249 lines
10 KiB
JSON
249 lines
10 KiB
JSON
{
|
||
"schema_version": "security_mirror_route_v1",
|
||
"status": "draft",
|
||
"date": "2026-05-13",
|
||
"mode": "mirror_only",
|
||
"runtime_execution_authorized": false,
|
||
"source_indexes": [
|
||
"docs/security/security-mirror-readiness.snapshot.json",
|
||
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
|
||
"docs/security/security-mirror-intake-plan.snapshot.json",
|
||
"docs/security/security-mirror-event-sample.snapshot.json",
|
||
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
|
||
"docs/security/source-control-primary-rollback-adr.snapshot.json",
|
||
"docs/security/iwooos-posture-projection.snapshot.json"
|
||
],
|
||
"summary": {
|
||
"total_contracts": 36,
|
||
"route_group_count": 5,
|
||
"channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 不發阻擋事件。",
|
||
"approval_queue_policy": "只有 approval-only、suggest-only 或 blocked-until-approved 項目可進 approval queue;approval queue 不代表可執行。"
|
||
},
|
||
"route_groups": [
|
||
{
|
||
"wave_id": "M0_index_bootstrap",
|
||
"title": "契約索引與只讀路由啟動",
|
||
"contracts": [
|
||
"security_mirror_readiness_v1",
|
||
"security_rollout_policy_v1",
|
||
"security_mirror_event_v1",
|
||
"security_mirror_intake_plan_v1",
|
||
"security_mirror_route_v1",
|
||
"security_mirror_acceptance_v1",
|
||
"security_mirror_quarantine_v1",
|
||
"security_mirror_dry_run_v1",
|
||
"security_mirror_status_rollup_v1",
|
||
"iwooos_posture_projection_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"runtime_state",
|
||
"audit_evidence"
|
||
],
|
||
"channel_policy": "no_channel_event",
|
||
"review_lane": "observe",
|
||
"allowed_processing": [
|
||
"顯示 contract readiness 與 manifest",
|
||
"顯示 mirror-only policy",
|
||
"顯示每個 wave 的目的地與 blocked processing",
|
||
"要求所有鏡像 payload 使用 security_mirror_event_v1 信封",
|
||
"顯示 security_mirror_acceptance_v1 驗收結果",
|
||
"顯示 security_mirror_quarantine_v1 隔離 lane 與 retry gate",
|
||
"顯示 security_mirror_dry_run_v1 dry-run steps",
|
||
"顯示 security_mirror_status_rollup_v1 跨 Session 狀態與下一個 gate",
|
||
"顯示 S3 review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory contract 位置",
|
||
"顯示 iwooos_posture_projection_v1 前端資安態勢投影"
|
||
],
|
||
"blocked_processing": [
|
||
"新增執行按鈕",
|
||
"把 readiness 當執行授權",
|
||
"runtime blocking",
|
||
"自動批准任何 queue item"
|
||
],
|
||
"exit_gate": "AwoooP 可顯示 36 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且所有 route 都維持 runtime_execution_authorized=false。"
|
||
},
|
||
{
|
||
"wave_id": "M1_kali_visibility",
|
||
"title": "Kali 112 與掃描範圍能見度",
|
||
"contracts": [
|
||
"kali_integration_status_v1",
|
||
"kali_scan_scope_approval_v1",
|
||
"security_approval_queue_v1",
|
||
"security_finding_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"runtime_state",
|
||
"channel_event",
|
||
"approval_queue",
|
||
"audit_evidence"
|
||
],
|
||
"channel_policy": "approval_required_only",
|
||
"review_lane": "approval_required",
|
||
"allowed_processing": [
|
||
"顯示 Kali 112 health、更新狀態與缺口",
|
||
"顯示 111 / 168 與核心主機 observe-only scope",
|
||
"顯示 scan scope approval gates",
|
||
"顯示 redacted finding sample"
|
||
],
|
||
"blocked_processing": [
|
||
"啟動 active scan",
|
||
"呼叫 Kali execute endpoint",
|
||
"credentialed scan",
|
||
"full-upgrade 或 reboot",
|
||
"保存 secret value"
|
||
],
|
||
"exit_gate": "AwoooP 能顯示 Kali visibility 與 approval gates,但沒有 scan / execute action。"
|
||
},
|
||
{
|
||
"wave_id": "M2_source_control_visibility",
|
||
"title": "Gitea / GitHub 版本與 refs 能見度",
|
||
"contracts": [
|
||
"source_control_migration_event_v1",
|
||
"gitea_repo_inventory_v1",
|
||
"local_git_remote_inventory_v1",
|
||
"github_target_probe_v1",
|
||
"github_target_decision_v1",
|
||
"github_target_repo_approval_package_v1",
|
||
"source_control_approval_board_v1",
|
||
"source_control_reconcile_plan_v1",
|
||
"source_control_ref_detail_diff_v1",
|
||
"source_control_ref_truth_classification_v1",
|
||
"source_control_primary_readiness_gate_v1",
|
||
"source_control_primary_rollback_adr_v1",
|
||
"source_control_workflow_secret_name_inventory_v1",
|
||
"local_repo_canonical_probe_v1",
|
||
"git_remote_refs_probe_v1",
|
||
"approval_required_event_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"runtime_state",
|
||
"approval_queue",
