Files
awoooi/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md
Your Name 58e760fae2
All checks were successful
CD Pipeline / tests (push) Successful in 1m25s
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / build-and-deploy (push) Successful in 4m2s
CD Pipeline / post-deploy-checks (push) Successful in 1m48s
feat(security): 擴充 S4.10 target owner response
2026-06-11 20:30:41 +08:00

239 lines
36 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# AwoooP 只讀鏡像消費清單
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-04 |
| 狀態 | IwoooS / AwoooP 只讀同步 active checklist |
| 範圍 | Kali / Code Review / Codex / Gitea / GitHub 資安供應鏈事件 |
| 低摩擦 policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` |
| Contract manifest | `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md` |
| 原則 | 低摩擦分階段AwoooP 初期只 mirror、只讀 policy、只建立必要的 approval candidate不直接執行 |
## 0. 核心結論
AwoooP 可以消費 Security Supply Chain Session 產出的事件,但初期只能做三件事:
1. mirror 成 Runtime State / Channel Event / Audit evidence。
2. 計算 read-only policy 建議,例如 `observe``warn``approve_required`
3. 產生 approval candidate等待人工核准。
AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得切換 GitHub primary、不得修改 production runtime。
初期也不得把每個 observation 都變成阻擋條件。LOW / MEDIUM 且不涉及不可逆變更的項目,先以 `observe` / `warn` 累積 evidence缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 也只能先建立 follow-up / owner review不得直接升 runtime blocker。只有 repo creation、visibility change、refs sync、secret、RBAC、NetworkPolicy、firewall、deploy、primary switch 等高風險動作才進 approval。
## 0.1 2026-06-04 IwoooS 同步規則
AwoooP Session 消費 IwoooS 狀態時,必須同步以下邊界:
| 項目 | 規則 |
|------|------|
| commits / runs | 同步 code commit、deploy marker、LOGBOOK commit、Gitea CD / code-review run`gitea/main` 又前進,先重讀最新 delta |
| production sanity | 同步 `/zh-TW/iwooos` desktop / mobile、水平溢出、展開區塊、候選卡與 S4.9 gate 結果 |
| S4.9 owner response | 只顯示下一個收件焦點owner response received / accepted 仍為 0直到合格回覆通過預檢與人工 reviewer checklist |
| Code Review 候選 | 可分類為前端體驗、測試補洞、文件同步、低風險重構;人工批准前不得轉成 Codex coding也不得自動推正式 |
| AwoooP approval | 只能表示 AwoooP 流程候選或人工邊界,不等於資安批准、不等於 runtime gate |
| production UI | UI 可見只能當 evidence不能當 execution authorization |
| Git 操作 | 不 force push、不 destructive git若另一個 Session 已更新 main先同步與比對不覆蓋 |
## 1. 允許消費的事件
| 事件 | 來源 | AwoooP 目標 | 初期狀態 | 必要防護 |
|------|------|-------------|----------|----------|
| `security_finding_v1` | Kali / Trivy / ZAP / Semgrep / detect-secrets / kube posture | Runtime State、Channel Event、Audit | mirror-only | 不保存 raw secret、cookie、token、exploit payload |
| `kali_integration_status_v1` | 192.168.0.112 live health / update / gap evidence | Security posture、Operator Console、Approval candidate | mirror-only | 不保存 SSH 密碼或 API key、不直接啟動 scan 或 `/execute` |
| `kali_scan_scope_approval_v1` | Kali 112 scan scope、111/168 observe-only、safe/active/credentialed/execute/full-upgrade gates | Approval queue、Operator Console、Audit | approval-only | 只顯示 scope 與 gate不啟動 scan、不呼叫 `/execute` |
| `security_approval_queue_v1` | Security Supply Chain pending approval / block candidate 集中隊列 | Approval queue、Operator Console、Audit | approval-only | 只顯示 review order 與 blocked reason不執行 queue item |
| `security_approval_gate_v1` | S3 人工批准 gate | Approval queue、Operator Console、Audit | approval-only | 只記錄人工決策、批准範圍與 follow-up runtime gate不執行 gate item |
| `security_approval_decision_record_v1` | S3 人工決策紀錄 | Operator Console、Audit | approval-only | 只保存 approve / reject / defer / request more evidence / keep blocked 的稽核紀錄,不執行決策 |
| `security_approval_review_packet_v1` | S3 人工審查封包 | Approval queue、Operator Console、Audit | approval-only | 只顯示 review lane、required reviewers、requested decision 與 still forbidden不代表批准 |
| `security_approval_state_transition_v1` | S3 人工決策狀態轉移 | Approval queue、Operator Console、Audit | approval-only | 只顯示 decision 後 next state`approve_scope` 仍需 follow-up runtime gate |
| `security_followup_runtime_gate_v1` | S3 後續 runtime gate 準備模板 | Approval queue、Operator Console、Audit | approval-only | 只顯示 minimum evidence、preflight checks 與 rollback / disable requirement目前不啟用 runtime gate |
