wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/security-approval-decision-record.snapshot.json
Your Name 9e15fd08b3
All checks were successful
CD Pipeline / tests (push) Successful in 1m39s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 5m19s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m11s
Details
feat(web): land iwooos security posture surfaces
2026-05-25 20:35:52 +08:00

53 lines
2.3 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "security_approval_decision_record_v1",
"status": "draft",
"date": "2026-05-13",
"mode": "decision_record_only",
"runtime_execution_authorized": false,
"source_indexes": [
"docs/security/security-approval-gate.snapshot.json",
"docs/security/security-approval-queue.snapshot.json",
"docs/security/security-approval-review-packet.snapshot.json",
"docs/security/security-approval-state-transition.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json",
"docs/security/security-mirror-status-rollup.snapshot.json"
],
"summary": {
"total_decision_records": 0,
"approve_scope_count": 0,
"reject_count": 0,
"defer_count": 0,
"request_more_evidence_count": 0,
"keep_blocked_count": 0,
"pending_runtime_gate_count": 0,
"runtime_actions_authorized": false,
"raw_secret_storage_authorized": false
},
"decision_records": [],
"recording_rules": [
"每筆人工決策都必須引用 security_approval_gate_v1 的 gate_id 與 source_queue_item_id。",
"若決策來自 security_approval_review_packet_v1需在 notes 或 evidence refs 保留 packet_id 的稽核關聯。",
"決策後的 next state 必須依 security_approval_state_transition_v1 顯示,且不得授權執行。",
"approve_scope 只代表批准該 scope 進下一步設計、草案、只讀 inventory、低噪音 scope 或人工 exception不代表可立即執行。",
"所有 decision record 都必須維持 execution_authorized=false。",
"若 decision=approve_scopeAwoooP 只能依 security_followup_runtime_gate_v1 顯示 runtime gate 準備模板,不得啟用 runtime gate。",
"任何批准後的 scan、/execute、repo、refs、deploy、secret、RBAC、NetworkPolicy、firewall 變更都必須另有 follow-up runtime gate。",
"決策紀錄不得保存 raw secret、token、cookie、private key、credential value 或 exploit payload。"
],
"forbidden_actions": [
"execute_decision_record",
"auto_approve",
"execute_after_decision_without_runtime_gate",
"start_kali_scan",
"call_kali_execute_endpoint",
"run_credentialed_scan",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"switch_github_primary",
"auto_merge",
"production_deploy",
"store_secret_token_cookie_private_key_or_exploit_payload"
]
}
Reference in New Issue View Git Blame Copy Permalink