280 lines
11 KiB
JSON
280 lines
11 KiB
JSON
{
|
||
"schema_version": "source_control_approval_board_v1",
|
||
"status": "draft",
|
||
"date": "2026-05-12",
|
||
"default_mode": "mirror_only",
|
||
"authenticated_inventory_gate": {
|
||
"status": "blocked",
|
||
"reason": "GITEA_READONLY_TOKEN 未提供,且不使用可 push 的既有 remote credential 當 read-only token;server-side private/internal repo list 仍未完成。",
|
||
"allowed_next_step": [
|
||
"提供 read-only token 後重跑 gitea-repo-inventory",
|
||
"或提供 redacted admin export JSON",
|
||
"依 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 收到 GitHub target owner / visibility / canonical response 後更新 read-only board 欄位",
|
||
"在 gate 前仍可維護 approval board 與 decision table"
|
||
],
|
||
"still_forbidden": [
|
||
"使用 write-capable credential 當作 read-only token",
|
||
"建立 GitHub repo",
|
||
"修改 repo visibility",
|
||
"sync refs",
|
||
"switch GitHub primary"
|
||
]
|
||
},
|
||
"item_count": 8,
|
||
"pending_approval_count": 7,
|
||
"board_items": [
|
||
{
|
||
"github_repo": "owenhytsai/awoooi",
|
||
"source_key": "wooo/awoooi",
|
||
"lane": "refs_reconcile",
|
||
"risk": "HIGH",
|
||
"probe_status": "exists",
|
||
"target_state": "exists_refs_blocked",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 Gitea / GitHub refs 真相來源,並批准只產生 reconcile plan。",
|
||
"low_friction_next_step": "先產生 draft reconcile plan,不 push refs、不切 primary。",
|
||
"blocked_until": [
|
||
"Gitea server-side 全量 repo inventory status=ok",
|
||
"branches/tags/workflows/webhooks/secrets 名稱 inventory 完成",
|
||
"部署真相來源已決定",
|
||
"GitHub primary ADR 與 rollback plan 完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"產生 refs reconcile plan",
|
||
"產生 draft migration PR 或 ADR",
|
||
"更新 migration matrix 與 evidence"
|
||
],
|
||
"still_forbidden": [
|
||
"直接 push refs",
|
||
"直接切 GitHub primary",
|
||
"直接停用 Gitea",
|
||
"搬 secret value"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/clawbot-v5",
|
||
"source_key": "wooo/clawbot-v5",
|
||
"lane": "refs_reconcile",
|
||
"risk": "MEDIUM",
|
||
"probe_status": "exists",
|
||
"target_state": "exists_refs_blocked",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 Gitea / GitHub refs 真相來源,並批准只產生 reconcile plan。",
|
||
"low_friction_next_step": "先產生 draft reconcile plan,不 push refs、不切 primary。",
|
||
"blocked_until": [
|
||
"Gitea/GitHub main SHA 對齊或人工指定真相來源",
|
||
"GitHub 缺 Gitea tag 的處理方式已決定"
|
||
],
|
||
"allowed_after_approval": [
|
||
"產生 refs reconcile plan",
|
||
"更新 migration matrix"
|
||
],
|
||
"still_forbidden": [
|
||
"直接 push refs",
|
||
"直接切 primary",
|
||
"刪除任一端 repo"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/wooo-aiops",
|
||
"source_key": "wooo/wooo-aiops",
|
||
"lane": "refs_reconcile",
|
||
"risk": "MEDIUM",
|
||
"probe_status": "exists",
|
||
"target_state": "exists_refs_blocked",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 Gitea / GitHub refs 真相來源,並批准只產生 reconcile plan。",
|
||
"low_friction_next_step": "先產生 draft reconcile plan,不 push refs、不切 primary。",
|
||
"blocked_until": [
|
||
"Gitea/GitHub main SHA 對齊或人工指定真相來源",
|
||
"GitHub-only branch 與 tags 的來源已釐清"
|
||
],
|
||
"allowed_after_approval": [
|
||
"產生 refs reconcile plan",
|
||
"更新 migration matrix"
|
||
],
|
||
"still_forbidden": [
|
||
"直接 push refs",
|
||
"直接切 primary",
|
||
"刪除 GitHub-only refs"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/wooo-infra-config",
|
||
"source_key": "wooo/wooo-infra-config",
|
||
"lane": "internal_remote_purpose",
|
||
"risk": "MEDIUM",
|
||
"probe_status": "exists",
|
||
"target_state": "exists_aligned",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 110 internal remote 是 active source、legacy mirror 或應降級。",
