Files
awoooi/docs/security/github-target-private-backup-evidence-gate.snapshot.json

534 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "github_target_private_backup_evidence_gate_v1",
"generated_at": "2026-06-26T09:43:15.948000+00:00",
"status": "blocked_public_visibility_and_safe_credential_evidence_required",
"mode": "read_only_private_backup_evidence_gate",
"source_reviews": {
"github_target_decision": "docs/security/github-target-decision.snapshot.json",
"github_target_owner_decision_response": "docs/security/github-target-owner-decision-response.snapshot.json",
"github_target_repo_approval_package": "docs/security/github-target-repo-approval-package.snapshot.json"
},
"summary": {
"target_decision_count": 10,
"approval_required_target_count": 9,
"approval_package_item_count": 9,
"public_probe_visible_target_count": 4,
"not_found_or_private_target_count": 5,
"private_backup_verified_count": 0,
"private_visibility_evidence_missing_count": 9,
"safe_credential_required_count": 9,
"safe_credential_accepted_evidence_count": 0,
"owner_response_received_count": 0,
"owner_response_accepted_count": 0,
"execution_ready_count": 0,
"blocked_target_count": 9,
"external_scope_target_count": 1,
"forbidden_action_count": 12,
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"workflow_modification_authorized": false,
"workflow_trigger_authorized": false,
"secret_value_collection_allowed": false,
"private_clone_url_collection_allowed": false,
"not_found_or_private_as_absent_allowed": false,
"public_repo_allowed": false
},
"targets": [
{
"github_repo": "owenhytsai/awoooi",
"source_key": "wooo/awoooi",
"approval_required": true,
"probe_status": "exists",
"target_state": "exists_refs_blocked",
"risk": "HIGH",
"visibility_evidence_status": "blocked_public_probe_visible_private_evidence_required",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"github_target_publicly_readable_by_unauthenticated_probe",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/clawbot-v5",
"source_key": "wooo/clawbot-v5",
"approval_required": true,
"probe_status": "exists",
"target_state": "exists_refs_blocked",
"risk": "MEDIUM",
"visibility_evidence_status": "blocked_public_probe_visible_private_evidence_required",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"github_target_publicly_readable_by_unauthenticated_probe",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/wooo-aiops",
"source_key": "wooo/wooo-aiops",
"approval_required": true,
"probe_status": "exists",
"target_state": "exists_refs_blocked",
"risk": "MEDIUM",
"visibility_evidence_status": "blocked_public_probe_visible_private_evidence_required",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"github_target_publicly_readable_by_unauthenticated_probe",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/wooo-infra-config",
"source_key": "wooo/wooo-infra-config",
"approval_required": true,
"probe_status": "exists",
"target_state": "exists_aligned",
"risk": "MEDIUM",
"visibility_evidence_status": "blocked_public_probe_visible_private_evidence_required",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"github_target_publicly_readable_by_unauthenticated_probe",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/ewoooc",
"source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees",
"approval_required": true,
"probe_status": "not_found_or_private",
"target_state": "not_found_or_private",
"risk": "HIGH",
"visibility_evidence_status": "blocked_private_or_absent_not_verified",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"not_found_or_private_is_not_private_verification",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md",
"docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/bitan-pharmacy",
"source_key": "bitan-pharmacy",
"approval_required": true,
"probe_status": "not_found_or_private",
"target_state": "not_found_or_private",
"risk": "MEDIUM",
"visibility_evidence_status": "blocked_private_or_absent_not_verified",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"not_found_or_private_is_not_private_verification",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/tsenyang-website",
"source_key": "tsenyang-website",
"approval_required": true,
"probe_status": "not_found_or_private",
"target_state": "not_found_or_private",
"risk": "MEDIUM",
"visibility_evidence_status": "blocked_private_or_absent_not_verified",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"not_found_or_private_is_not_private_verification",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/github-target-probe.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "nexu-io/open-design",
"source_key": "open-design",
"approval_required": false,
"probe_status": "exists",
"target_state": "external_scope",
"risk": "LOW",
"visibility_evidence_status": "external_scope_not_backup_target",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "not_required_external_scope",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"external_scope_review_only"
],
"evidence_refs": [
"docs/security/github-target-probe.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/VibeWork",
"source_key": "vibework",
"approval_required": true,
"probe_status": "not_found_or_private",
"target_state": "not_found_or_private",
"risk": "HIGH",
"visibility_evidence_status": "blocked_private_or_absent_not_verified",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"not_found_or_private_is_not_private_verification",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/source-control-primary-readiness-gate.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
},
{
"github_repo": "owenhytsai/agent-bounty-protocol",
"source_key": "agent-bounty-protocol",
"approval_required": true,
"probe_status": "not_found_or_private",
"target_state": "not_found_or_private",
"risk": "HIGH",
"visibility_evidence_status": "blocked_private_or_absent_not_verified",
"private_backup_verified": false,
"private_visibility_owner_evidence_ref": null,
"safe_credential_evidence_status": "missing_safe_credential_metadata",
"safe_credential_evidence_ref": null,
"owner_response_accepted": false,
"refs_sync_ready": false,
"execution_ready": false,
"blockers": [
"not_found_or_private_is_not_private_verification",
"private_visibility_owner_evidence_missing",
"safe_credential_metadata_missing",
"refs_sync_not_authorized"
],
"evidence_refs": [
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/source-control-primary-readiness-gate.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"forbidden_actions": [
"create_github_repo",
"change_repo_visibility",
"push_refs",
"delete_refs",
"force_push",
"mirror_sync",
"switch_github_primary",
"disable_gitea",
"workflow_modification",
"workflow_trigger",
"secret_value_collection",
"private_clone_url_collection"
],
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
}
],
"acceptance_requirements": [
"每個 approval-required GitHub target 必須有 private visibility owner evidence ref。",
"公開 probe 可讀的 target 不得被視為符合私有備援要求。",
"`not_found_or_private` 只代表未授權只讀 probe 看不到,不得當成 private verified 或 repo absent。",
"safe credential evidence 只允許 credential storage / owner / scope / rotation metadata不得收 token value。",
"owner response accepted count 在 reviewer acceptance 前必須維持 0。",
"private evidence 與 safe credential evidence 完整前不得建立 repo、改 visibility、push refs 或切 GitHub primary。"
],
"rejection_rules": [
"任何 public repo 或 unauthenticated readable target 均不得標示 private_backup_verified=true。",
"任何 token、PAT、private key、cookie、session、private clone credential 或 partial secret 必須拒收。",
"任何 repo creation、visibility change、refs sync、force push、tag rewrite、workflow trigger 或 primary switch request 必須拒收。",
"任何把 `not_found_or_private` 解讀為 repo 不存在或可建立新 repo 的 response 必須拒收。"
],
"operation_boundaries": {
"read_only_api_allowed": true,
"github_api_write_allowed": false,
"gitea_api_write_allowed": false,
"repo_creation_allowed": false,
"visibility_change_allowed": false,
"refs_sync_allowed": false,
"workflow_modification_allowed": false,
"workflow_trigger_allowed": false,
"github_primary_switch_allowed": false,
"secret_value_collection_allowed": false,
"private_clone_url_collection_allowed": false
},
"authorization_flags": {
"runtime_execution_authorized": false,
"repo_creation_authorized": false,
"visibility_change_authorized": false,
"refs_sync_authorized": false,
"workflow_modification_authorized": false,
"workflow_trigger_authorized": false,
"github_primary_switch_authorized": false,
"secret_values_collected": false
}
}