Files
awoooi/docs/security/wazuh-readonly-release-owner-request.snapshot.json

138 lines
4.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"execution_boundaries": {
"dispatch_authorized": false,
"force_push_allowed": false,
"gitea_push_authorized": false,
"host_write_authorized": false,
"kali_active_scan_authorized": false,
"not_authorization": true,
"patch_apply_authorized": false,
"plain_text_token_workaround_allowed": false,
"production_deploy_authorized": false,
"recipient_confirmed": false,
"repo_write_authorized": false,
"request_sent": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"wazuh_active_response_authorized": false,
"wazuh_api_live_query_authorized": false
},
"generated_at": "2026-06-24T22:48:00+08:00",
"handoff_envelope_fields": [
"request_id",
"stage_id",
"recipient_role_or_team",
"sender_role_or_team",
"requested_response_window",
"allowed_release_methods",
"required_ack_flags",
"required_evidence_fields",
"target_branch_or_patch_set",
"post_deploy_readback_command",
"forbidden_payloads",
"blocked_runtime_actions",
"followup_owner",
"not_approval"
],
"mode": "repo_request_draft_no_secret_no_runtime_no_push",
"request_draft": {
"action_buttons_allowed": false,
"allowed_release_methods": [
"formal_gitea_merge",
"formal_patch_apply",
"maintainer_local_push_with_safe_credential"
],
"blocked_runtime_actions": [
"plain_text_gitea_token_in_remote_url",
"copy_token_from_dirty_workspace",
"force_push",
"nginx_or_gateway_workaround_for_404",
"docker_restart_for_wazuh_route",
"k8s_or_argocd_manual_apply_for_wazuh_route",
"firewall_change_for_wazuh_route",
"wazuh_secret_or_manager_change_for_api_404",
"enable_wazuh_live_metadata_without_owner_gate",
"enable_wazuh_active_response",
"host_write_or_kali_active_scan"
],
"followup_owner": "pending_followup_owner",
"forbidden_payloads": [
"token",
"secret",
"private_key",
"cookie",
"session",
"authorization_header",
"runner_token",
"webhook_secret",
"wazuh_password",
"wazuh_raw_payload",
"git_credential",
"repo_archive"
],
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"post_deploy_readback_command": "python3 scripts/security/wazuh-readonly-production-readback.py --json",
"recipient_confirmed": false,
"recipient_role_or_team": "pending_release_lane_owner",
"redacted_evidence_refs": [
"docs/security/IWOOOS-WAZUH-READONLY-API-RELEASE-HANDOFF.md",
"docs/security/wazuh-readonly-release-gate.snapshot.json",
"docs/security/wazuh-readonly-release-lane-preflight.snapshot.json"
],
"request_id": "iwooos_wazuh_readonly_release_owner_request",
"request_sent": false,
"requested_response_window": "not_scheduled",
"required_ack_flags": [
"approve_formal_release_lane",
"confirm_no_plaintext_token_workaround",
"confirm_no_force_push",
"confirm_no_runtime_workaround",
"confirm_production_readback_after_deploy",
"confirm_wazuh_live_metadata_requires_separate_owner_gate"
],
"required_evidence_fields": [
"release_lane_owner",
"release_method",
"target_branch_or_patch_set",
"post_deploy_readback_command",
"rollback_owner",
"blocked_runtime_actions_ack"
],
"runtime_gate": false,
"sender_role_or_team": "iwooos_security_reviewer",
"stage_id": "P0-IWOOOS-WAZUH-RELEASE",
"target_branch": "codex/iwooos-wazuh-boundary-guard-20260624",
"target_branch_readback": "git log --oneline gitea/main..HEAD",
"target_patch_set_readback": "git format-patch gitea/main..HEAD after final docs commit; record sha256 outside committed docs"
},
"schema_version": "iwooos_wazuh_readonly_release_owner_request_v1",
"send_after_conditions": [
"先確認 gitea/main、Wazuh 分支與另一個 AwoooP Session 基線。",
"只送脫敏欄位與 refs不得附 secret、raw Wazuh payload、git credential 或 runtime 操作要求。",
"一般批准繼續不是 release owner response。",
"收到 response 後仍需先通過 owner response acceptance ledger不能直接 push 或 deploy。"
],
"status": "draft_not_dispatched_waiting_release_lane_owner",
"summary": {
"allowed_release_method_count": 3,
"blocked_action_count": 11,
"forbidden_payload_count": 12,
"formal_release_lane_ready_count": 0,
"gitea_push_authorized_count": 0,
"handoff_envelope_field_count": 14,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"patch_apply_authorized_count": 0,
"production_deploy_authorized_count": 0,
"production_readback_passed_count": 0,
"recipient_confirmed_count": 0,
"request_draft_count": 1,
"request_sent_count": 0,
"required_ack_flag_count": 6,
"required_evidence_field_count": 6,
"runtime_gate_count": 0
}
}