| `security_mirror_readiness_v1` | Security Supply Chain contract mirror readiness index | Operator Console、Runtime State、Channel Event、Audit | mirror-only | 只顯示 ready / partial / contract-only不執行 mirror item |
| `security_mirror_intake_plan_v1` | AwoooP mirror-only intake waves / destinations / acceptance gates | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 只照 wave 讀取與顯示,不執行 intake item |
| `security_mirror_event_v1` | AwoooP mirror-only event envelope | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 每筆 event 必須 `execution_authorized=false``action_buttons_allowed=false` |
| `security_mirror_route_v1` | AwoooP 鏡像路由矩陣 | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 只決定目的地、channel policy 與 review lane不作 execution router |
| `security_mirror_acceptance_v1` | AwoooP 鏡像驗收契約 | Operator Console、Runtime State、Audit | mirror-only | 只驗收 contract count、event envelope、route coverage、redaction、progress estimate guard不作 runtime blocker |
| `security_mirror_quarantine_v1` | AwoooP 鏡像隔離契約 | Operator Console、Audit | mirror-only | 只隔離驗收失敗 payload、顯示 recovery request 與 retry gate不作 runtime blocker |
| `security_mirror_dry_run_v1` | AwoooP 鏡像 dry-run 報告契約 | Operator Console、Audit | mirror-only | 只回報接入演練結果,且必須包含 progress guard、owner response guard 與 latest local validation不得轉成 production ingestion |
| `security_mirror_status_rollup_v1` | AwoooP 鏡像狀態彙整契約 | Operator Console、Runtime State、Audit | mirror-only | 只顯示階段狀態、58% headline 進度、progress display policy、delta ledger、下一個 gate 與禁止事項;不得視為 runtime authorization |
| `source_control_owner_response_validation_rollup_v1` | S4.9 / S4.10 / S4.11 / S4.12 owner response validation rollup | Operator Console、Source-control review、Audit | mirror-only | 只顯示四包 response packets、24 個 templates、missing response lanes、owner response collection order、next collection candidate、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、quarantine rules 與 latest local validation不得視為 approval 或 runtime gate |
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation、S4.9 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes不保存 token value、不刪除或停用 Gitea repo |
| `local_git_remote_inventory_v1` | 本機可見 Git working tree remote | Source-control coverage evidence、migration matrix | mirror-only | 不視為 Gitea server 全量、不修改 remote |
| `github_target_probe_v1` | 候選 GitHub repo read-only probe | Migration target evidence | mirror-only | `not_found_or_private` 不等同確認不存在 |
| `github_target_decision_v1` | GitHub target 建立與可見性決策草案S4.10 owner decision response request packet / 收件包 | Approval candidate、Migration target evidence | mirror-only | approval 前不得建立 repo、修改 visibility、同步 refsS4.10 request packet 只顯示 9 個 target 要求template status ledger 逐項顯示 waiting / request readyaudit event templates 只定義 0 emitted 的脫敏 metadataredaction examples 只顯示可接受的脫敏 metadata shapecollection checks 只維持 request / received / accepted 分離intake preflight checks 只分類可收、補證、隔離或拒收response 目前 0 筆,不代表執行批准 |
| `github_target_repo_approval_package_v1` | GitHub target 逐 repo approval packageS4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / response templates | Approval queue、Migration target evidence | mirror-only | 低摩擦,只 gate 高風險執行request packet 只顯示 owner 要回覆什麼response 通過也只更新 read-only evidence |
| `source_control_approval_board_v1` | 逐 repo owner / visibility / canonical / refs 決策 board | Approval queue、PR reviewer handoff | approval-only | 只顯示決策隊列,不執行 board item |
| `source_control_reconcile_plan_v1` | refs-blocked repo draft reconcile plan | Approval candidate、migration reviewer handoff | approval-only | 只顯示草案S4.11 response 通過前只更新 wording不 push refs、不切 primary |
| `source_control_ref_detail_diff_v1` | refs-blocked repo branch/tag 明細 diff | Migration reviewer evidence | mirror-only | 只顯示 diff不 fetch、不 push、不刪 refs |
