wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/agent-bounty-owner-request-draft.snapshot.json

2623 lines
92 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"active_scan_authorized": false,
"auth_abuse_boundary_accepted": false,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classification_accepted": false,
"db_migration_authorized": false,
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_message_authorized": false,
"github_comment_authorized": false,
"host_write_authorized": false,
"live_evidence_received": false,
"not_authorization": true,
"owner_response_accepted": false,
"owner_response_received": false,
"payout_authorized": false,
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_refs_truth_accepted": false,
"request_sent": false,
"runtime_execution_authorized": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"staking_action_authorized": false,
"telegram_send_authorized": false,
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false
},
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"generated_at": "2026-06-14T23:55:00+08:00",
"git_commit": "069d93b2",
"next_steps": [
"人工送件前確認 product / security / source-control / deployment / external-agent / treasury owner role。",
"owner 只能提供脫敏 repo refs、dirty workspace disposition、deployment boundary、auth / abuse boundary、MCP / A2A boundary、treasury boundary 與 validation plan。",
"收到回覆後先做欄位完整性、敏感 payload 隔離、source-control / runtime / financial action 拒收與 reviewer checklist不得直接 deploy、claim、submit、daemon、payout 或 send notification。"
],
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"product_name": "agent-bounty-protocol",
"request_drafts": [
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "確認 canonical repo、dirty workspace disposition、workflow / runner / secret name owner不得 push、sync refs 或建立 repo。",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Repo / refs / workflow boundary",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": false,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:repo_refs_boundary",
"request_kind": "source_control_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "repo_refs_boundary",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "確認 production host、compose directory、domain / TLS、health smoke 與 rollback owner不得 deploy、restart 或 migration。",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Production / compose / domain boundary",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": false,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:deployment_boundary",
"request_kind": "deployment_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"https://agent.wooo.work",
"/api/v1/health"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "deployment_boundary",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "確認 task、agent、webhook、traffic、treasury、admin、cron 資料分級;只收 metadata不收 raw payload 或 secret。",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [
"task / bounty / solution metadata",
"agent identity / reputation / negotiation state",
"MCP tool calls / A2A protocol events",
"webhook / traffic / scout evidence",
"settlement / staking / treasury / Stripe",
"admin / login / traffic dashboard",
"cron / daemon / ecosystem hunter"
],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Data classification / evidence intake boundary",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": true,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:data_classification_boundary",
"request_kind": "data_classification_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "data_classification_boundary",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": true,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "確認外部 agent 自主行為、settlement、staking、payout、withdrawal 與 notification owner不得 claim、submit、daemon、send 或 payout。",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [
"MCP tool calls / A2A protocol events",
"settlement / staking / treasury / Stripe"
],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "MCP / A2A / external agent / treasury boundary",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": true,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:external_agent_treasury_boundary",
"request_kind": "external_agent_treasury_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/api/mcp/[tool]",
"/api/a2a/*",
"/admin/treasury",
"/api/admin/withdraw"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "external_agent_treasury_boundary",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": true,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "public and marketplace-facing surface only; no bounty payout or external claim/submit authorization in this handoff",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Public And Task Surface",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": false,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:public-and-task-surface",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/",
"/tasks/[id]",
"/tasks/create",
"/showcase",
"/showcase/[id]",
"/leaderboard",
"/explorer",
"/traffic",
"/ico"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "public-and-task-surface",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "metadata can be indexed as route evidence; it does not authorize agent execution or credential exposure",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Well Known Agent Metadata",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": false,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:well-known-agent-metadata",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/.well-known/agent-card.json",
"/.well-known/ai-plugin.json",
"/.well-known/mcp.json",
"/.well-known/openapi.yaml"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "well-known-agent-metadata",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "MCP tool gateway requires owner response, auth boundary and abuse controls before any runtime use; this handoff is read-only",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Mcp And Open Task Api",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": true,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:mcp-and-open-task-api",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/api/mcp/[tool]",
"/api/mcp/agent_card",
"/api/mcp/create_human_task",
"/api/mcp/submit_bid",
"/api/open-tasks"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "mcp-and-open-task-api",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "external agent, settlement, staking and dispute routes stay locked until owner approval and follow-up runtime gate",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "A2A Agent Protocol",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": true,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:a2a-agent-protocol",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/api/a2a/arbitrate",
"/api/a2a/directory/sync",
"/api/a2a/dispute",
"/api/a2a/launchpad/create",
"/api/a2a/launchpad/projects",
"/api/a2a/mcp/discover",
"/api/a2a/negotiate",
"/api/a2a/reputation/verify",
"/api/a2a/rpc",
"/api/a2a/settle",
"/api/a2a/staking/deposit",
