wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/security/github-target-repo-approval-package.snapshot.json
Your Name 58e760fae2
All checks were successful
CD Pipeline / tests (push) Successful in 1m25s
Details
Code Review / ai-code-review (push) Successful in 13s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m2s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m48s
Details
feat(security): 擴充 S4.10 target owner response
2026-06-11 20:30:41 +08:00

308 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "github_target_repo_approval_package_v1",
"status": "draft",
"source_snapshot": "docs/security/github-target-decision.snapshot.json",
"package_count": 9,
"approval_items": [
{
"github_repo": "owenhytsai/awoooi",
"source_key": "wooo/awoooi",
"risk": "HIGH",
"approval_action": "reconcile_refs_after_full_inventory",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"blocked_until": [
"Gitea server-side 全量 repo inventory status=ok",
"branches/tags/workflows/webhooks/secrets 名稱 inventory 完成",
"部署真相來源已決定",
"GitHub primary ADR 與 rollback plan 完成"
],
"allowed_after_approval": [
"產生 refs reconcile plan",
"產生 draft migration PR 或 ADR",
"更新 migration matrix 與 evidence"
],
"still_forbidden": [
"直接 push refs",
"直接切 GitHub primary",
"直接停用 Gitea",
"搬 secret value"
],
"evidence_refs": [
"docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "Gitea/GitHub main SHA、branches、tags 未對齊,必須先做 reconcile plan。"
},
{
"github_repo": "owenhytsai/clawbot-v5",
"source_key": "wooo/clawbot-v5",
"risk": "MEDIUM",
"approval_action": "reconcile_refs_after_full_inventory",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"human-owner"
],
"blocked_until": [
"Gitea/GitHub main SHA 對齊或人工指定真相來源",
"GitHub 缺 Gitea tag 的處理方式已決定"
],
"allowed_after_approval": [
"產生 refs reconcile plan",
"更新 migration matrix"
],
"still_forbidden": [
"直接 push refs",
"直接切 primary",
"刪除任一端 repo"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "GitHub repo 可見,但 main SHA 與 tag 狀態未對齊。"
},
{
"github_repo": "owenhytsai/wooo-aiops",
"source_key": "wooo/wooo-aiops",
"risk": "MEDIUM",
"approval_action": "reconcile_refs_after_full_inventory",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"human-owner"
],
"blocked_until": [
"Gitea/GitHub main SHA 對齊或人工指定真相來源",
"GitHub-only branch 與 tags 的來源已釐清"
],
"allowed_after_approval": [
"產生 refs reconcile plan",
"更新 migration matrix"
],
"still_forbidden": [
"直接 push refs",
"直接切 primary",
"刪除 GitHub-only refs"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "GitHub tags 比 Gitea 多,需先釐清真相來源。"
},
{
"github_repo": "owenhytsai/wooo-infra-config",
"source_key": "wooo/wooo-infra-config",
"risk": "MEDIUM",
"approval_action": "confirm_internal_remote_purpose",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"blocked_until": [
"110 internal remote 用途已確認",
"若 110 remote 為舊主控,已降級或移除",
"infra secrets 名稱 inventory 完成"
],
"allowed_after_approval": [
"標記 110 remote 為 mirror、legacy 或 active source",
"更新 canonical decision table"
],
"still_forbidden": [
"直接刪除 remote",
"直接同步 refs",
"搬 infra secret value"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "GitHub 與本機 main 對齊,但 110 internal remote 不可讀,需判斷用途。"
},
{
"github_repo": "owenhytsai/ewoooc",
"source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees",
"risk": "HIGH",
"approval_action": "create_or_grant_access_after_canonical_approval",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"blocked_until": [
"ewoooc/momo-pro-system canonical 關係人工確認",
"server-side refs diff 完成",
"GitHub repo owner 與 visibility 決策完成"
],
"allowed_after_approval": [
"決定建立 GitHub repo 或授權既有 private repo",
"產生 migration plan"
],
"still_forbidden": [
"自動建立 mirror",
"自動合併 unrelated histories",
"刪除任一 momo/ewoooc working tree",
"切 GitHub primary"
],
"evidence_refs": [
"docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md",
"docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "momo/ewoooc lineage sample 目前 unrelated不能自動視為同 repo。"
},
{
"github_repo": "owenhytsai/bitan-pharmacy",
"source_key": "bitan-pharmacy",
"risk": "MEDIUM",
"approval_action": "create_or_grant_access_after_canonical_approval",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"human-owner"
],
"blocked_until": [
"確認 repo 是否仍 active",
"GitHub repo owner 與 visibility 決策完成"
],
"allowed_after_approval": [
"決定建立 GitHub repo 或授權既有 private repo",
"產生 migration plan"
],
"still_forbidden": [
"自動建立 repo",
"自動 push refs",
"刪除 110 remote"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "110 remote 與本機 main 對齊,可作 source candidateGitHub target 未確認。"
},
{
"github_repo": "owenhytsai/tsenyang-website",
"source_key": "tsenyang-website",
"risk": "MEDIUM",
"approval_action": "create_or_grant_access_after_canonical_approval",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"human-owner"
],
"blocked_until": [
"確認 repo 是否仍 active",
"GitHub repo owner 與 visibility 決策完成"
],
"allowed_after_approval": [
"決定建立 GitHub repo 或授權既有 private repo",
"產生 migration plan"
],
"still_forbidden": [
"自動建立 repo",
"自動 push refs",
"刪除 110 remote"
],
"evidence_refs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "110 remote 與本機 main 對齊,可作 source candidateGitHub target 未確認。"
},
{
"github_repo": "owenhytsai/VibeWork",
"source_key": "vibework",
"risk": "HIGH",
"approval_action": "create_or_grant_access_after_product_boundary_approval",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"security-commander",
"product-owner",
"human-owner"
],
"blocked_until": [
"VibeWork 產品 / repo / surface owner 與 canonical source 決策完成",
"確認是否存在 private GitHub target 或需要建立候選 repo",
"保留 VibeWork 獨立產品邊界,不得由 AWOOOI primary readiness 直接併入",
"workflow / CODEOWNERS / deploy key / repository secret name parity owner response 完成"
],
"allowed_after_approval": [
"決定授權既有 private target 或建立候選 GitHub repo 計畫",
"補 repo / product / surface owner metadata",
"更新 source-control primary readiness 的 VibeWork read-only 欄位"
],
"still_forbidden": [
"自動建立 repo",
"自動 push refs",
"修改 workflow 或 CODEOWNERS",
"搬移 secret value",
"把 VibeWork 產品邊界併入 AWOOOI",
"切 GitHub primary"
],
"evidence_refs": [
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "GitHub unauthenticated probe 為 not_found_or_private只能代表公開未授權看不到不得視為 repo 不存在或可直接建立。VibeWork 仍維持獨立產品邊界。"
},
{
"github_repo": "owenhytsai/agent-bounty-protocol",
"source_key": "agent-bounty-protocol",
"risk": "HIGH",
"approval_action": "create_or_grant_access_after_agent_runtime_boundary_approval",
"approval_status": "pending",
"required_reviewers": [
"migration-engineer",
"security-commander",
"product-owner",
"treasury-owner",
"human-owner"
],
"blocked_until": [
"agent-bounty-protocol repo / deployment / external agent / treasury owner 決策完成",
"確認是否存在 private GitHub target 或需要建立候選 repo",
"A2A / MCP / bounty / treasury / payout / withdrawal runtime gate 維持 0",
"branch protection / CODEOWNERS / repository secret name parity owner response 完成"
],
"allowed_after_approval": [
"決定授權既有 private target 或建立候選 GitHub repo 計畫",
"補 agent / bounty / treasury / execution surface owner metadata",
"更新 source-control primary readiness 的 agent-bounty-protocol read-only 欄位"
],
"still_forbidden": [
"自動建立 repo",
"自動 push refs",
"修改 workflow",
"啟用 agent claim / submit / daemon",
"執行 payout 或 withdrawal",
"搬移 secret value",
"切 GitHub primary"
],
"evidence_refs": [
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
"docs/security/github-target-owner-decision-response.snapshot.json"
],
"notes": "GitHub unauthenticated probe 為 not_found_or_private只能代表公開未授權看不到不得視為 repo 不存在或可直接建立。agent / bounty / treasury / execution surface 仍需 owner response。"
}
]
}
Reference in New Issue View Git Blame Copy Permalink