wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/schemas/security_approval_gate_v1.schema.json
Your Name 9e15fd08b3
All checks were successful
CD Pipeline / tests (push) Successful in 1m39s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 5m19s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m11s
Details
feat(web): land iwooos security posture surfaces
2026-05-25 20:35:52 +08:00

197 lines
4.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:security-approval-gate-v1",
"title": "資安供應鏈人工批准 Gate 契約 v1",
"description": "定義 Security Supply Chain 進入 S3 時AwoooP 如何顯示、記錄與限制人工批准。此契約不授權 runtime execution。",
"type": "object",
"required": [
"schema_version",
"status",
"date",
"mode",
"runtime_execution_authorized",
"source_indexes",
"summary",
"gate_items",
"decision_recording_rules",
"forbidden_actions"
],
"properties": {
"schema_version": {
"const": "security_approval_gate_v1"
},
"status": {
"type": "string",
"enum": ["draft"]
},
"date": {
"type": "string"
},
"mode": {
"type": "string",
"enum": ["approval_gate_only"]
},
"runtime_execution_authorized": {
"type": "boolean",
"const": false
},
"source_indexes": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"summary": {
"type": "object",
"required": [
"total_gate_items",
"pending_human_decision_count",
"block_candidate_count",
"approved_count",
"runtime_actions_authorized",
"immediate_execution_after_approval_allowed",
"raw_secret_storage_authorized"
],
"properties": {
"total_gate_items": {
"type": "integer",
"minimum": 0
},
"pending_human_decision_count": {
"type": "integer",
"minimum": 0
},
"block_candidate_count": {
"type": "integer",
"minimum": 0
},
"approved_count": {
"type": "integer",
"minimum": 0
},
"runtime_actions_authorized": {
"type": "boolean",
"const": false
},
"immediate_execution_after_approval_allowed": {
"type": "boolean",
"const": false
},
"raw_secret_storage_authorized": {
"type": "boolean",
"const": false
}
},
"additionalProperties": false
},
"gate_items": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": [
"gate_id",
"source_queue_item_id",
"source_contract",
"risk",
"gate_state",
"approval_scope",
"required_reviewers",
"decision_options",
"allowed_after_approval",
"still_forbidden",
"requires_followup_runtime_gate",
"evidence_refs"
],
"properties": {
"gate_id": {
"type": "string"
},
"source_queue_item_id": {
"type": "string"
},
"source_contract": {
"type": "string"
},
"risk": {
"type": "string",
"enum": ["MEDIUM", "HIGH", "CRITICAL"]
},
"gate_state": {
"type": "string",
"enum": ["pending_human_decision", "block_candidate", "approved", "rejected", "expired"]
},
"approval_scope": {
"type": "string",
"enum": [
"design_or_draft_only",
"read_only_inventory_only",
"low_noise_scan_scope_only",
"manual_exception_only",
"blocked_by_default"
]
},
"required_reviewers": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"decision_options": {
"type": "array",
"items": {
"type": "string",
"enum": ["approve_scope", "reject", "defer", "request_more_evidence", "keep_blocked"]
},
"minItems": 1
},
"allowed_after_approval": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"still_forbidden": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"requires_followup_runtime_gate": {
"type": "boolean",
"const": true
},
"evidence_refs": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
}
},
"additionalProperties": false
}
},
"decision_recording_rules": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"forbidden_actions": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
}
},
"additionalProperties": false
}
Reference in New Issue View Git Blame Copy Permalink