 0。
S4.9 / S4.10 / S4.11 / S4.12 四包 owner response packet 仍是 draft_waiting_owner_response。
S4.13 rollup 仍固定 4 包、24 templates、32 acceptance checks、40 rejection rules。
request sent、received、accepted、rejected、runtime gate、action buttons 全部維持 0 / false。

2. 指令

python3 scripts/security/iwooos-owner-gate-guard.py --root .

預期輸出：

IWOOOS_OWNER_GATE_GUARD_OK

主進度 guard 已串接此 guard：

python3 scripts/security/security-mirror-progress-guard.py --root .

3. 必須維持的邊界

request_sent_count=0
received_response_count=0
accepted_response_count=0
rejected_response_count=0
owner_response_received_count=0
owner_response_accepted_count=0
runtime_gate_count=0
runtime_execution_authorized=false
action_buttons_allowed=false
repo_creation_authorized=false
refs_sync_authorized=false
workflow_modification_authorized=false
runner_change_authorized=false
secret_value_collection_allowed=false
github_primary_switch_authorized=false
force_push_authorized=false

4. 不可誤讀

此 guard 通過不代表：

S4.9 request 已送出。
owner response 已收到或接受。
reviewer 已驗收。
Gitea / GitHub source truth 已決定。
repo creation、visibility change、refs sync、workflow / secret / runner 變更已批准。
GitHub primary switch、host update、active scan、runtime execution 或 action button 已授權。

5. 完成度

工作	完成度	說明
S4.9 owner gate 集中 guard	`100%`	已新增腳本並可獨立執行
主進度 guard 串接	`100%`	`security-mirror-progress-guard.py` 已呼叫此 guard
dry-run 證據同步	`100%`	`security-mirror-dry-run.snapshot.json` 已新增 `CHECK_OWNER_GATE_GUARD`
S4.9 owner response gate	`0%`	尚未收到 owner response，不得調高
active runtime gate	`0%`	未開啟任何執行期閘門

2.7 KiB Raw Permalink Blame History Unescape Escape

IwoooS Owner Gate Guard

1. 目的

2. 指令

3. 必須維持的邊界

4. 不可誤讀

5. 完成度

2.7 KiB

Raw Permalink Blame History