wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md
Your Name 58e760fae2
All checks were successful
CD Pipeline / tests (push) Successful in 1m25s
Details
Code Review / ai-code-review (push) Successful in 13s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m2s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m48s
Details
feat(security): 擴充 S4.10 target owner response
2026-06-11 20:30:41 +08:00

90 lines
13 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# GitHub Primary Readiness Gate
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-11 |
| 狀態 | 草案blocked by default |
| Schema | `docs/schemas/source_control_primary_readiness_gate_v1.schema.json` |
| Snapshot | `docs/security/source-control-primary-readiness-gate.snapshot.json` |
| Rollback ADR | `docs/security/source-control-primary-rollback-adr.snapshot.json` |
| GitHub target owner response | `docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md` |
| Ref truth owner response | `docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md` |
| Workflow / secret owner response | `docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md` |
| Owner response validation rollup | `docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md` |
| 模式 | `primary_readiness_gate_only` |
| runtime 執行授權 | `false` |
## 0. 核心結論
`source_control_primary_readiness_gate_v1` 是 S4.0 的 GitHub primary readiness gate 草案。
它只回答一件事:如果長期方向要把 Gitea 降成本地 mirror / fallback並把 GitHub 做成 primaryAwoooP 在任何切換前必須看到哪些 parity、owner、rollback 與人工批准 evidence。
它不是 cutover plan也不是 refs sync plan。目前 `primary_ready_count=0``github_primary_switch_authorized=false`
## 0.1 2026-06-11 P1 只讀重盤結論
本輪只刷新 evidence不切 primary、不建立 repo、不同步 refs、不改 workflow、不收 secret value。
| 證據 | 2026-06-11 結果 | Gate 判讀 |
|------|-----------------|-----------|
| `awoooi` Gitea / GitHub refs | Gitea heads `170`、GitHub heads `2`、Gitea tags `2`、GitHub tags `0`、main SHA 不一致:`64490d32c67d24ed123cbd4e2261c69e17913e38` vs `202071f7a8724d5e8c29de441c3f380575a0ea94` | `blocked`S4.11 current refs truth queue 已重產為 `194` items但 owner response received / accepted 仍為 0 |
| Gitea repo inventory | user endpoint public-only 仍只看到 `wooo/awoooi``wooo/ewoooc`org endpoint 仍 blocked / 404 | `blocked`;不得視為所有 Gitea 專案已盤完 |
| GitHub target probe | 既有 8 個候選 probe 中 5 個可讀、3 個 `not_found_or_private``nexu-io/open-design` 為 external scope 且 heads 增至 `644``VibeWork``agent-bounty-protocol` 本輪先以本機 evidence 納入 waiting owner decision | `pending_review`;可讀性不是 owner approval新納入 repo 不代表 target 已批准 |
| Workflow / secret 名稱本機 evidence | 10 個候選、9 個本機可見、5 個 local evidence repo、33 個 workflow files、42 個 unique referenced secret names、`secret_value_detected=false` | `missing_evidence`;仍缺 webhook、runner owner、deploy key、branch protection、repository secret parity |
本輪規範調整snapshot 必須標示 refresh date 與可重現路徑;由工具重產的 snapshot 不得覆蓋治理補註後就直接視為完整狀態external scope / high-churn repo 只可作可見性摘要,不得加入 primary cutover queue。
## 1. 目前狀態
| 指標 | 數量 |
|------|------|
| Candidate repos | 10 |
| In-scope repos | 9 |
| External scope review | 1 |
| Primary ready | 0 |
| Blocked in-scope | 9 |
| Approval required | 9 |
## 2. 全域 Gate
| Gate | 目前狀態 | 說明 |
|------|----------|------|
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 與 collection checks 已可顯示,但 S4.7 owner coverage attestation response 仍未收到audit events emitted 仍為 0S4.13 已集中顯示四包 owner response validation、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes但 total accepted response 仍為 0、reviewer audit emitted 仍為 0 |
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs drift`awoooi` 已刷新到 Gitea heads `170` / GitHub heads `2`S4.11 current classification 為 `194` refs review itemsS4.11 owner response received / accepted 仍為 0 |
| workflow / runner / secret name parity | missing evidence | S4.2 本機 evidence 已於 2026-06-11 刷新到 33 個 workflow files / 42 個 unique referenced secret names仍缺 webhook、runner owner、deploy key、branch protection、repository secret parityS4.12 owner response received / accepted 仍為 0 |
| owner / visibility / canonical | pending review | 既有 GitHub target probe 仍是 5 個可讀、3 個 `not_found_or_private`9 個 in-scope targets 仍需人工決策S4.10 owner response received / accepted 仍為 0 |
