awoooi/docs/security/security-approval-queue.snapshot.json

{
  "schema_version": "security_approval_queue_v1",
  "status": "draft",
  "date": "2026-05-17",
  "default_mode": "approval_only",
  "execution_authorized": false,
  "runtime_changes_authorized": false,
  "raw_secret_storage_authorized": false,
  "summary": {
    "total_items": 8,
    "pending_approval_count": 7,
    "block_candidate_count": 1,
    "observe_or_warn_count": 0
  },
  "queue_items": [
    {
      "queue_item_id": "kali-finding-runtime-ingestion-approval-20260513",
      "source_contract": "kali_scan_scope_approval_v1",
      "source_event_id": "kali-finding-runtime-ingestion-approval-20260513",
      "title": "Kali redacted finding runtime ingestion",
      "risk": "MEDIUM",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否批准先建立 redacted security_finding_v1 ingestion adapter 或 endpoint；批准前只能使用 sample snapshot 與 mirror-only 文件。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/SECURITY-FINDING-CONTRACT.md",
        "docs/security/security-finding-kali-sample.snapshot.json",
        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
      ],
      "allowed_after_approval": [
        "設計或實作 redacted finding ingestion adapter",
        "只接收 security_finding_v1 摘要與 evidence_ref",
        "mirror 到 AwoooP Runtime State / Channel Event / Audit"
      ],
      "still_forbidden": [
        "保存 raw secret/token/cookie/private key/exploit payload",
        "讓 AwoooP 直接啟動 scan",
        "自動封鎖 deploy",
        "自動修復"
      ]
    },
    {
      "queue_item_id": "kali-safe-web-crawl-approval-20260513",
      "source_contract": "kali_scan_scope_approval_v1",
      "source_event_id": "kali-safe-web-crawl-approval-20260513",
      "title": "Public web perimeter TLS/header/basic crawl",
      "risk": "MEDIUM",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否批准對公開產品 domains 執行 TLS、security header 與 basic crawl 類低噪音檢查。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
        "docs/security/KALI-SECURITY-MESH-BLUEPRINT.md"
      ],
      "allowed_after_approval": [
        "執行 TLS/header/basic crawl 類 safe scan",
        "只產出 redacted findings",
        "LOW/MEDIUM finding 只走 observe/warn"
      ],
      "still_forbidden": [
        "active DAST fuzz",
        "auth flow 改狀態測試",
        "credentialed scan",
        "阻擋 release"
      ]
    },
    {
      "queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12",
      "source_contract": "approval_required_event_v1",
      "source_event_id": "gitea-private-internal-server-side-inventory-2026-05-12",
      "title": "Gitea private/internal read-only inventory",
      "risk": "MEDIUM",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否先要求 owner 依 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / response 收件包完成 S4.7 coverage attestation，並在 scope decision 被接受後，批准使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "migration-engineer",
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
        "docs/security/gitea-readonly-inventory-approval.snapshot.json",
        "docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md",
        "docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md",
        "docs/security/gitea-inventory-coverage-attestation.snapshot.json",
        "docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md",
        "docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
        "docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
        "docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
      ],
      "allowed_after_approval": [
        "先依 S4.9 request packet 要求 owner 回覆，用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離，並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner coverage attestation response，更新 migration matrix 與 decision table",
        "使用 read-only token 或 redacted admin export 執行一次 inventory",
        "只保存 token_present=true/false",
        "更新 migration matrix 與 repo decision table"
      ],
      "still_forbidden": [
        "保存 token value",
        "使用 write-capable token",
        "未完成 S4.7 owner attestation 就標記 inventory complete",
        "把 S4.7 owner attestation 當成 repo migration approval",
        "把 S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 或 response packet 當成 inventory 執行授權",
        "建立 GitHub repo",
        "sync refs",
        "切 GitHub primary"
      ],
      "expires_at": "2026-05-19T23:59:59+08:00"
    },
    {
      "queue_item_id": "source-control-target-repo-approval-bundle-20260513",
      "source_contract": "source_control_approval_board_v1",
      "source_event_id": "source-control-approval-board-20260512",
      "title": "9 個 GitHub target / owner / visibility / canonical 決策",
      "risk": "HIGH",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 逐 repo 收到並驗收 GitHub target、owner、visibility、canonical response，並依 S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 workflow / secret 名稱 owner response；此 bundle 不授權執行。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "migration-engineer",
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md",
        "docs/security/source-control-approval-board.snapshot.json",
        "docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md",
        "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md",
        "docs/security/github-target-owner-decision-response.snapshot.json",
        "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
        "docs/security/source-control-workflow-secret-name-owner-response.snapshot.json"
      ],
