Files
awoooi/docs/security/security-approval-review-packet.snapshot.json

344 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "security_approval_review_packet_v1",
"status": "draft",
"date": "2026-05-13",
"mode": "approval_review_packet_only",
"runtime_execution_authorized": false,
"source_indexes": [
"docs/security/security-approval-queue.snapshot.json",
"docs/security/security-approval-gate.snapshot.json",
"docs/security/security-approval-decision-record.snapshot.json",
"docs/security/security-mirror-status-rollup.snapshot.json",
"docs/security/security-rollout-policy.snapshot.json"
],
"summary": {
"total_review_packets": 8,
"ready_for_human_review_count": 7,
"block_candidate_count": 1,
"decision_records_created_count": 0,
"runtime_actions_authorized": false,
"action_buttons_allowed": false,
"raw_secret_storage_authorized": false
},
"review_packets": [
{
"packet_id": "review-packet-redacted-finding-ingestion-20260513",
"review_order": 1,
"gate_id": "gate-redacted-finding-ingestion-20260513",
"source_queue_item_id": "kali-finding-runtime-ingestion-approval-20260513",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否允許先設計或建立 draft PR讓 AwoooP 未來可接收已脫敏 security_finding_v1 摘要與 evidence_ref。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/SECURITY-FINDING-CONTRACT.md",
"docs/security/security-finding-kali-sample.snapshot.json",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
"顯示 packet 與 evidence refs",
"要求 reviewer 補充 scope 或資料欄位",
"保留 sample snapshot mirror-only"
],
"allowed_after_decision_actions": [
"若 approve_scope只能進入設計或 draft PR",
"若 reject/defer/request_more_evidence寫入 decision record 並維持 blocked"
],
"still_forbidden": [
"保存 raw secret/token/cookie/private key/exploit payload",
"讓 AwoooP 直接啟動 scan",
"自動封鎖 deploy 或自動修復"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-safe-web-crawl-20260513",
"review_order": 2,
"gate_id": "gate-safe-web-crawl-20260513",
"source_queue_item_id": "kali-safe-web-crawl-approval-20260513",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "low_noise_scan_scope_review",
"requested_decision": "是否允許定義公開產品 domains 的 TLS、security header 與 basic crawl 低噪音 scope。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/KALI-SECURITY-MESH-BLUEPRINT.md"
],
"allowed_pre_decision_actions": [
"顯示公開 web perimeter 候選範圍",
"要求補 scan window、頻率與排除清單",
"維持 observe-only"
],
"allowed_after_decision_actions": [
"若 approve_scope只能整理低噪音 scope 與 redacted finding 格式",
"任何實際掃描仍需 follow-up runtime gate"
],
"still_forbidden": [
"active DAST fuzz",
"auth flow 改狀態測試",
"credentialed scan",
"阻擋 release"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-gitea-readonly-inventory-20260513",
"review_order": 3,
"gate_id": "gate-gitea-readonly-inventory-20260513",
"source_queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "read_only_inventory_review",
"requested_decision": "是否允許使用 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
"docs/security/gitea-readonly-inventory-approval.snapshot.json",
"docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md"
],
"allowed_pre_decision_actions": [
"顯示 public-only 與 blocked endpoint evidence",
"要求 owner 確認 read-only token 或 redacted export 來源",
"不保存 token value"
],
"allowed_after_decision_actions": [
"若 approve_scope只能做一次 read-only inventory 或匯入 redacted export",
"更新 migration matrix 與 repo decision table"
],
"still_forbidden": [
"保存 token value",
"使用 write-capable token",
"建立 GitHub repo",
"sync refs",
"切 GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-github-target-decisions-20260513",
"review_order": 4,
"gate_id": "gate-github-target-decisions-20260513",
"source_queue_item_id": "source-control-target-repo-approval-bundle-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否逐 repo 確認 GitHub target、owner、visibility、canonical 與 refs reconcile review本封包不授權建立 repo 或改 visibility。",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md",
"docs/security/source-control-approval-board.snapshot.json",
"docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
"顯示 7 個 approval-required target",
"要求 repo owner 補 owner/visibility/canonical 判定",
"維持 refs action disabled"
],
"allowed_after_decision_actions": [
"若 approve_scope只能更新決策草案、draft reconcile plan 或 ADR",
"任何 repo creation 或 visibility change 仍需後續 runtime gate"
],
"still_forbidden": [
"建立 repo",
"修改 visibility",
"push refs",
"delete refs",
