164 lines
13 KiB
Markdown
164 lines
13 KiB
Markdown
# GitHub Target Owner Decision Response 收件包
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-11 |
|
||
| 狀態 | 草案與 P1-3 handoff 已整理,等待 owner response |
|
||
| 資料契約 | `docs/schemas/github_target_owner_decision_response_v1.schema.json` |
|
||
| 快照 | `docs/security/github-target-owner-decision-response.snapshot.json` |
|
||
| 來源契約 | `github_target_decision_v1` |
|
||
| 目標契約 | `github_target_repo_approval_package_v1` |
|
||
| 模式 | `owner_decision_response_intake_only` |
|
||
| 執行面授權 | `false` |
|
||
|
||
## 0. 核心結論
|
||
|
||
S4.10 補的是「owner 要怎麼回覆 9 個 GitHub target 的 owner / visibility / canonical 決策」。
|
||
|
||
S4.10 不是 repo creation approval、不是 visibility change approval、不是 refs sync approval,也不是 GitHub primary approval。它只把 owner response request packet、回覆欄位、可接受決策、驗收規則、拒收規則與允許輸出固定下來,讓 AwoooP 能只讀顯示並等待人工補證。
|
||
|
||
此文件不要求貼 token,不接受 raw secret,不建立 GitHub repo,不修改 visibility,不 sync refs,不切 primary,也不停用 Gitea。
|
||
|
||
## 1. Response 摘要
|
||
|
||
| 指標 | 值 |
|
||
|------|----|
|
||
| owner response 狀態 | waiting_owner_response |
|
||
| GitHub target decisions | 10 |
|
||
| 需要人工決策 targets | 9 |
|
||
| owner response request packet | 1 |
|
||
| owner response template statuses | 9 |
|
||
| owner response audit event templates | 3 |
|
||
| owner response redaction examples | 5 |
|
||
| owner response collection checks | 6 |
|
||
| intake preflight checks | 6 |
|
||
| response templates | 9 |
|
||
| 已收到 response | 0 |
|
||
| 已接受 response | 0 |
|
||
| 已拒收 response | 0 |
|
||
| acceptance checks | 8 |
|
||
| rejection rules | 10 |
|
||
| 授權建立 repo | `false` |
|
||
| 授權修改 visibility | `false` |
|
||
| 授權 sync refs | `false` |
|
||
| 授權切換 GitHub primary | `false` |
|
||
| 允許收集 secret value | `false` |
|
||
| 允許 action button | `false` |
|
||
|
||
## 1.1 Owner Response Request Packet
|
||
|
||
S4.10 request packet 只讓 AwoooP 顯示「要請 owner 回覆哪 9 個 GitHub target」。它不是 approval queue、不是 execution queue,也不得附加建立 repo、修改 visibility、sync refs 或切 GitHub primary 的按鈕。
|
||
|
||
| 欄位 | 內容 |
|
||
|------|------|
|
||
| request id | `s4_10_github_target_owner_decision_response_request` |
|
||
| 顯示狀態 | `ready_to_request_owner_response` |
|
||
| required response items | 9 |
|
||
| 顯示模式 | `display_owner_response_request_only` |
|
||
| execution authorized | `false` |
|
||
| not approval | `true` |
|
||
|
||
## 1.2 Owner Response Template Status Ledger
|
||
|
||
S4.10 template status ledger 只讓 AwoooP 逐項顯示 9 個 GitHub target template 的收件狀態,避免只看整體 `response_template_count=9` 而漏掉單一 target 尚未回覆。
|
||
|
||
| Template | GitHub repo | 狀態 | 下一步 |
|
||
|----------|-------------|------|--------|
|
||
| `target-awoooi-refs-blocked` | `owenhytsai/awoooi` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/awoooi` 的 canonical source、visibility review owner 與 refs truth owner;不得把既有 GitHub target 視為可直接 primary。 |
|
||
| `target-clawbot-v5-refs-blocked` | `owenhytsai/clawbot-v5` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/clawbot-v5` 的 main SHA / tag 真相來源與 tag disposition owner;不得用單一句話批准 refs sync。 |
|
||
| `target-wooo-aiops-refs-blocked` | `owenhytsai/wooo-aiops` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/wooo-aiops` 的 GitHub-only refs owner 與 disposition;不得刪除 GitHub-only refs。 |
|
||
| `target-wooo-infra-config-internal-remote` | `owenhytsai/wooo-infra-config` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/wooo-infra-config` 的 110 internal remote 用途與 secret name inventory owner;不得刪除 remote 或搬移 secret value。 |
|
||
| `target-ewoooc-private-or-new` | `owenhytsai/ewoooc` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/ewoooc` 與 momo-pro-system 的 canonical 關係、private access request 或 new target candidate disposition;不得自動建立 repo 或合併 unrelated histories。 |