|
||
"audit_evidence"
|
||
],
|
||
"channel_policy": "low_noise_status",
|
||
"review_lane": "source_control_review",
|
||
"allowed_processing": [
|
||
"顯示 repo / branch / tag 差異",
|
||
"顯示 owner、visibility、canonical 與 refs review lane",
|
||
"顯示 GitHub primary readiness blockers 與 rollback ADR 草案",
|
||
"顯示 workflow / webhook / runner / secret 名稱 inventory 缺口,不保存 secret value",
|
||
"顯示 Gitea inventory partial reason",
|
||
"顯示 GitHub primary cutover blocked reason"
|
||
],
|
||
"blocked_processing": [
|
||
"建立 GitHub repo",
|
||
"修改 repo visibility",
|
||
"sync refs",
|
||
"切 GitHub primary",
|
||
"刪除、停用或封存 Gitea repo"
|
||
],
|
||
"exit_gate": "AwoooP 能看見 migration blockers 與 review lanes,所有 repo / refs action 都 disabled。"
|
||
},
|
||
{
|
||
"wave_id": "M3_approval_candidates",
|
||
"title": "人工批准候選與留痕",
|
||
"contracts": [
|
||
"approval_required_event_v1",
|
||
"security_approval_queue_v1",
|
||
"security_approval_gate_v1",
|
||
"security_approval_decision_record_v1",
|
||
"security_approval_review_packet_v1",
|
||
"security_approval_state_transition_v1",
|
||
"security_followup_runtime_gate_v1",
|
||
"source_control_primary_readiness_gate_v1",
|
||
"source_control_primary_rollback_adr_v1",
|
||
"source_control_workflow_secret_name_inventory_v1",
|
||
"github_target_repo_approval_package_v1",
|
||
"source_control_approval_board_v1",
|
||
"kali_scan_scope_approval_v1"
|
||
],
|
||
"destinations": [
|
||
"approval_queue",
|
||
"operator_console",
|
||
"audit_evidence"
|
||
],
|
||
"channel_policy": "approval_required_only",
|
||
"review_lane": "approval_required",
|
||
"allowed_processing": [
|
||
"建立 approval candidate",
|
||
"顯示 S3 approval gate 與 follow-up runtime gate",
|
||
"顯示人工 decision record 與 execution_authorized=false",
|
||
"顯示人工 review packet、review lane 與 action_buttons_allowed=false",
|
||
"顯示人工 decision next state,且 approve_scope 仍需 follow-up runtime gate",
|
||
"顯示 follow-up runtime gate template,且 active_runtime_gates=0",
|
||
"顯示 GitHub primary readiness gate,且 primary_ready_count=0",
|
||
"顯示 GitHub primary rollback ADR 草案,且 owner_approved_count=0、active_cutover_count=0",
|
||
"顯示 workflow / secret 名稱 inventory gate,且 inventory_complete_count=0",
|
||
"顯示 required reviewers",
|
||
"顯示 blocked_until_approved",
|
||
"記錄人工決策結果"
|
||
],
|
||
"blocked_processing": [
|
||
"auto approve",
|
||
"批准後自動執行",
|
||
"把人工批准記錄轉成 runtime executor",
|
||
"保存 token 或 secret value"
|
||
],
|
||
"exit_gate": "Approval candidate、S3 approval gate、decision record、review packet、state transition 與 follow-up runtime gate preparation 可顯示與留痕,但批准後執行仍需要下一階段 runtime gate。"
|
||
},
|
||
{
|
||
"wave_id": "M4_patch_only_backlog",
|
||
"title": "Code Review 後的 Codex patch-only 工作列",
|
||
"contracts": [
|
||
"coding_task_v1"
|
||
],
|
||
"destinations": [
|
||
"operator_console",
|
||
"approval_queue",
|
||
"audit_evidence"
|
||
],
|
||
"channel_policy": "no_channel_event",
|
||
"review_lane": "patch_only",
|
||
"allowed_processing": [
|
||
"顯示 patch-only backlog lane",
|
||
"產生 draft patch task",
|
||
"要求 reviewer 與風險標籤"
|
||
],
|
||
"blocked_processing": [
|
||
"自動 merge",
|
||
"production deploy",
|
||
"secret rotation",
|
||
"NetworkPolicy 或 firewall change"
|
||
],
|
||
"exit_gate": "AwoooP 只建立 patch-only backlog lane;沒有 Codex runner action。"
|
||
}
|
||
],
|
||
"acceptance_gates": [
|
||
{
|
||
"gate_id": "ROUTE_COVERS_ALL_CONTRACTS",
|
||
"requirement": "route_groups 合併後必須涵蓋 manifest 的 36 個 contracts。"
|
||
},
|
||
{
|
||
"gate_id": "NO_EXECUTION_SURFACE",
|
||
"requirement": "所有 route groups 都必須維持 runtime_execution_authorized=false,且不得新增執行按鈕。"
|
||
},
|
||
{
|
||
"gate_id": "LOW_NOISE_CHANNEL",
|
||
"requirement": "Channel Event 初期只發低噪音摘要或人工批准必要事件,不把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 變成阻擋。"
|
||
},
|
||
{
|
||
"gate_id": "APPROVAL_IS_NOT_EXECUTION",
|
||
"requirement": "Approval Queue 只保存人工決策候選與留痕,不代表任何後續動作可自動執行。"
|
||
}
|
||
],
|
||
"forbidden_actions": [
|
||
"start_kali_scan",
|
||
"call_kali_execute_endpoint",
|
||
"run_credentialed_scan",
|
||
"create_github_repo",
|
||
"change_repo_visibility",
|
||
"sync_git_refs",
|
||
"switch_github_primary",
|
||
"auto_merge",
|
||
"production_deploy",
|
||
"store_secret_token_cookie_private_key_or_exploit_payload"
|
||
]
|
||
}
|