wooo/awoooi

Fork 0

Files

Your Name e8e15faf28

CD Pipeline / tests (push) Successful in 1m26s

Details

Code Review / ai-code-review (push) Successful in 12s

Details

CD Pipeline / build-and-deploy (push) Successful in 4m31s

Details

CD Pipeline / post-deploy-checks (push) Successful in 1m32s

Details

feat(security): 擴充 source-control 納管範圍

2026-06-11 19:23:40 +08:00

6.0 KiB

Raw Blame History

Workflow / Secret 名稱 Redacted Export Request

項目	內容
日期	2026-06-11
狀態	草案，等待 owner / read-only export
Schema	`docs/schemas/source_control_workflow_secret_name_export_request_v1.schema.json`
Snapshot	`docs/security/source-control-workflow-secret-name-export-request.snapshot.json`
來源契約	`source_control_workflow_secret_name_inventory_v1`
Owner response 收件包	`docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md` / `docs/security/source-control-workflow-secret-name-owner-response.snapshot.json`
模式	`redacted_export_request_only`
runtime 執行授權	`false`

0. 核心結論

S4.3 把 S4.2 還缺的控制面 evidence 拆成可交接的 redacted export request。

這不是 API 執行、不是 GitHub primary cutover、也不是 workflow / secret 修改。它只是告訴 repo owner 或未來只讀匯出工具：每個 repo 要補哪些欄位、哪些欄位可以保存、哪些敏感值必須拒收。S4.12 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包，讓請求、等待狀態、0 emitted 脫敏 audit metadata、安全回覆範例與回覆可審、可驗收、可拒收，但仍不授權任何變更。

1. 摘要

指標	數量
Candidate repos	10
In-scope export requests	9
External scope review	1
Export lanes	5
S4.12 request packet	1
S4.12 template statuses	5
S4.12 audit event templates	3
S4.12 redaction examples	5
S4.12 collection checks	6
S4.12 intake preflight checks	6
S4.12 response templates	5
S4.12 received / accepted / rejected	`0 / 0 / 0`
Webhook export request repos	2
Runner export request repos	5
Deploy key export request repos	1
Branch protection / CODEOWNERS export request repos	6
Repository secret name parity export request repos	9
Secret value collection allowed	`false`
Write token allowed	`false`
Runtime actions authorized	`false`

2. Export Lanes

Lane	可保存	禁止保存
Webhook	provider、webhook name、redacted host、event types、enabled flag、owner	webhook secret、含 token URL、header、cookie、body
Runner	runner label、scope、executor type、host alias、self-hosted / hosted、owner	registration token、admin token、SSH key、host password
Deploy key	key name、read-only flag、repo scope、owner、last seen metadata	private key、完整 public key、token、password
Branch protection / CODEOWNERS	protected branch、required checks、review count、CODEOWNERS path、owner teams	team secret、PAT、admin override token
Repository secret names	secret name、scope、owner、used by workflow、present in Gitea / GitHub	secret value、plaintext、token、private key、credential value

3. Repo Request

Repo	Request state	Requested lanes
`owenhytsai/awoooi`	waiting owner export	webhook、runner、branch protection / CODEOWNERS、repository secret name parity
`owenhytsai/clawbot-v5`	waiting owner export	branch protection / CODEOWNERS、repository secret name parity
`owenhytsai/wooo-aiops`	waiting owner export	webhook、runner、repository secret name parity
`owenhytsai/wooo-infra-config`	waiting owner export	runner、deploy key、branch protection / CODEOWNERS、repository secret name parity
`owenhytsai/ewoooc`	waiting owner export	runner、branch protection / CODEOWNERS、repository secret name parity
`owenhytsai/bitan-pharmacy`	waiting owner export	repository secret name parity
`owenhytsai/tsenyang-website`	waiting owner export	repository secret name parity
`nexu-io/open-design`	waiting scope review	不進 AWOOOI primary cutover queue
`owenhytsai/VibeWork`	waiting owner export	branch protection / CODEOWNERS、repository secret name parity；保留獨立產品邊界
`owenhytsai/agent-bounty-protocol`	waiting owner export	runner、branch protection / CODEOWNERS、repository secret name parity；補 agent / bounty / treasury / execution surface 邊界

4. AwoooP 可做

顯示每個 repo 等待哪一類 redacted export。
顯示 owner export / read-only API export 的 acceptance gate。
顯示 GitHub hosted runner 可能造成額度消耗的 review lane。
把完成的 redacted export 作為 Audit evidence 等待人工審查。
若 payload 含敏感值，送進 mirror quarantine。
顯示 S4.12 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、templates、acceptance checks 與 rejection rules。

5. AwoooP 不可做

不呼叫 write API。
不顯示或保存 secret value、token value、cookie、private key、webhook secret、runner registration token。
不修改 workflow、webhook、runner、deploy key、branch protection 或 secret。
不建立 GitHub repo、不 sync refs、不切 GitHub primary。
不把 export request 當成已批准或已完成的 evidence。

6. 階段定位

S4.1 建立 inventory gate，S4.2 補本機 workflow / CODEOWNERS / referenced secret name evidence，S4.3 補「下一步匯出請求包」。

S4.12 補「owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包」，固定 5 類 export lanes 的請求欄位、等待狀態、0 emitted 脫敏 audit metadata、安全回覆範例、只讀收件檢查、只讀 preflight、回覆欄位與拒收規則，避免後續誤收 secret value、誤用 write token、誤啟 GitHub hosted runner 或誤改 workflow。

這仍然是低摩擦框架期：先把資料責任、欄位邊界與拒收規則定清楚，避免後續真的接 owner export 或只讀 API 時誤收秘密值、誤用 write token，或誤把資料補齊當成主控切換批准。

6.0 KiB Raw Blame History Unescape Escape

Workflow / Secret 名稱 Redacted Export Request

0. 核心結論

1. 摘要

2. Export Lanes

3. Repo Request

4. AwoooP 可做

5. AwoooP 不可做

6. 階段定位

6.0 KiB

Raw Blame History