"切 GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-ref-truth-review-20260513",
"review_order": 5,
"gate_id": "gate-ref-truth-review-20260513",
"source_queue_item_id": "source-control-ref-truth-review-bundle-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs分類結果不得自動執行。",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md",
"docs/security/source-control-ref-truth-classification.snapshot.json",
"docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"
],
"allowed_pre_decision_actions": [
"顯示 141 個 refs review items",
"依 repo / branch / tag 分組給 owner 判定",
"產生人工 review checklist"
],
"allowed_after_decision_actions": [
"若 approve_scope只能更新 truth classification 或 reconcile draft",
"任何 refs sync/delete 仍需後續 runtime gate"
],
"still_forbidden": [
"push refs",
"delete refs",
"force push",
"切 GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-credentialed-scan-20260513",
"review_order": 6,
"gate_id": "gate-credentialed-scan-20260513",
"source_queue_item_id": "kali-credentialed-scan-approval-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "manual_exception_review",
"requested_decision": "是否允許先設計 credentialed scan 的人工 exception、credential source、scope、audit trail 與停用方式。",
"required_reviewers": [
"security-commander",
"vuln-verifier",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
],
"allowed_pre_decision_actions": [
"顯示需人工 exception 的原因",
"要求補 credential lifecycle、scope 與停用方式",
"不接收或保存 credential value"
],
"allowed_after_decision_actions": [
"若 approve_scope只能設計 exception 流程與 audit trail",
"任何 credentialed scan 仍需 follow-up runtime gate 與維護窗口"
],
"still_forbidden": [
"保存 credential value",
"擴大到未批准資產",
"自動修復",
"改 firewall/RBAC/NetworkPolicy"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-kali-full-upgrade-reboot-20260513",
"review_order": 7,
"gate_id": "gate-kali-full-upgrade-reboot-20260513",
"source_queue_item_id": "kali-full-upgrade-reboot-approval-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "manual_exception_review",
"requested_decision": "是否安排 Kali 112 full-upgrade、必要 autoremove 與 reboot 的維護窗口;必須先有 snapshot、rollback 與 post-health gate。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": ["approve_scope", "reject", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
"顯示目前 Kali update 與 no reboot required 狀態",
"要求補維護窗口、snapshot、rollback 與 post-check",
"不直接 reboot"
],
"allowed_after_decision_actions": [
"若 approve_scope只能安排維護窗口與 rollback 計畫",
"實際 full-upgrade/reboot 仍需 follow-up runtime gate"
],
"still_forbidden": [
"未排窗口直接 reboot",
"未 snapshot 直接 full-upgrade",
"未驗證 scanner health 就宣告完成"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-kali-execute-endpoint-20260513",
"review_order": 8,
"gate_id": "gate-kali-execute-endpoint-20260513",
"source_queue_item_id": "kali-execute-endpoint-approval-20260513",
"risk": "CRITICAL",
"review_state": "block_candidate",
"review_lane": "blocked_by_default_review",
"requested_decision": "是否維持 Kali /execute blocked by default若未來保留只能先設計 disable、allowlist、audit gate 與人工 exception。",
"required_reviewers": [
"critic",
"security-commander",
"human-owner"
],
"decision_options": ["keep_blocked", "defer", "request_more_evidence"],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
"顯示 blocked reason",
"要求補 disable/allowlist/audit gate 設計",
"維持 AwoooP runtime 不可直接呼叫"
],
"allowed_after_decision_actions": [
"若 keep_blocked寫入 decision record 並維持 disabled posture",
"若 defer/request_more_evidence只補設計資料不啟用 runtime"
],
"still_forbidden": [
"AwoooP runtime 直接呼叫 /execute",
"把 /execute 當成一般 MCP action",
"執行 shell command 自動修復",
"保存 command 中可能含有的敏感輸出"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
}
],
"packet_rules": [
"Review packet 只能準備人工審查資料,不能代表批准。",
"每個 packet 都必須對應 security_approval_gate_v1 gate item 與 security_approval_queue_v1 queue item。",
"人工決策必須另外寫入 security_approval_decision_record_v1。",
"即使 decision=approve_scopeexecution_authorized 仍必須是 false且仍需 follow-up runtime gate。",
"AwoooP 初期不得對 packet 顯示 scan、execute、repo、refs、deploy、secret 類 action button。"
],
"forbidden_actions": [
"start_kali_scan",
"call_kali_execute_endpoint",
"run_credentialed_scan",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"switch_github_primary",
"auto_merge",
"production_deploy",
"store_secret_token_cookie_private_key_or_exploit_payload",
"treat_review_packet_as_approval",
"treat_review_packet_as_execution_authorization"
]
}