awoooi/docs/security/gitea-authenticated-inventory-export-request.snapshot.json

{
  "schema_version": "gitea_authenticated_inventory_export_request_v1",
  "status": "draft_waiting_owner_export",
  "date": "2026-06-04",
  "mode": "redacted_export_request_only",
  "runtime_execution_authorized": false,
  "source_contract": "gitea_repo_inventory_v1",
  "source_indexes": [
    "docs/security/gitea-repo-inventory.snapshot.json",
    "docs/security/gitea-public-repo-search.snapshot.json",
    "docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
    "docs/security/local-git-remote-inventory.snapshot.json",
    "docs/security/gitea-readonly-inventory-approval.snapshot.json",
    "docs/security/security-rollout-policy.snapshot.json"
  ],
  "summary": {
    "gitea_base_url": "http://192.168.0.110:3001",
    "org_or_user": "wooo",
    "public_only_repo_count": 2,
    "local_gitea_unique_repo_count": 4,
    "local_gitea_gap_count": 2,
    "export_source_option_count": 2,
    "target_inventory_status": "gitea_repo_inventory_v1.status=ok",
    "token_value_collection_allowed": false,
    "write_token_allowed": false,
    "repo_write_allowed": false,
    "refs_sync_allowed": false,
    "github_primary_switch_authorized": false,
    "action_buttons_allowed": false,
    "s4_9_owner_response_gate_required": true,
    "request_handoff_package_ready": true,
    "request_dispatch_handoff_completion_percent": 100,
    "request_packet_field_count": 8,
    "request_dispatch_authorized": false,
    "admin_export_payload_received_count": 0,
    "admin_export_payload_accepted_count": 0,
    "inventory_imported_count": 0,
    "runtime_inventory_execution_authorized": false
  },
  "export_source_options": [
    {
      "option_id": "gitea_readonly_token_api_inventory",
      "title": "Gitea read-only token API inventory",
      "request_status": "waiting_human_approval_or_owner_export",
      "producer": "repo owner or security commander runs existing read-only inventory tool",
      "allowed_processing": [
        "使用 `GITEA_READONLY_TOKEN` 環境變數執行 `scripts/security/gitea-repo-inventory.py`",
        "輸出只保存 `token_present=true`，不保存 token value",
        "只查 repo metadata：full name、owner、private、archived、empty、default branch、redacted clone / ssh URL",
        "產出 `gitea_repo_inventory_v1.status=ok` snapshot 等待人工 review"
      ],
      "blocked_processing": [
        "把 token value 寫入文件、LOGBOOK、shell script、snapshot 或對話",
        "使用 write-capable token",
        "建立、刪除、封存或修改 Gitea repo",
        "sync refs 或切 GitHub primary"
      ],
      "acceptance_gate": [
        "`visibility_scope=authenticated`",
        "`status=ok`",
        "`repo_count` 大於或等於 public-only repo count",
        "owner 必須確認 read-only token 沒有 write / admin / secret scope",
        "敏感字串掃描不得出現 token、password、private key、webhook secret 或 repository secret value"
      ],
      "execution_authorized": false
    },
    {
      "option_id": "gitea_redacted_admin_export_inventory",
      "title": "Gitea redacted admin export inventory",
      "request_status": "waiting_human_approval_or_owner_export",
      "producer": "Gitea administrator exports repo metadata and redacts before import",
      "allowed_processing": [
        "匯入已脫敏的 repo list JSON",
        "只保留 repo metadata，不保留 secret、webhook、deploy key 或 token material",
        "產出 `visibility_scope=admin_export` 與 `status=ok` 的 inventory snapshot",
        "將 export 與 local remote inventory 做 coverage review"
      ],
      "blocked_processing": [
        "匯入 Gitea DB dump、完整 git object pack、private key 或 webhook secret",
        "保存 API token、PAT、cookie、session、CSRF token",
        "用管理匯出直接建立 GitHub repo 或同步 refs",
        "把 admin export 當成 primary cutover approval"
      ],
      "acceptance_gate": [
        "`visibility_scope=admin_export`",
        "`status=ok`",
        "每筆 repo 都可識別 `full_name` 或 `owner.login + name`",
        "每筆 repo 都有 `private`、`archived`、`empty` 與 `default_branch` metadata",
        "所有 URL 必須 redacted，且不含 username、password 或 token"
      ],
      "execution_authorized": false
    }
  ],
  "required_inventory_fields": [
    "full_name or owner.login + name",
    "name",
    "owner.login",
    "private",
    "archived",
    "empty",
    "default_branch",
    "clone_url_redacted",
    "ssh_url_redacted",
    "github_repo_candidate"
  ],
  "coverage_gap_hints": [
    {
      "gap_id": "public_only_vs_local_gitea_gap",
      "title": "Public-only API 與本機 Gitea remote 覆蓋差異",
      "current_evidence": [
        "Public-only Gitea API 目前只看到 `wooo/awoooi` 與 `wooo/ewoooc`",
        "本機 remote inventory 看到 4 個 unique Gitea repos：`wooo/awoooi`、`wooo/clawbot-v5`、`wooo/ewoooc`、`wooo/wooo-aiops`",
        "至少 `wooo/clawbot-v5` 與 `wooo/wooo-aiops` 需要 authenticated inventory 或 owner attestation 解釋"
      ],
      "required_resolution": [
        "authenticated inventory 或 admin export 必須包含這些 local-gitea repos，或由 owner 明確標註為 external / legacy / inaccessible",
        "缺口只能進 owner review，不得自動建立、刪除或封存 repo"
