wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
aff70dd896310b2e00a97afd3efa1fe0d7ddd224
awoooi/docs/schemas/security_approval_gate_v1.schema.json

197 lines
4.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:security-approval-gate-v1",
"title": "資安供應鏈人工批准 Gate 契約 v1",
"description": "定義 Security Supply Chain 進入 S3 時AwoooP 如何顯示、記錄與限制人工批准。此契約不授權 runtime execution。",
"type": "object",
"required": [
"schema_version",
"status",
"date",
"mode",
"runtime_execution_authorized",
"source_indexes",
"summary",
"gate_items",
"decision_recording_rules",
"forbidden_actions"
],
"properties": {
"schema_version": {
"const": "security_approval_gate_v1"
},
"status": {
"type": "string",
"enum": ["draft"]
},
"date": {
"type": "string"
},
"mode": {
"type": "string",
"enum": ["approval_gate_only"]
},
"runtime_execution_authorized": {
"type": "boolean",
"const": false
},
"source_indexes": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"summary": {
"type": "object",
"required": [
"total_gate_items",
"pending_human_decision_count",
"block_candidate_count",
"approved_count",
"runtime_actions_authorized",
"immediate_execution_after_approval_allowed",
"raw_secret_storage_authorized"
],
"properties": {
"total_gate_items": {
"type": "integer",
"minimum": 0
},
"pending_human_decision_count": {
"type": "integer",
"minimum": 0
},
"block_candidate_count": {
"type": "integer",
"minimum": 0
},
"approved_count": {
"type": "integer",
"minimum": 0
},
"runtime_actions_authorized": {
"type": "boolean",
"const": false
},
"immediate_execution_after_approval_allowed": {
"type": "boolean",
"const": false
},
"raw_secret_storage_authorized": {
"type": "boolean",
"const": false
}
},
"additionalProperties": false
},
"gate_items": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": [
"gate_id",
"source_queue_item_id",
"source_contract",
"risk",
"gate_state",
"approval_scope",
"required_reviewers",
"decision_options",
"allowed_after_approval",
"still_forbidden",
"requires_followup_runtime_gate",
"evidence_refs"
],
"properties": {
"gate_id": {
"type": "string"
},
"source_queue_item_id": {
"type": "string"
},
"source_contract": {
"type": "string"
},
"risk": {
"type": "string",
"enum": ["MEDIUM", "HIGH", "CRITICAL"]
},
"gate_state": {
"type": "string",
"enum": ["pending_human_decision", "block_candidate", "approved", "rejected", "expired"]
},
"approval_scope": {
"type": "string",
"enum": [
"design_or_draft_only",
"read_only_inventory_only",
"low_noise_scan_scope_only",
"manual_exception_only",
"blocked_by_default"
]
},
"required_reviewers": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"decision_options": {
"type": "array",
"items": {
"type": "string",
"enum": ["approve_scope", "reject", "defer", "request_more_evidence", "keep_blocked"]
},
"minItems": 1
},
"allowed_after_approval": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"still_forbidden": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"requires_followup_runtime_gate": {
"type": "boolean",
"const": true
},
"evidence_refs": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
}
},
"additionalProperties": false
}
},
"decision_recording_rules": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"forbidden_actions": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
}
},
"additionalProperties": false
}
Reference in New Issue View Git Blame Copy Permalink