| `source_control_ref_truth_classification_v1` | refs diff 真相來源與 deprecated 候選分類S4.11 owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / 收件包 | Repo owner review queue、migration reviewer handoff | approval-only | 只顯示分類、1 個 request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 response templates 與人工判定隊列,不執行 sync/delete/force push |
| `source_control_primary_readiness_gate_v1` | GitHub primary readiness / parity gate | Source-control review、Operator Console、Audit | approval-only | 只顯示 primary blockers、parity gates、rollback ADR 缺口;目前 `primary_ready_count=0` |
| `source_control_primary_rollback_adr_v1` | GitHub primary rollback ADR 草案與 validation window | Source-control review、Operator Console、Audit | approval-only | 只顯示 7 個 repo 的 rollback draft、owner review、validation window不得執行 rollback 或切 primary |
| `source_control_workflow_secret_name_inventory_v1` | workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory gateS4.12 owner response 收件包 | Source-control review、Secret hygiene audit、Operator Console | approval-only | 只顯示缺口、S4.2 local evidence、S4.3 redacted export request、S4.12 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 response templates目前 `inventory_complete_count=0`,不得保存 secret value |
| `local_repo_canonical_probe_v1` | 本機 working tree lineage 比對 | Canonical decision evidence | mirror-only | 不自動合併、不自動建 repo、不刪除 |
| `git_remote_refs_probe_v1` | 指定 repo remote refs read-only probe | Source readiness evidence | mirror-only | 不 fetch、不 push、不自動 mirror |
| `approval_required_event_v1` | 上述事件的高風險 gate | Approval queue、Audit | approval-only | `blocked_until_approved=true` |
| `security_rollout_policy_v1` | 低摩擦資安 rollout policy | Read-only policy、Operator Console | mirror-only | 初期 observe-first顯示 7 條 non-blocking escalation lanes不做 runtime enforcement |
| `security_supply_chain_contract_manifest_v1` | Security Supply Chain 契約索引 | Contract registry、Operator Console | mirror-only | 只作路由索引,不作 execution router |
## 2. AwoooP 可以做的處理
| 處理 | 允許 | 說明 |
|------|------|------|
| Runtime State mirror | 是 | 儲存脫敏後摘要、狀態、風險等級、evidence ref |
| Channel Event | 是 | 發送資安 posture、遷移阻塞、approval pending 等通知 |
| Read-only policy | 是 | 計算建議,不改 firewall、RBAC、NetworkPolicy、secret、deploy |
| Approval candidate | 是 | 讓人審核是否批准下一步 |
| Audit evidence | 是 | 保存可追溯事件,不保存敏感原文 |
| Operator Console 顯示 | 是 | 初期只顯示,不提供高風險執行按鈕 |
## 3. 初期禁止動作
| 禁止動作 | 原因 |
|----------|------|
| 直接啟動 Kali scan | 掃描強度與範圍需人工批准,避免誤傷內網服務 |
| 直接啟動 active DAST / credentialed scan | 會碰驗證狀態與服務負載,需 approval |
| 直接呼叫 Codex patch runner | coding 仍需 patch-only / human review gate |
| 自動 merge / auto deploy | 供應鏈與 production 風險太高 |
| 修改 secrets / RBAC / NetworkPolicy / firewall | 高風險不可逆或半不可逆變更 |
| 切換 GitHub primary / Gitea mirror 主控 | 目前 Gitea/GitHub branch、tag、main SHA 尚未對齊 |
| 刪除、停用、歸檔 Gitea repo | 需要完整 repo inventory 與人工確認 |
| 保存 raw secret / token / cookie / exploit payload | 違反 evidence 脫敏原則 |
## 4. 事件到處理模式對照
| 條件 | AwoooP recommended mode | 後續 |
|------|-------------------------|------|
| `security_finding_v1.severity=LOW|MEDIUM``confidence=LOW|MEDIUM` | `observe` | mirror + weekly review |
| `security_finding_v1.severity=HIGH|CRITICAL` | `approve_required` | 產生 `approval_required_event_v1` |
| `kali_integration_status_v1.status=partial_runtime_health_integrated` | `observe` | 顯示 Kali 112 health、更新紀錄、缺口與 approval gates不得直接掃描 |
| `kali_scan_scope_approval_v1.status=draft_waiting_approval` | `approve_required` | 顯示 Kali 112、111/168、核心主機、公開網站 scope 與 gate不得執行 scan |
| `security_approval_queue_v1.status=draft` | `approve_required` | 顯示 8 個 queue items、review order 與 blocked reasonGitea item 已要求 S4.7 owner attestation 先行;不得執行 item |
| `security_approval_gate_v1.mode=approval_gate_only` | `approve_required` | 顯示 8 個 gate items、批准範圍與 follow-up runtime gate批准後不得自動執行 |
| `security_approval_decision_record_v1.mode=decision_record_only` | `observe` | 顯示人工決策紀錄;每筆紀錄都必須 `execution_authorized=false` |
| `security_approval_review_packet_v1.mode=approval_review_packet_only` | `approve_required` | 顯示 8 個 review packets、review lane 與 still forbiddenGitea packet 需顯示 5 個 attestation items不得當成批准或執行授權 |
