243 lines
9.7 KiB
JSON
243 lines
9.7 KiB
JSON
{
|
||
"schema_version": "security_mirror_intake_plan_v1",
|
||
"status": "draft",
|
||
"date": "2026-05-13",
|
||
"mode": "mirror_only",
|
||
"runtime_execution_authorized": false,
|
||
"source_indexes": [
|
||
"docs/security/security-mirror-readiness.snapshot.json",
|
||
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
|
||
"docs/security/security-approval-queue.snapshot.json",
|
||
"docs/security/security-mirror-event-sample.snapshot.json",
|
||
"docs/security/security-mirror-route.snapshot.json",
|
||
"docs/security/security-mirror-acceptance.snapshot.json",
|
||
"docs/security/security-mirror-quarantine.snapshot.json",
|
||
"docs/security/security-mirror-dry-run.snapshot.json",
|
||
"docs/security/security-mirror-status-rollup.snapshot.json",
|
||
"docs/security/security-approval-gate.snapshot.json",
|
||
"docs/security/security-approval-decision-record.snapshot.json",
|
||
"docs/security/security-approval-review-packet.snapshot.json",
|
||
"docs/security/security-approval-state-transition.snapshot.json",
|
||
"docs/security/security-followup-runtime-gate.snapshot.json",
|
||
"docs/security/source-control-primary-readiness-gate.snapshot.json",
|
||
"docs/security/source-control-primary-rollback-adr.snapshot.json",
|
||
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
|
||
"docs/security/iwooos-posture-projection.snapshot.json"
|
||
],
|
||
"intake_waves": [
|
||
{
|
||
"wave_id": "M0_index_bootstrap",
|
||
"title": "載入 readiness、manifest、低摩擦 policy、鏡像路由、驗收、隔離、dry-run 與狀態彙整契約",
|
||
"contracts": [
|
||
"security_mirror_readiness_v1",
|
||
"security_supply_chain_contract_manifest_v1",
|
||
"security_rollout_policy_v1",
|
||
"security_mirror_event_v1",
|
||
"security_mirror_route_v1",
|
||
"security_mirror_acceptance_v1",
|
||
"security_mirror_quarantine_v1",
|
||
"security_mirror_dry_run_v1",
|
||
"security_mirror_status_rollup_v1",
|
||
"iwooos_posture_projection_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"runtime_state",
|
||
"audit_evidence"
|
||
],
|
||
"allowed_processing": [
|
||
"顯示 contract readiness",
|
||
"顯示 mirror_only enforcement",
|
||
"顯示 partial_ready / contract_only 原因",
|
||
"使用 security_mirror_event_v1 包裝 mirror payload",
|
||
"依 security_mirror_route_v1 分流目的地與 review lane",
|
||
"依 security_mirror_acceptance_v1 驗收鏡像資料完整性與脫敏狀態",
|
||
"依 security_mirror_quarantine_v1 隔離驗收失敗 payload",
|
||
"依 security_mirror_dry_run_v1 回報接入演練結果",
|
||
"依 security_mirror_status_rollup_v1 顯示跨 Session 狀態與下一個 gate",
|
||
"依 iwooos_posture_projection_v1 顯示前端資安態勢投影"
|
||
],
|
||
"blocked_processing": [
|
||
"runtime_enforcement",
|
||
"execution_router",
|
||
"blocking_gate"
|
||
],
|
||
"exit_gate": "Operator Console 能顯示 36 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且 mirror event envelope action_buttons_allowed=false。"
|
||
},
|
||
{
|
||
"wave_id": "M1_kali_visibility",
|
||
"title": "Kali 112 狀態、scope 與 approval queue visibility",
|
||
"contracts": [
|
||
"kali_integration_status_v1",
|
||
"kali_scan_scope_approval_v1",
|
||
"security_approval_queue_v1",
|
||
"security_finding_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"runtime_state",
|
||
"channel_event",
|
||
"approval_queue",
|
||
"audit_evidence"
|
||
],
|
||
"allowed_processing": [
|
||
"mirror Kali health / update / gap evidence",
|
||
"顯示 scan scope group",
|
||
"顯示 approval queue review order",
|
||
"顯示 redacted finding sample"
|
||
],
|
||
"blocked_processing": [
|
||
"start_kali_scan",
|
||
"call_kali_execute_endpoint",
|
||
"credentialed_scan",
|
||
"full_upgrade_or_reboot"
|
||
],
|
||
"exit_gate": "AwoooP 顯示 Kali health、5 個 scan scope groups、8 個 approval queue items,但沒有 action button。"
|
||
},
|
||
{
|
||
"wave_id": "M2_source_control_visibility",
|
||
"title": "Gitea/GitHub source-control evidence visibility",
|
||
"contracts": [
|
||
"source_control_migration_event_v1",
|
||
"gitea_repo_inventory_v1",
|
||
"local_git_remote_inventory_v1",
|
||
"github_target_probe_v1",
|
||
"github_target_decision_v1",
|
||
"github_target_repo_approval_package_v1",
|
||
"source_control_approval_board_v1",
|
||
"source_control_reconcile_plan_v1",
|
||
"source_control_ref_detail_diff_v1",
|
||
"source_control_ref_truth_classification_v1",
|
||
"source_control_primary_readiness_gate_v1",
|
||
"source_control_primary_rollback_adr_v1",