      "allowed_after_approval": [
        "依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 owner decision response",
        "依 S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 workflow / secret 名稱 owner response",
        "逐 repo 更新 owner/visibility/canonical decision",
        "更新 workflow / secret name parity read-only wording",
        "產生 draft reconcile plan 或 ADR",
        "更新 GitHub target decision snapshot"
      ],
      "still_forbidden": [
        "建立 repo",
        "修改 visibility",
        "把 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation 或 visibility approval",
        "把 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification 或 runner enablement approval",
        "push refs",
        "delete refs",
        "切 GitHub primary"
      ]
    },
    {
      "queue_item_id": "source-control-ref-truth-review-bundle-20260513",
      "source_contract": "source_control_ref_truth_classification_v1",
      "source_event_id": "source-control-ref-truth-classification-20260513",
      "title": "194 個 refs truth / deprecated / release tag review items",
      "risk": "HIGH",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs；先依 S4.11 驗收 owner response，分類結果不得自動執行。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "migration-engineer",
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md",
        "docs/security/source-control-ref-truth-classification.snapshot.json",
        "docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md",
        "docs/security/source-control-ref-truth-owner-response.snapshot.json",
        "docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"
      ],
      "allowed_after_approval": [
        "依 S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收 owner response",
        "標記單 ref 真相來源候選",
        "更新 source control reconcile plan",
        "產生人工 review checklist"
      ],
      "still_forbidden": [
        "把 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync/delete/force push approval",
        "push refs",
        "delete refs",
        "force push",
        "切 GitHub primary"
      ]
    },
    {
      "queue_item_id": "kali-credentialed-scan-approval-20260513",
      "source_contract": "kali_scan_scope_approval_v1",
      "source_event_id": "kali-credentialed-scan-approval-20260513",
      "title": "Kali credentialed host/API scan",
      "risk": "HIGH",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否批准對指定主機或 API 使用憑證做掃描；必須先定義 credential source、scope、audit trail 與停用方式。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "security-commander",
        "vuln-verifier",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
        "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
      ],
      "allowed_after_approval": [
        "只對批准 asset 做 credentialed scan",
        "只保存 redacted finding summary",
        "產生 audit evidence"
      ],
      "still_forbidden": [
        "保存 credential value",
        "擴大到未批准資產",
        "自動修復",
        "改 firewall/RBAC/NetworkPolicy"
      ]
    },
    {
      "queue_item_id": "kali-full-upgrade-reboot-approval-20260513",
      "source_contract": "kali_scan_scope_approval_v1",
      "source_event_id": "kali-full-upgrade-reboot-approval-20260513",
      "title": "Kali rolling full-upgrade / autoremove / reboot",
      "risk": "HIGH",
      "state": "pending_approval",
      "recommended_awooop_mode": "approve_required",
      "requested_decision": "是否安排 Kali 112 維護窗口執行 full-upgrade、必要 autoremove 與 reboot；必須先有 snapshot、rollback 與 post-health gate。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/KALI-INTEGRATION-STATUS.md",
        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
      ],
      "allowed_after_approval": [
        "在維護窗口執行 full-upgrade",
        "必要時 reboot",
        "完成 ssh/cron/docker/kali-scanner health 複驗"
      ],
      "still_forbidden": [
        "未排窗口直接 reboot",
        "未 snapshot 直接 full-upgrade",
        "未驗證 scanner health 就宣告完成"
      ]
    },
    {
      "queue_item_id": "kali-execute-endpoint-approval-20260513",
      "source_contract": "kali_scan_scope_approval_v1",
      "source_event_id": "kali-execute-endpoint-approval-20260513",
      "title": "Kali /execute endpoint high-risk command path",
      "risk": "CRITICAL",
      "state": "block_candidate",
      "recommended_awooop_mode": "block_candidate",
      "requested_decision": "是否保留或停用 Kali /execute；預設不應接入 AwoooP runtime，若保留必須獨立 high-risk approval、allowlist、audit、disable gate。",
      "blocked_until_approved": true,
      "required_reviewers": [
        "critic",
        "security-commander",
        "human-owner"
      ],
      "evidence_refs": [
        "docs/security/KALI-INTEGRATION-STATUS.md",
        "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
      ],
      "allowed_after_approval": [
        "僅設計 disable/allowlist/audit gate",
        "只在人工 exception 下測試"
      ],
      "still_forbidden": [
        "AwoooP runtime 直接呼叫 /execute",
        "把 /execute 當成一般 MCP action",
        "執行 shell command 自動修復",
        "保存 command 中可能含有的敏感輸出"
      ]
    }
  ],
  "next_recommended_review_order": [
    "kali-finding-runtime-ingestion-approval-20260513",
    "kali-safe-web-crawl-approval-20260513",
    "gitea-private-internal-server-side-inventory-2026-05-12",
    "source-control-target-repo-approval-bundle-20260513",
    "source-control-ref-truth-review-bundle-20260513",
    "kali-credentialed-scan-approval-20260513",
    "kali-full-upgrade-reboot-approval-20260513",
    "kali-execute-endpoint-approval-20260513"
  ]
}