| `security_approval_state_transition_v1.mode=approval_state_transition_only` | `observe` | 顯示 5 個 decision options 的 next state不得把 transition 當 execution authorization |
| `security_followup_runtime_gate_v1.mode=runtime_gate_preparation_only` | `observe` | 顯示 8 個後續 runtime gate 準備模板、0 個 active runtime gatesGitea template 需先看 S4.7 owner decision不得新增 action button |
| `source_control_primary_readiness_gate_v1.status=draft_blocked` | `approve_required` | 顯示 10 個 candidate repos、9 個 in-scope blocked、0 個 primary ready不得切 primary |
| `source_control_primary_rollback_adr_v1.status=draft_waiting_owner_review` | `approve_required` | 顯示 7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed不得執行 rollback 或切 primary |
| `source_control_workflow_secret_name_inventory_v1.status=draft_missing_evidence` | `approve_required` | 顯示 10 個 candidate repos、S4.2 local evidence 5 repos / 33 workflows / 42 referenced secret names、S4.3 export request 9 repos / 5 lanes、0 個 complete不得收集 secret value、不得修改 workflow |
| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 36 個 contracts 的 readiness不得把 readiness 當 execution authorization |
| `security_mirror_intake_plan_v1.status=draft` | `observe` | 顯示 5 個 intake waves 與 4 個 acceptance gates不得執行 wave |
| `security_mirror_event_v1.execution_authorized=false` | `observe` | 只包裝鏡像 payload明確不授權執行、不顯示執行按鈕 |
| `security_mirror_route_v1.status=draft` | `observe` | 顯示 5 個 route groups、channel policy 與 review lane不得轉成 execution router |
| `security_mirror_acceptance_v1.status=draft` | `observe` | 顯示 8 個 acceptance checks其中 progress estimate guard 必須確認 58% 不是執行授權;只可驗收鏡像資料,不得阻擋 runtime |
| `security_mirror_quarantine_v1.status=draft` | `observe` | 顯示 5 個 quarantine lanes、recovery request 與 retry gate不得自動重試失敗 payload |
| `security_mirror_dry_run_v1.dry_run_status=contract_defined_not_executed` | `observe` | 顯示 8 個 dry-run steps 與 `latest_local_validation.status=repo_snapshot_guard_pass``CHECK_PROGRESS_GUARD` 必須維持 58% 不是執行授權,`CHECK_OWNER_RESPONSE_GUARD` 必須維持 owner response received / accepted 皆為 0不得視為 production ingestion 已啟用 |
| `security_mirror_status_rollup_v1.rollup_status=framework_ready_waiting_approval` | `observe` | 顯示 S0-S4 階段、58% headline 進度、micro progress delta ledger、approval queue summary 與下一個 gate不得新增 execution action |
| `source_control_owner_response_validation_rollup_v1.status=draft_waiting_owner_responses` | `observe` | 顯示四包 owner response packets、4 條 missing response lanes、4 步收件順序、24 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received / accepted / rejected 皆為 0`latest_local_validation.result=SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`;不得當成 approval 或 execution authorization |
| `coding_task_v1.risk=LOW|MEDIUM` | `warn` | 可排入 Codex patch-only backlog |
| `coding_task_v1.risk=HIGH|CRITICAL` | `approve_required` | 必須指定 `critic``vuln-verifier` |
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason不允許切 primary |
| `source_control_migration_event_v1.status=verified` | `approve_required` | 仍需人工批准主控切換 |
| `gitea_repo_inventory_v1.status=blocked` | `observe` | 補只讀 token 或管理匯出,不做同步 |
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence顯示 S4.5 export request、S4.6 import acceptance、S4.7 owner attestation request、S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks、owner response templates、intake preflight checks、outcome lanes 與 coverage gap不做同步 |
| `gitea_repo_inventory_v1.status=ok` | `warn` | 進入 repo mapping / branch tag diff |
| `approval_required_event_v1.requested_action=run_gitea_readonly_inventory` | `approve_required` | 只允許 read-only token 或 redacted admin export不保存 token value |
| `local_git_remote_inventory_v1.status=partial` | `observe` | 補 server-side inventory不做主控切換 |
| `github_target_probe_v1.status=ok` 且有 `not_found_or_private` | `observe` | 補 GitHub target 決策,不自動建立 repo |
| `github_target_decision_v1.approval_required_count>0` | `approve_required` | 產生 approval candidate並顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 owner decision response templates不執行 repo 建立、visibility 修改、refs sync 或 primary switch |