| rollback ADR | pending review | S4.4 / P1-5 已建立 rollback ADR 與 owner handoff9 個 in-scope repos 仍需 owner response、owner approval、dry-run 與 validation window 驗收 |
## 3. AwoooP 可做
1. 顯示每個 repo 的 readiness state、blockers 與 evidence refs。
2. 顯示 `primary_ready_count=0`
3. 將 9 個 in-scope repos 維持在 approval / review lane。
4. 顯示哪些 evidence 仍缺Gitea authenticated inventory、S4.7 owner coverage attestation、S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / owner response、S4.10 GitHub target owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.11 refs truth owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.12 workflow / secret name owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.13 validation rollup / evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes、workflow/runner/secret name inventory、rollback ADR。
5. 連到 S4.10 `github_target_owner_decision_response_v1` 顯示 1 個 owner response request packet、9 個 owner response template statuses、3 個 owner response audit event templates、5 個 owner response redaction examples、6 個 owner response collection checks、6 個 intake preflight checks、9 個 owner decision response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0。
6. 連到 S4.11 `source_control_ref_truth_owner_response_v1` 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 refs owner response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0、audit events emitted 仍為 0。
7. 連到 `source_control_workflow_secret_name_inventory_v1` 與 2026-06-11 S4.2 local evidence顯示 10 個 candidate repos、33 個 workflow files、42 個 unique referenced secret names 與仍缺的 webhook / runner / deploy key / branch protection / repository secret parity只保存 secret 名稱與 owner不保存 value。
8. 連到 S4.12 `source_control_workflow_secret_name_owner_response_v1` 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 owner response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0、audit events emitted 仍為 0。
9. 連到 S4.13 `source_control_owner_response_validation_rollup_v1` 顯示四包 owner response validation 狀態24 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received / accepted / rejected response 皆為 0、reviewer audit emitted 仍為 0。
10. 連到 `source_control_primary_rollback_adr_v1` 顯示 9 個 in-scope repos 的 rollback owner handoff、trigger、fallback role 與 pre-cutover / 1h / 24h validation window 草案P1-5 handoff package ready 但 received / accepted 仍為 0。
11. 把狀態寫入 Audit evidence 與 Operator Console。
## 4. AwoooP 不可做
1. 不建立 GitHub repo。
2. 不修改 repo visibility。
3. 不 sync refs、不 delete refs、不 force push。
4. 不切 GitHub primary。
5. 不停用、刪除、封存或降級 Gitea repo。
6. 不搬移或保存 secret value。
7. 不顯示 repo、refs、primary switch 類 action button。
## 5. 階段定位
S4.0 只是把「切換前一定要看見什麼」先定義清楚。
S4.4 已補上 rollback ADR 草案P1-5 已補上 9 個 in-scope repos 的 rollback owner handoff、fallback role confirmation、trigger review、validation window refs、送件前檢查與交接封套但它仍只是 owner review 的資料包不是切換批准。S4.7 已補上 Gitea coverage owner attestationS4.9 已補上 Gitea owner response request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks、收件包、preflight 與 outcome lanesS4.10 已補上 GitHub target owner decision response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包S4.11 已補上 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包S4.12 已補上 workflow / secret 名稱 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包S4.13 已補上四包 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes它們只是 scope decision、response 收件提示、metadata audit template、脫敏範例、只讀收件檢查、只讀 preflight、只讀顯示順序、只讀 evidence routing、只讀狀態語義、人工審查提示、結果分類、脫敏稽核格式、稽核顯示邊界、只讀稽核檢查、安全 metadata 顯示範例、metadata retention 邊界、只讀 retention 驗證、跨 Session 只讀交接、交接消費檢查、平行 Session 同步檢查、衝突 lane、復原前檢查、復原結果分類與驗收框架不是 audit production ingestion、migration approval、repo creation approval、visibility change approval、refs sync approval、delete approval、force-push approval、secret value collection approval、workflow modification approval、rollback execution approval 或 primary approval。`rollback_owner_response_received_count=0``rollback_owner_response_accepted_count=0``owner_approved_count=0``dry_run_completed_count=0``active_cutover_count=0`
這讓長期回到 GitHub 的方向可以繼續往前,但仍維持低摩擦:目前只 mirror、只顯示、只留痕不執行。
Reference in New Issue View Git Blame Copy Permalink