      ],
      "execution_authorized": false
    },
    {
      "gap_id": "org_endpoint_blocked_gap",
      "title": "Gitea org endpoint 未認證查詢 blocked",
      "current_evidence": [
        "`orgs/wooo/repos` 未認證查詢先前為 blocked / 404 evidence",
        "`users/wooo/repos` 與 public search 都只代表 public-only 可見範圍"
      ],
      "required_resolution": [
        "用 read-only token 或 redacted admin export 確認 `wooo` 是 user、org 或混合來源",
        "不得把未認證 404 解讀為沒有 private/internal repos"
      ],
      "execution_authorized": false
    },
    {
      "gap_id": "internal_110_adjacent_source_gap",
      "title": "110 internal git adjacent source-control gap",
      "current_evidence": [
        "本機 remote inventory 另看到 internal 110 repos：`bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config`",
        "這些不等同 Gitea org inventory，但會影響完整專案版本遷移"
      ],
      "required_resolution": [
        "Gitea authenticated inventory 完成後，仍需 owner 判定 internal 110 repos 是否屬於同一輪 GitHub migration scope",
        "不得在 Gitea inventory request 中自動合併 internal 110 source"
      ],
      "execution_authorized": false
    }
  ],
  "request_dispatch_preflight_checks": [
    {
      "check_id": "p1-2-prerequisite-s4-9-owner-response",
      "display_order": 1,
      "check": "S4.9 五題 owner response request packet 已可交接，且 request / received / accepted 分離。",
      "current_status": "defined_not_dispatched",
      "execution_authorized": false
    },
    {
      "check_id": "p1-2-source-option-selected",
      "display_order": 2,
      "check": "只讀 token API 清冊或 redacted admin export 清冊二選一，不要求同時提供。",
      "current_status": "defined_not_dispatched",
      "execution_authorized": false
    },
    {
      "check_id": "p1-2-metadata-only-output",
      "display_order": 3,
      "check": "收件欄位只收 repo metadata、redacted URL、owner/team 與 evidence refs。",
      "current_status": "defined_not_dispatched",
      "execution_authorized": false
    },
    {
      "check_id": "p1-2-forbidden-sensitive-inputs",
      "display_order": 4,
      "check": "禁止 token value、write token、DB dump、git object pack、secret、webhook、deploy key 或 runner token material。",
      "current_status": "defined_not_dispatched",
      "execution_authorized": false
    },
    {
      "check_id": "p1-2-counts-remain-zero",
      "display_order": 5,
      "check": "實際收到 payload 前，received / accepted / imported count 全部維持 0。",
      "current_status": "defined_not_dispatched",
      "execution_authorized": false
    }
  ],
  "request_handoff_packet": {
    "request_id": "p1_2_gitea_authenticated_inventory_request",
    "prerequisite_gate": "s4_9_owner_response_gate",
    "allowed_source_options": [
      "readonly_token_api_inventory",
      "redacted_admin_export_inventory"
    ],
    "recipient_role_or_team_required": true,
    "requested_outputs": [
      "repo_metadata",
      "redacted_clone_url",
      "redacted_ssh_url",
      "visibility_scope",
      "coverage_notes",
      "redacted_evidence_refs"
    ],
    "forbidden_inputs": [
      "token_value",
      "write_credential",
      "database_dump",
      "repo_archive",
      "git_object_pack",
      "deploy_key_private_key",
      "webhook_secret",
      "runner_registration_token"
    ],
    "intake_acceptance_ref": "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md",
    "not_approval": true,
    "execution_authorized": false
  },
  "post_dispatch_invariants": [
    "同意提供只讀來源只能推到等待安全輸入或收到脫敏 payload 待驗收。",
    "S4.6 import acceptance 通過前不得標記 gitea_repo_inventory_v1.status=ok。",
    "S4.7 / S4.9 owner response 必須解釋 coverage gap 後，清冊候選才可交給 reviewer。",
    "任何 repo 建立、refs sync、workflow / secret 修改、GitHub primary cutover、Gitea 停用或 runtime gate 都需要另行人工批准。"
  ],
  "acceptance_rules": [
    "S4.5 完成只代表 Gitea authenticated inventory export request 已定義，不代表 inventory 已取得。",
    "真正完成 gate 必須讓 `gitea_repo_inventory_v1.status=ok`，且 `visibility_scope` 為 `authenticated` 或 `admin_export`。",
    "export 必須能解釋 public-only repo count 2 與 local Gitea unique repo count 4 之間的 gap。",
    "所有敏感值必須拒收並進 mirror quarantine。",
    "通過 inventory gate 後仍只能更新 migration matrix、decision table、approval board 與 readiness gate，不得同步 refs 或切 GitHub primary。"
  ],
  "redaction_rules": [
    "API token 只允許以 `token_present=true|false` 表示，不保存 value。",
    "URL 必須移除 username、password、token 與 query secret，只保留 redacted clone / ssh URL。",
    "不得保存 webhook secret、repository secret value、deploy key private key、runner registration token、cookie、session 或 CSRF token。",
    "不得保存 Gitea DB dump、完整 git object pack 或任何可還原 credentials 的 partial token。",
    "任何含敏感值的 export 必須拒收，不得人工手改後直接入庫。"
  ],
  "forbidden_actions": [
    "store_token_value",
    "use_write_capable_token",
    "write_to_gitea",
    "create_gitea_repo",
    "delete_or_archive_gitea_repo",
    "create_github_repo",
    "change_repo_visibility",
    "sync_git_refs",
    "delete_git_refs",
    "force_push",
    "switch_github_primary",
    "disable_gitea",
    "add_action_button"
  ]
}