| `github_target_repo_approval_package_v1.status=draft` | `observe` | 建立 approval queue draft不阻擋 read-only evidenceS4.10 response 通過前不得視為 repo / visibility / refs 批准 |
| `source_control_approval_board_v1.pending_approval_count>0` | `approve_required` | 顯示逐 repo 決策隊列,不執行 repo 建立、visibility 修改、refs sync |
| `source_control_reconcile_plan_v1.status=draft_blocked` | `approve_required` | 只顯示 refs reconcile 草案與 gate不執行 sync |
| `source_control_ref_detail_diff_v1.status=draft_blocked` | `observe` | 顯示 branch/tag 明細 diff支援人工 review |
| `source_control_ref_truth_classification_v1.status=draft_blocked` | `approve_required` | 顯示 main/dev 真相來源、drift deprecated 候選、release / UAT tag review lane、S4.11 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 templates不執行分類結果 |
| `source_control_workflow_secret_name_inventory_v1.status=draft_missing_evidence` | `approve_required` | 顯示 S4.2 local evidence、S4.3 export request、S4.12 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 templates不收 secret value、不改 workflow、不啟用 runner |
| `local_repo_canonical_probe_v1.status=unrelated` | `approve_required` | 禁止自動合併,需人工 canonical 判定 |
| `git_remote_refs_probe_v1.status=ok` | `observe` | 可作 source evidence但仍需 GitHub target 與 approval |
| `security_rollout_policy_v1.enforcement_level=mirror_only` | `observe` | 只顯示 policy 與 7 條 non-blocking escalation lanes不阻擋既有流程 |
| `security_supply_chain_contract_manifest_v1.default_enforcement_level=mirror_only` | `observe` | 只載入契約索引,不新增執行入口 |
## 5. Evidence 脫敏要求
| 資料 | 保存方式 |
|------|----------|
| repo URL | 移除 username、password、token |
| API token | 只保存 `token_present=true|false` |
| secret 名稱 | 可保存名稱與 owner |
| secret value | 禁止保存 |
| exploit payload | 禁止保存 raw payload只保存 redacted evidence ref |
| scan result | 保存 finding 摘要、severity、confidence、asset key |
| host IP | 內網資產可保存,但外部分享需改 asset key |
## 6. 目前可立即 mirror 的檔案
| 類型 | 檔案 |
|------|------|
| source control event snapshot | `docs/security/gitea-github-awoooi-inventory.snapshot.json` |
| source control event 人讀版 | `docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md` |
| clawbot-v5 source control snapshot | `docs/security/source-control-clawbot-v5.snapshot.json` / `docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md` |
| wooo-aiops source control snapshot | `docs/security/source-control-wooo-aiops.snapshot.json` / `docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md` |
| Gitea repo inventory snapshot | `docs/security/gitea-repo-inventory.snapshot.json` |
| Gitea repo inventory 人讀版 | `docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md` |
| Gitea authenticated inventory export request | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| Gitea authenticated inventory import acceptance | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| Gitea inventory coverage owner attestation | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` / `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| Gitea inventory owner attestation response 收件包 | `docs/security/gitea-inventory-owner-attestation-response.snapshot.json` / `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` |
| Gitea org endpoint blocked snapshot | `docs/security/gitea-org-repo-inventory-blocked.snapshot.json` / `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
| Gitea server-side inventory runbook | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
| Gitea read-only inventory approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
| Gitea read-only inventory approval snapshot | `docs/security/gitea-readonly-inventory-approval.snapshot.json` |
| Gitea admin export redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| Gitea public repo search snapshot | `docs/security/gitea-public-repo-search.snapshot.json` / `docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md` |
| 本機 Git remote inventory snapshot | `docs/security/local-git-remote-inventory.snapshot.json` |