|
||
| `target-bitan-pharmacy-private-or-new` | `owenhytsai/bitan-pharmacy` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/bitan-pharmacy` 是否仍 active、GitHub target disposition 與 visibility review owner;不得把 not_found_or_private 當成可直接建立 repo。 |
|
||
| `target-tsenyang-website-private-or-new` | `owenhytsai/tsenyang-website` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/tsenyang-website` 是否仍 active、GitHub target disposition 與 visibility review owner;不得把 not_found_or_private 當成可直接建立 repo。 |
|
||
| `target-vibework-private-or-new` | `owenhytsai/VibeWork` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/VibeWork` 的 owner / visibility / canonical / target disposition;不得把 not_found_or_private 當成可直接建立 repo。 |
|
||
| `target-agent-bounty-protocol-private-or-new` | `owenhytsai/agent-bounty-protocol` | `waiting_owner_response` | Owner 需回覆 `owenhytsai/agent-bounty-protocol` 的 owner / visibility / canonical / target disposition;不得把 not_found_or_private 當成可直接建立 repo。 |
|
||
|
||
## 2. Owner Response 必填欄位
|
||
|
||
每筆 response 至少要能回答下列 canonical 9 欄。這 9 欄只代表收件與 reviewer 可判讀,不代表 repo creation、visibility change、refs sync、GitHub primary 或 runtime execution 被批准。
|
||
|
||
| 欄位 | 必填內容 | 缺漏時處理 |
|
||
|------|----------|------------|
|
||
| `owner_role_or_team` | 回覆責任角色或團隊,不收個人 credential 或敏感身份資料 | 補件 |
|
||
| `decision` | 只能使用第 4 節可接受決策值 | 非允許值拒收 |
|
||
| `decision_reason` | 決策理由摘要,不得貼 raw secret、token、cookie、未脫敏截圖或 API body | 補件或隔離 |
|
||
| `affected_scope` | 影響範圍,例如 repo、canonical source、visibility、refs truth、workflow-secret parity、產品邊界或 agent runtime boundary | 補件 |
|
||
| `redacted_evidence_refs` | 只引用 repo 內文件、snapshot 或已脫敏 metadata pointer | 疑似敏感 payload 進 quarantine |
|
||
| `followup_owner` | 下一步補證或判定負責人 | 補件 |
|
||
| `rollback_owner` | 若未來進入變更候選,誰負責 rollback 判定與回復計畫 | 補件 |
|
||
| `maintenance_window` | 若未來進入變更候選,允許審查的維護窗口或明確標示 `not_authorized_yet` | 補件 |
|
||
| `validation_plan` | 若未來進入變更候選,要如何驗證 read-only update、repo / refs / workflow 邊界與 post-check | 補件 |
|
||
|
||
每個 template 仍可要求 target-specific 欄位,例如 `canonical_source`、`github_target_disposition`、`visibility_review_owner`、`refs_truth_review_owner`、`product_boundary_owner`、`external_agent_owner`、`treasury_owner` 或 `runtime_gate_owner`。新納入的 `VibeWork` 必須補 product / surface owner,`agent-bounty-protocol` 必須補 external agent / treasury / runtime gate owner。
|
||
|
||
## 3. 九個 Response Template
|
||
|
||
| Template | GitHub target | 驗收重點 |
|
||
|----------|---------------|----------|
|
||
| `target-awoooi-refs-blocked` | `owenhytsai/awoooi` | 指定 owner、canonical source、visibility review owner 與 refs truth review owner;維持 refs action disabled。 |
|
||
| `target-clawbot-v5-refs-blocked` | `owenhytsai/clawbot-v5` | 指定 main SHA / tag 真相來源與 owner;維持 refs action disabled。 |
|
||
| `target-wooo-aiops-refs-blocked` | `owenhytsai/wooo-aiops` | 指定 GitHub-only branch / tags 的來源 owner 與 disposition;維持 refs action disabled。 |
|
||
| `target-wooo-infra-config-internal-remote` | `owenhytsai/wooo-infra-config` | 判定 110 internal remote 用途、infra owner 與 secret name inventory owner。 |
|
||
| `target-ewoooc-private-or-new` | `owenhytsai/ewoooc` | 判定 ewoooc / momo-pro-system canonical 關係與 GitHub target 是既有 private repo、候選新 repo 或需補證。 |
|
||
| `target-bitan-pharmacy-private-or-new` | `owenhytsai/bitan-pharmacy` | 判定 repo 是否仍 active、GitHub target disposition、owner 與 visibility review owner。 |
|
||
| `target-tsenyang-website-private-or-new` | `owenhytsai/tsenyang-website` | 判定 repo 是否仍 active、GitHub target disposition、owner 與 visibility review owner。 |
|
||
| `target-vibework-private-or-new` | `owenhytsai/VibeWork` | 判定 VibeWork GitHub target、產品邊界、repo owner、surface owner、canonical source 與 visibility review owner;保持獨立產品邊界。 |