"/api/a2a/staking/withdraw"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "a2a-agent-protocol",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": true,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "cron and daemon behavior is observe-only in IwoooS; no schedule enable, external send, claim, submit, payout or self-replication is authorized",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Automation And Cron",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": true,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:automation-and-cron",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/api/cron/a2a-discovery",
"/api/cron/a2a-dispatcher",
"/api/cron/a2a-inviter",
"/api/cron/a2a-swarm",
"/api/cron/bidding-evaluator",
"/api/cron/judge-agent",
"/api/cron/lead-gen",
"/api/cron/reaper",
"/api/cron/self-replicate",
"/api/cron/sentience-check",
"/api/cron/treasury-alert"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "automation-and-cron",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "admin, treasury and withdraw surfaces require RBAC / auth / financial owner response; IwoooS only lists them as scope",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Admin And Treasury",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": false,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:admin-and-treasury",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/admin",
"/admin/traffic",
"/admin/treasury",
"/api/admin/health",
"/api/admin/simulate",
"/api/admin/treasury/stats",
"/api/admin/withdraw",
"/login"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "admin-and-treasury",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": true,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"auth_abuse_boundary_accepted": false,
"auth_abuse_boundary_ref": null,
"auto_claim_authorized": false,
"auto_submit_authorized": false,
"blocked_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
],
"boundary": "traffic, scout and webhook evidence must be redacted metadata only; no webhook secret or payload body collection",
"canonical_repo_ref": null,
"compose_restart_authorized": false,
"credentialed_scan_authorized": false,
"cron_enable_authorized": false,
"daemon_start_authorized": false,
"data_classes": [],
"data_classification_accepted": false,
"db_migration_authorized": false,
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"deploy_authorized": false,
"deployment_boundary_accepted": false,
"deployment_boundary_ref": null,
"discord_send_authorized": false,
"env_file_read_authorized": false,
"external_agent_boundary_accepted": false,
"external_agent_boundary_ref": null,
"external_agent_message_authorized": false,
"followup_owner": "pending_followup_owner",
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"github_comment_authorized": false,
"host_write_authorized": false,
"label": "Webhooks And Traffic",
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"mcp_a2a_related_scope": false,
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"payout_authorized": false,
"priority": "P0",
"production_deploy_authorized": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"repo_dirty_disposition": "pending_repo_dirty_disposition",
"repo_refs_truth_accepted": false,
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"request_id": "agent_bounty_owner_request:webhooks-and-traffic",
"request_kind": "product_surface_boundary",
"request_sent": false,
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"requires_live_evidence": true,
"rollback_owner": "pending_rollback_owner",
"routes": [
"/api/traffic",
"/api/webhooks/github",
"/api/webhooks/stripe",
"/api/scout/draft",
"/api/scout/issue-exists",
"/api/intents/stream",
"/api/v1/health"
],
"runtime_execution_authorized": false,
"runtime_gate": false,
"scope_id": "webhooks-and-traffic",
"secret_value_collection_allowed": false,
"settlement_treasury_accepted": false,
"settlement_treasury_boundary_ref": null,
"shared_database_authorized": false,
"shared_rbac_authorized": false,
"shared_session_authorized": false,
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"source_handoff_ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"staking_action_authorized": false,
"status": "draft_not_dispatched",
"telegram_send_authorized": false,
"treasury_related_scope": false,
"validation_plan": "pending_validation_plan",
"webhook_secret_change_authorized": false,
"withdrawal_authorized": false,
"workflow_modification_authorized": false,
"write_capable_scope": true
}
],
"request_fields": [
"request_id",
"scope_id",
"label",
"request_kind",
"priority",
"source_handoff_ref",
"source_evidence_refs",
"routes",
"boundary",
"data_classes",
"owner_role_fields",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner",
"not_approval"
],
"required_owner_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"canonical_repo_ref",
"repo_dirty_disposition",
"deployment_boundary_ref",
"auth_abuse_boundary_ref",
"external_agent_boundary_ref",
"settlement_treasury_boundary_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"followup_owner"
],
"schema_version": "agent_bounty_owner_request_draft_v1",
"source_handoff_schema_version": "agent_bounty_iwooos_onboarding_handoff_v1",
"source_handoff_status": "draft_waiting_owner_review",
"status": "owner_request_draft_ready_not_dispatched",
"summary": {
"action_button_count": 0,
"active_scan_authorized_count": 0,
"auth_abuse_boundary_accepted_count": 0,
"auto_claim_authorized_count": 0,
"auto_submit_authorized_count": 0,
"blocked_action_count": 28,
"compose_restart_authorized_count": 0,
"control_boundary_request_count": 4,
"credentialed_scan_authorized_count": 0,
"cron_enable_authorized_count": 0,
"daemon_start_authorized_count": 0,
"data_classification_accepted_count": 0,
"db_migration_authorized_count": 0,
"deploy_authorized_count": 0,
"deployment_boundary_accepted_count": 0,
"discord_send_authorized_count": 0,
"env_file_read_authorized_count": 0,
"external_agent_boundary_accepted_count": 0,
"external_agent_message_authorized_count": 0,
"forbidden_input_count": 25,
"github_comment_authorized_count": 0,
"host_write_authorized_count": 0,
"live_evidence_received_count": 0,
"live_evidence_required_request_count": 11,
"mcp_a2a_related_request_draft_count": 5,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"owner_role_field_count": 13,
"payout_authorized_count": 0,
"product_surface_request_count": 7,
"production_deploy_authorized_count": 0,
"production_write_authorized_count": 0,
"recipient_confirmed_count": 0,
"refs_sync_authorized_count": 0,
"repo_creation_authorized_count": 0,
"repo_refs_truth_accepted_count": 0,
"request_draft_count": 11,
"request_field_count": 26,
"request_sent_count": 0,
"required_owner_field_count": 22,
"runtime_execution_authorized_count": 0,
"runtime_gate_count": 0,
"secret_value_collection_allowed_count": 0,
"settlement_treasury_accepted_count": 0,
"shared_database_authorized_count": 0,
"shared_rbac_authorized_count": 0,
"shared_session_authorized_count": 0,
"staking_action_authorized_count": 0,
"telegram_send_authorized_count": 0,
"treasury_related_request_draft_count": 4,
"webhook_secret_change_authorized_count": 0,
"withdrawal_authorized_count": 0,
"workflow_modification_authorized_count": 0,
"write_capable_request_draft_count": 8
}
}
Reference in New Issue View Git Blame Copy Permalink