| 本機 Git remote inventory 人讀版 | `docs/security/LOCAL-GIT-REMOTE-INVENTORY-SNAPSHOT.md` |
| Source Control 遷移矩陣 | `docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md` |
| Source Control Canonical Repo 判定表 | `docs/security/SOURCE-CONTROL-CANONICAL-DECISION-TABLE.md` |
| GitHub target probe snapshot | `docs/security/github-target-probe.snapshot.json` / `docs/security/GITHUB-TARGET-PROBE-SNAPSHOT.md` |
| GitHub target 決策 snapshot | `docs/security/github-target-decision.snapshot.json` / `docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md` |
| GitHub target owner decision response 收件包 | `docs/security/github-target-owner-decision-response.snapshot.json` / `docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md` |
| GitHub target repo approval package | `docs/security/github-target-repo-approval-package.snapshot.json` / `docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md` |
| Source Control approval board | `docs/security/source-control-approval-board.snapshot.json` / `docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md` |
| Source Control draft reconcile plan | `docs/security/source-control-reconcile-plan.snapshot.json` / `docs/security/SOURCE-CONTROL-RECONCILE-PLAN.md` |
| Source Control branch/tag detail diff | `docs/security/source-control-ref-detail-diff.snapshot.json` / `docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md` |
| Source Control ref truth classification | `docs/security/source-control-ref-truth-classification.snapshot.json` / `docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md` |
| Source Control ref truth owner response 收件包 | `docs/security/source-control-ref-truth-owner-response.snapshot.json` / `docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md` |
| Source Control GitHub primary readiness gate | `docs/security/source-control-primary-readiness-gate.snapshot.json` / `docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md` |
| Source Control GitHub primary rollback ADR | `docs/security/source-control-primary-rollback-adr.snapshot.json` / `docs/security/SOURCE-CONTROL-PRIMARY-ROLLBACK-ADR.md` |
| Source Control workflow / secret name inventory | `docs/security/source-control-workflow-secret-name-inventory.snapshot.json` / `docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md` |
| Source Control workflow / secret name local evidence | `docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json` / `docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-LOCAL-EVIDENCE.md` |
| Source Control workflow / secret name export request | `docs/security/source-control-workflow-secret-name-export-request.snapshot.json` / `docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-EXPORT-REQUEST.md` |
| Source Control workflow / secret name owner response 收件包 | `docs/security/source-control-workflow-secret-name-owner-response.snapshot.json` / `docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md` |
| Kali 112 integration status | `docs/security/kali-integration-status.snapshot.json` / `docs/security/KALI-INTEGRATION-STATUS.md` |
| Security finding contract | `docs/security/security-finding-kali-sample.snapshot.json` / `docs/security/SECURITY-FINDING-CONTRACT.md` |
| Kali scan scope approval package | `docs/security/kali-scan-scope-approval.snapshot.json` / `docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` |
| Security approval queue | `docs/security/security-approval-queue.snapshot.json` / `docs/security/SECURITY-APPROVAL-QUEUE.md` |
| Security approval gate | `docs/security/security-approval-gate.snapshot.json` / `docs/security/SECURITY-APPROVAL-GATE.md` |
| Security approval decision record | `docs/security/security-approval-decision-record.snapshot.json` / `docs/security/SECURITY-APPROVAL-DECISION-RECORD.md` |
| Security approval review packet | `docs/security/security-approval-review-packet.snapshot.json` / `docs/security/SECURITY-APPROVAL-REVIEW-PACKET.md` |