|
||
| `target-agent-bounty-protocol-private-or-new` | `owenhytsai/agent-bounty-protocol` | 判定 agent-bounty-protocol GitHub target、repo owner、deployment owner、external agent owner、treasury owner、canonical source 與 visibility review owner;runtime gate 維持 0。 |
|
||
|
||
## 4. 可接受決策值
|
||
|
||
| Decision | 意義 |
|
||
|----------|------|
|
||
| `approve_existing_target_as_candidate` | 只同意既有 GitHub target 作為候選,不授權 refs / primary 執行 |
|
||
| `approve_private_target_access_request` | 只同意要求 owner 補 private target access evidence,不授權修改設定 |
|
||
| `approve_new_target_creation_candidate` | 只同意把新 target 建立列為候選計畫,不授權建立 repo |
|
||
| `hold_pending_refs_truth` | 維持等待 refs truth / tag disposition |
|
||
| `hold_pending_canonical_review` | 維持等待 canonical / owner review |
|
||
| `hold_pending_product_boundary_review` | 維持等待產品邊界 owner review |
|
||
| `hold_pending_agent_runtime_boundary_review` | 維持等待 agent / treasury / runtime gate owner review |
|
||
| `mark_external_or_out_of_scope` | 標示為外部或不納入本輪 scope,需附 owner 理由 |
|
||
| `unknown_requires_more_evidence` | 證據不足,需補脫敏 evidence |
|
||
|
||
## 5. 驗收規則
|
||
|
||
1. `github_repo` 必須對應 github_target_decision_v1 的 9 個 approval-required targets 之一。
|
||
2. `decision` 必須是該 target template 的 acceptable_decisions 之一。
|
||
3. 每筆回覆必須填齊 canonical 9 欄,並依 template 補齊 visibility review owner、canonical source 或明確 out-of-scope disposition。
|
||
4. in-scope 或 candidate target 必須標示 canonical source;未知時必須選 unknown_requires_more_evidence。
|
||
5. 回覆不得把 refs truth、workflow-secret parity、Gitea inventory、rollback ADR 或 server-side diff 缺口視為已完成。
|
||
6. 回覆只能批准候選方向或補證方向,不得包含立即建立 repo 或修改 visibility 的執行要求。
|
||
7. 回覆不得要求 push、delete、force push、mirror sync、primary switch 或 disable Gitea。
|
||
8. `redacted_evidence_refs` 只能指向 repo 內文件、snapshot 或已脫敏 owner metadata,不得含 token、credential、secret value、private key 或 deploy key value。
|
||
|
||
## 6. 必須拒收
|
||
|
||
1. 回覆含 token value、PAT、cookie、session、CSRF token、private key 或 partial credential 時必須拒收。
|
||
2. 回覆含 repo creation command、API request body、CLI command 或 automation payload 時必須拒收。
|
||
3. 回覆含 visibility change command 或要求立即修改 public/private/internal visibility 時必須拒收。
|
||
4. 回覆要求 push refs、delete refs、force push、mirror sync、tag rewrite 或 branch rewrite 時必須拒收。
|
||
5. 回覆要求切 GitHub primary、停用 Gitea、刪除 Gitea、封存 Gitea 或移除 fallback 時必須拒收。
|
||
6. 回覆缺 canonical 9 欄、visibility review owner、canonical source 或 out-of-scope disposition 時不得標記 accepted。
|
||
7. 回覆把 `not_found_or_private` 自動解釋為 repo 不存在或可建立時必須拒收。
|
||
8. 回覆要求自動合併 unrelated histories 或刪除 momo / ewoooc working tree 時必須拒收。
|
||
9. 回覆把 owner decision response 當成 repo migration approval、refs sync approval 或 primary approval 時必須拒收。
|
||
10. 任何不確定是否含敏感值、私有 URL 憑證或未脫敏截圖的回覆必須先進 mirror quarantine。
|
||
|
||
## 7. AwoooP 可做
|
||
|
||
1. 顯示 1 個 owner response request packet。
|
||
2. 顯示 9 個 owner response template statuses。
|
||
3. 顯示 3 個 owner response audit event templates。
|
||
4. 顯示 5 個 owner response redaction examples。
|
||
5. 顯示 6 個 owner response collection checks。
|
||
6. 顯示 6 個 intake preflight checks。
|
||
7. 顯示 9 個 owner decision response templates。
|
||
8. 顯示 acceptance checks 與 rejection rules。
|
||
9. 在 owner response 到來後,只更新 read-only decision table、approval package、approval board、primary readiness gate 與 status rollup。
|
||
10. 將不完整或可疑 response 放進 mirror quarantine。
|
||
11. 持續顯示 `received_response_count=0`、`accepted_response_count=0`,直到真的收到脫敏 response。
|
||
|
||
## 8. 不變邊界
|
||
|
||
它讓 9 個 GitHub target 的 owner / visibility / canonical response 變得可審、可驗收、可拒收,但仍停在框架期。真正進入 GitHub primary 或 refs migration 前,仍必須等 Gitea inventory、refs truth、workflow-secret parity、rollback ADR、owner approval 與後續 runtime gate 全部補齊。
|