|
||
"low_friction_next_step": "先文件化用途與風險,不刪除 remote、不同步 refs。",
|
||
"blocked_until": [
|
||
"110 internal remote 用途已確認",
|
||
"若 110 remote 為舊主控,已降級或移除",
|
||
"infra secrets 名稱 inventory 完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"標記 110 remote 為 mirror、legacy 或 active source",
|
||
"更新 canonical decision table"
|
||
],
|
||
"still_forbidden": [
|
||
"直接刪除 remote",
|
||
"直接同步 refs",
|
||
"搬 infra secret value"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/ewoooc",
|
||
"source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees",
|
||
"lane": "target_creation_or_access",
|
||
"risk": "HIGH",
|
||
"probe_status": "not_found_or_private",
|
||
"target_state": "not_found_or_private",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
|
||
"low_friction_next_step": "先取得 owner / visibility 決策,不自動建立 repo。",
|
||
"blocked_until": [
|
||
"ewoooc/momo-pro-system canonical 關係人工確認",
|
||
"server-side refs diff 完成",
|
||
"GitHub repo owner 與 visibility 決策完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"決定建立 GitHub repo 或授權既有 private repo",
|
||
"產生 migration plan"
|
||
],
|
||
"still_forbidden": [
|
||
"自動建立 mirror",
|
||
"自動合併 unrelated histories",
|
||
"刪除任一 momo/ewoooc working tree",
|
||
"切 GitHub primary"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md",
|
||
"docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/bitan-pharmacy",
|
||
"source_key": "bitan-pharmacy",
|
||
"lane": "target_creation_or_access",
|
||
"risk": "MEDIUM",
|
||
"probe_status": "not_found_or_private",
|
||
"target_state": "not_found_or_private",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
|
||
"low_friction_next_step": "先取得 owner / visibility 決策,不自動建立 repo。",
|
||
"blocked_until": [
|
||
"確認 repo 是否仍 active",
|
||
"GitHub repo owner 與 visibility 決策完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"決定建立 GitHub repo 或授權既有 private repo",
|
||
"產生 migration plan"
|
||
],
|
||
"still_forbidden": [
|
||
"自動建立 repo",
|
||
"自動 push refs",
|
||
"刪除 110 remote"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/tsenyang-website",
|
||
"source_key": "tsenyang-website",
|
||
"lane": "target_creation_or_access",
|
||
"risk": "MEDIUM",
|
||
"probe_status": "not_found_or_private",
|
||
"target_state": "not_found_or_private",
|
||
"approval_status": "pending",
|
||
"required_decision": "決定 GitHub repo owner / visibility / 是否建立或授權既有 repo。",
|
||
"low_friction_next_step": "先取得 owner / visibility 決策,不自動建立 repo。",
|
||
"blocked_until": [
|
||
"確認 repo 是否仍 active",
|
||
"GitHub repo owner 與 visibility 決策完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"決定建立 GitHub repo 或授權既有 private repo",
|
||
"產生 migration plan"
|
||
],
|
||
"still_forbidden": [
|
||
"自動建立 repo",
|
||
"自動 push refs",
|
||
"刪除 110 remote"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "approval_candidate"
|
||
},
|
||
{
|
||
"github_repo": "nexu-io/open-design",
|
||
"source_key": "open-design",
|
||
"lane": "scope_review",
|
||
"risk": "LOW",
|
||
"probe_status": "exists",
|
||
"target_state": "external_scope",
|
||
"approval_status": "not_required",
|
||
"required_decision": "決定此 repo 是否屬於 AWOOOI 資安供應鏈範圍。",
|
||
"low_friction_next_step": "只標記 scope review,不納入主控切換。",
|
||
"blocked_until": [
|
||
"確認是否屬於 AWOOOI 資安網範圍"
|
||
],
|
||
"allowed_after_approval": [
|
||
"mirror_decision_only"
|
||
],
|
||
"still_forbidden": [
|
||
"auto_execute",
|
||
"sync_refs",
|
||
"switch_primary"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/github-target-probe.snapshot.json"
|
||
],
|
||
"awooop_consumption": "scope_review_only"
|
||
}
|
||
]
|
||
}
|