awoooi/docs/security/public-frontend-sensitive-surface-guard.snapshot.json

{
  "allowed_matches": [
    {
      "path": "apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx",
      "pattern_id": "work_window_transcript"
    },
    {
      "path": "apps/web/src/lib/api-client.ts",
      "pattern_id": "work_window_transcript"
    }
  ],
  "env_example_paths": [
    "apps/web/.env.example"
  ],
  "execution_boundaries": {
    "action_buttons_allowed": false,
    "frontend_deploy_authorized": false,
    "internal_ip_public_display_allowed": false,
    "internal_namespace_public_display_allowed": false,
    "not_authorization": true,
    "production_deploy_authorized": false,
    "raw_payload_storage_allowed": false,
    "runtime_execution_authorized": false,
    "secret_value_collection_allowed": false,
    "work_window_transcript_public_display_allowed": false
  },
  "forbidden_patterns": [
    "raw_personal_owner_namespace",
    "raw_external_owner_namespace",
    "raw_blocked_waiting_state",
    "raw_blockers_counter",
    "codex_delegation_payload",
    "codex_source_thread_id",
    "approval_chat_phrase",
    "work_window_plaintext",
    "in_app_browser_transcript",
    "codex_request_transcript",
    "work_window_transcript",
    "internal_rfc1918_ip"
  ],
  "generated_at": "2026-06-18T00:00:00+08:00",
  "git_commit": "3e30807c",
  "guarded_paths": [
    "apps/web/src",
    "apps/web/messages"
  ],
  "mode": "repo_source_scan_no_runtime_no_secret_collection",
  "operator_interpretation": [
    "此 guard 只掃描 repo 內前端 source / messages 與 env example，不讀 production bundle、不部署、不收 secret。",
    "遮罩器中的 banned phrase 測試 pattern 允許列在 allowlist；產品文案、表格、API payload 與 i18n 不允許顯示 raw namespace、工作視窗逐字內容、raw blocker 狀態或內網 IP。",
    "violation_count 維持 0 才能視為 source-control 防洩漏檢查通過；仍不代表 production smoke、runtime approval 或 owner response accepted。"
  ],
  "public_surface_matches": [
    {
      "excerpt": "[/work window transcript/gi, '已遮罩逐字稿'],",
      "line": 203,
      "path": "apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx",
      "pattern_id": "work_window_transcript"
    },
    {
      "excerpt": "[/work window transcript/gi, '已遮罩逐字稿'],",
      "line": 64,
      "path": "apps/web/src/lib/api-client.ts",
      "pattern_id": "work_window_transcript"
    }
  ],
  "public_surface_violations": [],
  "schema_version": "public_frontend_sensitive_surface_guard_v1",
  "status": "pass",
  "summary": {
    "action_button_count": 0,
    "allowlisted_match_count": 2,
    "env_example_file_count": 1,
    "env_violation_count": 0,
    "forbidden_pattern_count": 12,
    "public_surface_file_count": 226,
    "raw_match_count": 2,
    "runtime_gate_count": 0,
    "violation_count": 0
  }
}