wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 5 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md
Your Name 58e760fae2
All checks were successful
CD Pipeline / tests (push) Successful in 1m25s
Details
Code Review / ai-code-review (push) Successful in 13s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m2s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m48s
Details
feat(security): 擴充 S4.10 target owner response
2026-06-11 20:30:41 +08:00

64 lines
5.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# GitHub Target 建立與可見性決策表
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-11 |
| 狀態 | 草案,等待人工決策 |
| 上游 evidence | `docs/security/GITHUB-TARGET-PROBE-SNAPSHOT.md``docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json` |
| JSON snapshot | `docs/security/github-target-decision.snapshot.json` |
| Repo-by-repo approval package | `docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md` |
| Owner response 收件包 | `docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md` |
| 原則 | 不自動建立 repo、不改 visibility、不同步 refs、不切 primary |
## 0. 核心結論
目前 GitHub target 分成五類:
1. 已存在但 refs blocked`awoooi``clawbot-v5``wooo-aiops`
2. 已存在且本機 GitHub remote 對齊,但 110 internal remote 用途待判定:`wooo-infra-config`
3. GitHub target 未授權 probe 看不到:`ewoooc``bitan-pharmacy``tsenyang-website``VibeWork``agent-bounty-protocol`
4. 外部/設計 repo需 scope review`nexu-io/open-design`
5. 新納入 IwoooS 的產品 / agent 專案必須先補 owner、canonical、visibility 與 runtime 邊界,不得直接建立 repo 或切 primary。
S4.10 目前定義 9 個 approval-required targets 的 owner / visibility / canonical 回覆請求received / accepted response 皆為 0不代表 repo creation、visibility change、refs sync 或 primary approval。
## 1. 決策表
| GitHub target | Source key | Probe | Target state | 建議動作 | 風險 | 人工批准 |
|---------------|------------|-------|--------------|----------|------|----------|
| `owenhytsai/awoooi` | `wooo/awoooi` | `exists` | `exists_refs_blocked` | hold refs reconcile | HIGH | 是 |
| `owenhytsai/clawbot-v5` | `wooo/clawbot-v5` | `exists` | `exists_refs_blocked` | hold refs reconcile | MEDIUM | 是 |
| `owenhytsai/wooo-aiops` | `wooo/wooo-aiops` | `exists` | `exists_refs_blocked` | hold refs reconcile | MEDIUM | 是 |
| `owenhytsai/wooo-infra-config` | `wooo/wooo-infra-config` | `exists` | `exists_aligned` | confirm internal remote purpose | MEDIUM | 是 |
| `owenhytsai/ewoooc` | `wooo/ewoooc / root/momo-pro-system / momo working trees` | `not_found_or_private` | `not_found_or_private` | create or grant access after approval | HIGH | 是 |
| `owenhytsai/bitan-pharmacy` | `bitan-pharmacy` | `not_found_or_private` | `not_found_or_private` | create or grant access after approval | MEDIUM | 是 |
| `owenhytsai/tsenyang-website` | `tsenyang-website` | `not_found_or_private` | `not_found_or_private` | create or grant access after approval | MEDIUM | 是 |
| `nexu-io/open-design` | `open-design` | `exists` | `external_scope` | scope review only | LOW | 否 |
| `owenhytsai/VibeWork` | `vibework` | `not_found_or_private` | `not_found_or_private` | create or grant access after approval | HIGH | 是 |
| `owenhytsai/agent-bounty-protocol` | `agent-bounty-protocol` | `not_found_or_private` | `not_found_or_private` | create or grant access after approval | HIGH | 是 |
## 2. 建立 / 授權前 gate
| Repo | Blocked until |
|------|---------------|
| `owenhytsai/awoooi` | Gitea/GitHub main SHA 對齊或人工指定真相來源、branches/tags/workflows/webhooks/secrets 名稱 inventory 完成、GitHub primary ADR 完成 |
| `owenhytsai/clawbot-v5` | Gitea/GitHub main SHA 對齊或人工指定真相來源、GitHub 缺 Gitea tag 的處理方式已決定 |
| `owenhytsai/wooo-aiops` | Gitea/GitHub main SHA 對齊或人工指定真相來源、GitHub-only branch 與 tags 的來源已釐清 |
| `owenhytsai/wooo-infra-config` | 110 internal remote 用途已確認、若 110 remote 為舊主控已降級或移除、infra secrets 名稱 inventory 完成 |
| `owenhytsai/ewoooc` | ewoooc/momo-pro-system canonical 關係人工確認、server-side refs diff 完成、GitHub repo visibility 與 owner 決策完成 |
| `owenhytsai/bitan-pharmacy` | 確認 repo 是否仍 active、GitHub repo visibility 與 owner 決策完成 |
| `owenhytsai/tsenyang-website` | 確認 repo 是否仍 active、GitHub repo visibility 與 owner 決策完成 |
| `owenhytsai/VibeWork` | VibeWork 產品 / repo / surface owner 與 canonical source 決策完成、確認是否存在 private GitHub target 或需要建立候選 repo、保留 VibeWork 獨立產品邊界,不得由 AWOOOI primary readiness 直接併入、workflow / CODEOWNERS / deploy key / repository secret name parity owner response 完成 |
| `owenhytsai/agent-bounty-protocol` | agent-bounty-protocol repo / deployment / external agent / treasury owner 決策完成、確認是否存在 private GitHub target 或需要建立候選 repo、A2A / MCP / bounty / treasury / payout / withdrawal runtime gate 維持 0、branch protection / CODEOWNERS / repository secret name parity owner response 完成 |
## 3. AwoooP 消費方式
AwoooP 可以 mirror `github_target_decision_v1` 作為 migration planning evidence但只能做 read-only policy 建議與 approval candidate 顯示;不得建立 GitHub repo、修改 visibility、新增 secret、同步 refs 或切 GitHub primary。
## 4. 下一步
1. 依 S4.10 `GITHUB-TARGET-OWNER-DECISION-RESPONSE.md` 對 9 個 approval-required targets 收 owner / visibility / canonical response。
2. 先補 `VibeWork` 的產品邊界與 owner 決策。
3. 先補 `agent-bounty-protocol` 的 agent / bounty / treasury / runtime gate owner 決策。
4. 任何 repo 建立、visibility 修改或 mirror 行為,都必須先走獨立 approval。
Reference in New Issue View Git Blame Copy Permalink