wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md
Your Name 9e15fd08b3
All checks were successful
CD Pipeline / tests (push) Successful in 1m39s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 5m19s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m11s
Details
feat(web): land iwooos security posture surfaces
2026-05-25 20:35:52 +08:00

77 lines
5.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 資安供應鏈鏡像接收計畫
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 狀態 | 草案 |
| Schema | `docs/schemas/security_mirror_intake_plan_v1.schema.json` |
| Snapshot | `docs/security/security-mirror-intake-plan.snapshot.json` |
| 模式 | `mirror_only` |
| runtime 執行授權 | `false` |
## 0. 核心結論
本 intake plan 是給 AwoooP 主線實作 mirror-only / read-only 消費時使用的安全路線圖。
它只定義讀取順序、鏡像目的地、允許處理與禁止處理,不授權任何 runtime 執行。
## 1. Intake Waves
| Wave | 目的 | 主要 contracts | Exit gate |
|------|------|----------------|-----------|
| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣、驗收契約、隔離契約、dry-run 報告格式、status rollup、IwoooS posture projection、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate | readiness / manifest / rollout policy / mirror event / mirror route / acceptance / quarantine / dry-run / status rollup / IwoooS posture projection / approval gate / decision record / review packet / state transition / follow-up runtime gate / primary readiness gate / rollback ADR / workflow-secret inventory | 顯示 36 個 contract 且 `execution_allowed=false` |
| `M1_kali_visibility` | 顯示 Kali 112、scan scope、approval queue | Kali status / scan scope / approval queue / finding sample | 顯示 5 個 scope groups 與 8 個 queue items沒有執行按鈕 |
| `M2_source_control_visibility` | 顯示 Gitea/GitHub source-control evidence、GitHub primary readiness blockers、rollback ADR 草案與 workflow / secret 名稱 inventory 缺口 | migration / inventory / refs / approval board / primary readiness gate / rollback ADR / workflow-secret inventory | 顯示 blocking reasonsrepo/refs/primary/workflow/secret actions 全 disabled |
| `M3_approval_candidates` | 顯示 approval candidates、S3 gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR、workflow / secret 名稱 inventory gate 與人工決策留痕 | approval events / approval queue / approval gate / decision record / review packet / state transition / follow-up runtime gate / primary readiness gate / rollback ADR / workflow-secret inventory / source-control board | 可留痕,不可自動批准或執行 |
| `M4_patch_only_backlog` | 顯示 Codex patch-only backlog lane | coding task | 只顯示 lane不接 Codex runner action |
## 2. AwoooP 可做
1. 讀取 `security_mirror_readiness_v1`、manifest 與 rollout policy並顯示 7 條 non-blocking escalation lanes。
2. 使用 `security_mirror_event_v1` 包裝每一筆 mirror payload。
3. 使用 `security_mirror_route_v1` 決定目的地、channel policy 與 review lane。
4. 使用 `security_mirror_acceptance_v1` 驗收 contract count、event envelope、route coverage 與 redaction。
5. 使用 `security_mirror_quarantine_v1` 隔離驗收失敗 payload 並顯示 retry gate。
6. 使用 `security_mirror_dry_run_v1` 回報接入演練結果。
7. 使用 `security_mirror_status_rollup_v1` 顯示跨 Session 狀態與下一個 gate。
8. 將 ready / partial contracts mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence。
9. 將 approval-only contracts mirror 到 Approval Queue。
10. 使用 `security_approval_gate_v1` 顯示批准範圍與 follow-up runtime gate。
11. 使用 `security_approval_decision_record_v1` 保存人工決策紀錄。
12. 使用 `security_approval_review_packet_v1` 顯示 review packet、required reviewers、blocked reason、evidence refs、review order。
13. 使用 `security_approval_state_transition_v1` 顯示人工決策後的 next state但不自動執行後續動作。
14. 使用 `security_followup_runtime_gate_v1` 顯示未來 runtime gate 的準備模板,但不啟用 runtime gate。
15. 使用 `source_control_primary_readiness_gate_v1` 顯示 GitHub primary parity、owner、rollback 與人工批准缺口,但不切 primary。
16. 使用 `source_control_primary_rollback_adr_v1` 顯示 rollback ADR 草案、validation window 與 owner review不執行 rollback。
17. 使用 `source_control_workflow_secret_name_inventory_v1` 顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口,但不保存 secret value、不修改 workflow。
## 3. AwoooP 不可做
1. 不啟動 Kali scan。
2. 不呼叫 Kali `/execute`
3. 不做 credentialed scan。
4. 不建立 GitHub repo。
5. 不修改 repo visibility。
6. 不 sync refs。
7. 不切 GitHub primary。
8. 不自動 merge、production deploy 或 secret rotation。
9. 不保存 raw secret、token、cookie、private key 或 exploit payload。
## 4. Acceptance Gates
| Gate | Requirement |
|------|-------------|
| `MIRROR_ONLY_DEFAULT` | 所有 waves 都必須維持 `runtime_execution_authorized=false` |
| `NO_ACTION_BUTTONS` | Operator Console 不得新增 scan、execute、repo、refs、deploy、secret 類執行按鈕 |
| `REDACTION_ONLY` | Mirror payload 不得保存 raw sensitive value |
| `LOW_MEDIUM_NOT_BLOCKING` | LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn |
## 5. 與目前主線的邊界
AwoooP 主線已經在推 MCP Gateway 與 approved SSH execution。這不改變本 security supply chain intake plan 的初期邊界:
1. Security Supply Chain contracts 仍然只是 mirror/read-only evidence。
2. Approval queue 只是人審隊列,不是 execution router。
3. Kali `/execute` 仍是 block candidate。
4. Gitea/GitHub 遷移仍不允許 repo 建立、visibility 修改、refs sync 或 primary switch。
Reference in New Issue View Git Blame Copy Permalink