| Security approval state transition | `docs/security/security-approval-state-transition.snapshot.json` / `docs/security/SECURITY-APPROVAL-STATE-TRANSITION.md` |
| Security follow-up runtime gate preparation | `docs/security/security-followup-runtime-gate.snapshot.json` / `docs/security/SECURITY-FOLLOWUP-RUNTIME-GATE.md` |
| Security mirror readiness | `docs/security/security-mirror-readiness.snapshot.json` / `docs/security/SECURITY-MIRROR-READINESS.md` |
| Security mirror intake plan | `docs/security/security-mirror-intake-plan.snapshot.json` / `docs/security/SECURITY-MIRROR-INTAKE-PLAN.md` |
| 資安鏡像事件契約 | `docs/security/security-mirror-event-sample.snapshot.json` / `docs/security/SECURITY-MIRROR-EVENT-CONTRACT.md` |
| 資安鏡像路由矩陣 | `docs/security/security-mirror-route.snapshot.json` / `docs/security/SECURITY-MIRROR-ROUTE.md` |
| 資安鏡像驗收契約 | `docs/security/security-mirror-acceptance.snapshot.json` / `docs/security/SECURITY-MIRROR-ACCEPTANCE.md` |
| 資安鏡像隔離契約 | `docs/security/security-mirror-quarantine.snapshot.json` / `docs/security/SECURITY-MIRROR-QUARANTINE.md` |
| 資安鏡像 dry-run 報告契約 | `docs/security/security-mirror-dry-run.snapshot.json` / `docs/security/SECURITY-MIRROR-DRY-RUN.md` |
| 資安鏡像狀態彙整契約 | `docs/security/security-mirror-status-rollup.snapshot.json` / `docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md` |
| Source Control owner response validation rollup | `docs/security/source-control-owner-response-validation-rollup.snapshot.json` / `docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md` |
| 本機 repo canonical lineage snapshot | `docs/security/local-repo-canonical-ewoooc-momo.snapshot.json` / `docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md` |
| Internal 110 refs snapshot | `docs/security/git-remote-refs-bitan-tsenyang.snapshot.json` / `docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` |
| wooo-infra-config refs snapshot | `docs/security/git-remote-refs-wooo-infra-config.snapshot.json` / `docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md` |
| Gitea/GitHub migration inventory | `docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md` |
| AwoooP handoff | `docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md` |
| 低摩擦資安 rollout policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` / `docs/security/security-rollout-policy.snapshot.json` |
| Security Supply Chain contract manifest | `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md` / `docs/security/security-supply-chain-contract-manifest.snapshot.json` |
## 7. 下一步
1. AwoooP 主線先把本清單視為契約消費檢查清單。
2. Security Supply Chain Session 補齊 Gitea 全量 repo inventory 的只讀 token 或管理匯出來源。
3. AwoooP 先 mirror S4.13 owner response validation rollup集中顯示 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets / checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 或 parallel session recovery outcome lanes 視為 approval、production ingestion 或 execution authorization。
4. Security Supply Chain Session 依 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 9 個 GitHub target owner / visibility / canonical response。
5. Security Supply Chain Session 依 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 5 個 refs truth owner response templatesaudit event templates 目前 0 emittedredaction examples 只示範安全 metadata shapecollection checks 只維持 request / received / accepted 分離preflight 只分類可審、補證、隔離、拒收或等待response 通過也只更新 read-only classification / reconcile / readiness wording。
6. Security Supply Chain Session 依 S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 收到並驗收 5 個 workflow / secret 名稱 owner response templatesrequest packet 只提示 owner 要回覆什麼template status ledger 只逐項顯示 waitingaudit event templates 只定義 0 emitted 的脫敏 metadataredaction examples 只示範安全 metadata shaperesponse 通過也只更新 read-only inventory / export request / readiness wording。
7. AwoooP 只建立 mirror/read-only policy 入口,不新增 execution action。
8. 任一方要把事件升級成實際執行,都必須先產出 `approval_required_event_v1`,並在 `security_approval_queue_v1` 中維持 `blocked_until_approved=true` 直到人工決策完成。