5.4 KiB
5.4 KiB
GitHub Target 建立與可見性決策表
| 項目 | 內容 |
|---|---|
| 日期 | 2026-06-11 |
| 狀態 | 草案,等待人工決策 |
| 上游 evidence | docs/security/GITHUB-TARGET-PROBE-SNAPSHOT.md、docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json |
| JSON snapshot | docs/security/github-target-decision.snapshot.json |
| Repo-by-repo approval package | docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md |
| Owner response 收件包 | docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md |
| 原則 | 不自動建立 repo、不改 visibility、不同步 refs、不切 primary |
0. 核心結論
目前 GitHub target 分成五類:
- 已存在但 refs blocked:
awoooi、clawbot-v5、wooo-aiops。 - 已存在且本機 GitHub remote 對齊,但 110 internal remote 用途待判定:
wooo-infra-config。 - GitHub target 未授權 probe 看不到:
ewoooc、bitan-pharmacy、tsenyang-website、VibeWork、agent-bounty-protocol。 - 外部/設計 repo,需 scope review:
nexu-io/open-design。 - 新納入 IwoooS 的產品 / agent 專案必須先補 owner、canonical、visibility 與 runtime 邊界,不得直接建立 repo 或切 primary。
S4.10 目前定義 9 個 approval-required targets 的 owner / visibility / canonical 回覆請求;received / accepted response 皆為 0,不代表 repo creation、visibility change、refs sync 或 primary approval。
1. 決策表
| GitHub target | Source key | Probe | Target state | 建議動作 | 風險 | 人工批准 |
|---|---|---|---|---|---|---|
owenhytsai/awoooi |
wooo/awoooi |
exists |
exists_refs_blocked |
hold refs reconcile | HIGH | 是 |
owenhytsai/clawbot-v5 |
wooo/clawbot-v5 |
exists |
exists_refs_blocked |
hold refs reconcile | MEDIUM | 是 |
owenhytsai/wooo-aiops |
wooo/wooo-aiops |
exists |
exists_refs_blocked |
hold refs reconcile | MEDIUM | 是 |
owenhytsai/wooo-infra-config |
wooo/wooo-infra-config |
exists |
exists_aligned |
confirm internal remote purpose | MEDIUM | 是 |
owenhytsai/ewoooc |
wooo/ewoooc / root/momo-pro-system / momo working trees |
not_found_or_private |
not_found_or_private |
create or grant access after approval | HIGH | 是 |
owenhytsai/bitan-pharmacy |
bitan-pharmacy |
not_found_or_private |
not_found_or_private |
create or grant access after approval | MEDIUM | 是 |
owenhytsai/tsenyang-website |
tsenyang-website |
not_found_or_private |
not_found_or_private |
create or grant access after approval | MEDIUM | 是 |
nexu-io/open-design |
open-design |
exists |
external_scope |
scope review only | LOW | 否 |
owenhytsai/VibeWork |
vibework |
not_found_or_private |
not_found_or_private |
create or grant access after approval | HIGH | 是 |
owenhytsai/agent-bounty-protocol |
agent-bounty-protocol |
not_found_or_private |
not_found_or_private |
create or grant access after approval | HIGH | 是 |
2. 建立 / 授權前 gate
| Repo | Blocked until |
|---|---|
owenhytsai/awoooi |
Gitea/GitHub main SHA 對齊或人工指定真相來源、branches/tags/workflows/webhooks/secrets 名稱 inventory 完成、GitHub primary ADR 完成 |
owenhytsai/clawbot-v5 |
Gitea/GitHub main SHA 對齊或人工指定真相來源、GitHub 缺 Gitea tag 的處理方式已決定 |
owenhytsai/wooo-aiops |
Gitea/GitHub main SHA 對齊或人工指定真相來源、GitHub-only branch 與 tags 的來源已釐清 |
owenhytsai/wooo-infra-config |
110 internal remote 用途已確認、若 110 remote 為舊主控,已降級或移除、infra secrets 名稱 inventory 完成 |
owenhytsai/ewoooc |
ewoooc/momo-pro-system canonical 關係人工確認、server-side refs diff 完成、GitHub repo visibility 與 owner 決策完成 |
owenhytsai/bitan-pharmacy |
確認 repo 是否仍 active、GitHub repo visibility 與 owner 決策完成 |
owenhytsai/tsenyang-website |
確認 repo 是否仍 active、GitHub repo visibility 與 owner 決策完成 |
owenhytsai/VibeWork |
VibeWork 產品 / repo / surface owner 與 canonical source 決策完成、確認是否存在 private GitHub target 或需要建立候選 repo、保留 VibeWork 獨立產品邊界,不得由 AWOOOI primary readiness 直接併入、workflow / CODEOWNERS / deploy key / repository secret name parity owner response 完成 |
owenhytsai/agent-bounty-protocol |
agent-bounty-protocol repo / deployment / external agent / treasury owner 決策完成、確認是否存在 private GitHub target 或需要建立候選 repo、A2A / MCP / bounty / treasury / payout / withdrawal runtime gate 維持 0、branch protection / CODEOWNERS / repository secret name parity owner response 完成 |
3. AwoooP 消費方式
AwoooP 可以 mirror github_target_decision_v1 作為 migration planning evidence,但只能做 read-only policy 建議與 approval candidate 顯示;不得建立 GitHub repo、修改 visibility、新增 secret、同步 refs 或切 GitHub primary。
4. 下一步
- 依 S4.10
GITHUB-TARGET-OWNER-DECISION-RESPONSE.md對 9 個 approval-required targets 收 owner / visibility / canonical response。 - 先補
VibeWork的產品邊界與 owner 決策。 - 先補
agent-bounty-protocol的 agent / bounty / treasury / runtime gate owner 決策。 - 任何 repo 建立、visibility 修改或 mirror 行為,都必須先走獨立 approval。