|
||
"source_control_workflow_secret_name_inventory_v1",
|
||
"local_repo_canonical_probe_v1",
|
||
"git_remote_refs_probe_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"runtime_state",
|
||
"approval_queue",
|
||
"audit_evidence"
|
||
],
|
||
"allowed_processing": [
|
||
"mirror repo/branch/tag 差異",
|
||
"顯示 pending owner / visibility / canonical decision",
|
||
"顯示 refs truth review lane",
|
||
"顯示 GitHub primary readiness blockers、parity gates 與 rollback ADR 草案",
|
||
"顯示 workflow / webhook / runner / secret 名稱 inventory 缺口,不保存 secret value",
|
||
"顯示 Gitea inventory partial reason"
|
||
],
|
||
"blocked_processing": [
|
||
"create_github_repo",
|
||
"change_repo_visibility",
|
||
"sync_git_refs",
|
||
"switch_github_primary",
|
||
"delete_or_archive_gitea_repo"
|
||
],
|
||
"exit_gate": "AwoooP 能顯示 source-control blocking reasons,且所有 repo/refs actions 都 disabled。"
|
||
},
|
||
{
|
||
"wave_id": "M3_approval_candidates",
|
||
"title": "Approval candidate mirror 與人工決策留痕",
|
||
"contracts": [
|
||
"approval_required_event_v1",
|
||
"security_approval_queue_v1",
|
||
"security_approval_gate_v1",
|
||
"security_approval_decision_record_v1",
|
||
"security_approval_review_packet_v1",
|
||
"security_approval_state_transition_v1",
|
||
"security_followup_runtime_gate_v1",
|
||
"source_control_primary_readiness_gate_v1",
|
||
"source_control_primary_rollback_adr_v1",
|
||
"source_control_workflow_secret_name_inventory_v1",
|
||
"github_target_repo_approval_package_v1",
|
||
"source_control_approval_board_v1",
|
||
"kali_scan_scope_approval_v1"
|
||
],
|
||
"destinations": [
|
||
"approval_queue",
|
||
"operator_console",
|
||
"audit_evidence"
|
||
],
|
||
"allowed_processing": [
|
||
"create_approval_candidate",
|
||
"record_human_decision",
|
||
"display_followup_runtime_gate",
|
||
"display_decision_record",
|
||
"display_review_packet",
|
||
"display_decision_next_state",
|
||
"display_followup_runtime_gate_template",
|
||
"display_primary_readiness_gate",
|
||
"display_workflow_secret_name_inventory_gate",
|
||
"display_required_reviewers",
|
||
"display_blocked_until_approved"
|
||
],
|
||
"blocked_processing": [
|
||
"auto_approve",
|
||
"execute_after_approval_without_new_runtime_gate",
|
||
"store_secret_value"
|
||
],
|
||
"exit_gate": "Approval candidate、S3 approval gate、decision record、review packet、state transition 與 follow-up runtime gate preparation 可顯示與留痕,但任何批准後執行仍需要下一階段 runtime gate。"
|
||
},
|
||
{
|
||
"wave_id": "M4_patch_only_backlog",
|
||
"title": "Code review / Codex patch-only backlog",
|
||
"contracts": [
|
||
"coding_task_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"approval_queue",
|
||
"audit_evidence"
|
||
],
|
||
"allowed_processing": [
|
||
"display_patch_backlog_contract",
|
||
"create_draft_patch_task_after_review",
|
||
"request_reviewers"
|
||
],
|
||
"blocked_processing": [
|
||
"auto_merge",
|
||
"production_deploy",
|
||
"secret_rotation",
|
||
"network_policy_change"
|
||
],
|
||
"exit_gate": "AwoooP 只顯示 patch-only backlog lane;沒有 Codex runner action。"
|
||
}
|
||
],
|
||
"acceptance_gates": [
|
||
{
|
||
"gate_id": "MIRROR_ONLY_DEFAULT",
|
||
"requirement": "所有 intake waves 都必須維持 runtime_execution_authorized=false。",
|
||
"evidence_ref": "docs/security/security-mirror-intake-plan.snapshot.json"
|
||
},
|
||
{
|
||
"gate_id": "NO_ACTION_BUTTONS",
|
||
"requirement": "Operator Console 不得新增 scan、execute、repo、refs、deploy、secret 類 action button。",
|
||
"evidence_ref": "docs/security/SECURITY-MIRROR-READINESS.md"
|
||
},
|
||
{
|
||
"gate_id": "REDACTION_ONLY",
|
||
"requirement": "Mirror payload 不得保存 raw secret、token、cookie、private key 或 exploit payload。",
|
||
"evidence_ref": "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
|
||
},
|
||
{
|
||
"gate_id": "LOW_MEDIUM_NOT_BLOCKING",
|
||
"requirement": "LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn,不得升為 blocking gate。",
|
||
"evidence_ref": "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md"
|
||
}
|
||
],
|
||
"forbidden_actions": [
|
||
"start_kali_scan",
|
||
"call_kali_execute_endpoint",
|
||
"run_credentialed_scan",
|
||
"create_github_repo",
|
||
"change_repo_visibility",
|
||
"sync_git_refs",
|
||
"switch_github_primary",
|
||
"auto_merge",
|
||
"production_deploy",
|
||
"store_secret_token_cookie_private_key_or_exploit_payload"
|
||
]
|
||
}
|