awoooi/docs/security/security-mirror-intake-plan.snapshot.json

{
  "schema_version": "security_mirror_intake_plan_v1",
  "status": "draft",
  "date": "2026-05-13",
  "mode": "mirror_only",
  "runtime_execution_authorized": false,
  "source_indexes": [
    "docs/security/security-mirror-readiness.snapshot.json",
    "docs/security/security-supply-chain-contract-manifest.snapshot.json",
    "docs/security/security-approval-queue.snapshot.json",
    "docs/security/security-mirror-event-sample.snapshot.json",
    "docs/security/security-mirror-route.snapshot.json",
    "docs/security/security-mirror-acceptance.snapshot.json",
    "docs/security/security-mirror-quarantine.snapshot.json",
    "docs/security/security-mirror-dry-run.snapshot.json",
    "docs/security/security-mirror-status-rollup.snapshot.json",
    "docs/security/security-approval-gate.snapshot.json",
    "docs/security/security-approval-decision-record.snapshot.json",
    "docs/security/security-approval-review-packet.snapshot.json"
  ],
  "intake_waves": [
    {
      "wave_id": "M0_index_bootstrap",
      "title": "載入 readiness、manifest、低摩擦 policy、鏡像路由、驗收、隔離、dry-run 與狀態彙整契約",
      "contracts": [
        "security_mirror_readiness_v1",
        "security_supply_chain_contract_manifest_v1",
        "security_rollout_policy_v1",
        "security_mirror_event_v1",
        "security_mirror_route_v1",
        "security_mirror_acceptance_v1",
        "security_mirror_quarantine_v1",
        "security_mirror_dry_run_v1",
        "security_mirror_status_rollup_v1"
      ],
      "destinations": [
        "operator_console",
        "runtime_state",
        "audit_evidence"
      ],
      "allowed_processing": [
        "顯示 contract readiness",
        "顯示 mirror_only enforcement",
        "顯示 partial_ready / contract_only 原因",
        "使用 security_mirror_event_v1 包裝 mirror payload",
        "依 security_mirror_route_v1 分流目的地與 review lane",
        "依 security_mirror_acceptance_v1 驗收鏡像資料完整性與脫敏狀態",
        "依 security_mirror_quarantine_v1 隔離驗收失敗 payload",
        "依 security_mirror_dry_run_v1 回報接入演練結果",
        "依 security_mirror_status_rollup_v1 顯示跨 Session 狀態與下一個 gate"
      ],
      "blocked_processing": [
        "runtime_enforcement",
        "execution_router",
        "blocking_gate"
      ],
      "exit_gate": "Operator Console 能顯示 30 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps、status rollup、approval gate、decision record 與 review packet，且 mirror event envelope action_buttons_allowed=false。"
    },
    {
      "wave_id": "M1_kali_visibility",
      "title": "Kali 112 狀態、scope 與 approval queue visibility",
      "contracts": [
        "kali_integration_status_v1",
        "kali_scan_scope_approval_v1",
        "security_approval_queue_v1",
        "security_finding_v1"
      ],
      "destinations": [
        "operator_console",
        "runtime_state",
        "channel_event",
        "approval_queue",
        "audit_evidence"
      ],
      "allowed_processing": [
        "mirror Kali health / update / gap evidence",
        "顯示 scan scope group",
        "顯示 approval queue review order",
        "顯示 redacted finding sample"
      ],
      "blocked_processing": [
        "start_kali_scan",
        "call_kali_execute_endpoint",
        "credentialed_scan",
        "full_upgrade_or_reboot"
      ],
      "exit_gate": "AwoooP 顯示 Kali health、5 個 scan scope groups、8 個 approval queue items，但沒有 action button。"
    },
    {
      "wave_id": "M2_source_control_visibility",
      "title": "Gitea/GitHub source-control evidence visibility",
      "contracts": [
        "source_control_migration_event_v1",
        "gitea_repo_inventory_v1",
        "local_git_remote_inventory_v1",
        "github_target_probe_v1",
        "github_target_decision_v1",
        "github_target_repo_approval_package_v1",
        "source_control_approval_board_v1",
        "source_control_reconcile_plan_v1",
        "source_control_ref_detail_diff_v1",
        "source_control_ref_truth_classification_v1",
        "local_repo_canonical_probe_v1",
        "git_remote_refs_probe_v1"
      ],
      "destinations": [
        "operator_console",
        "runtime_state",
        "approval_queue",
        "audit_evidence"
      ],
      "allowed_processing": [
        "mirror repo/branch/tag 差異",
        "顯示 pending owner / visibility / canonical decision",
        "顯示 refs truth review lane",
        "顯示 Gitea inventory partial reason"
      ],
      "blocked_processing": [
        "create_github_repo",
        "change_repo_visibility",
        "sync_git_refs",
        "switch_github_primary",
        "delete_or_archive_gitea_repo"
      ],
      "exit_gate": "AwoooP 能顯示 source-control blocking reasons，且所有 repo/refs actions 都 disabled。"
    },
    {
      "wave_id": "M3_approval_candidates",
      "title": "Approval candidate mirror 與人工決策留痕",
      "contracts": [
        "approval_required_event_v1",
        "security_approval_queue_v1",
        "security_approval_gate_v1",
        "security_approval_decision_record_v1",
        "security_approval_review_packet_v1",
        "github_target_repo_approval_package_v1",
        "source_control_approval_board_v1",
        "kali_scan_scope_approval_v1"
      ],
      "destinations": [
        "approval_queue",
        "operator_console",
        "audit_evidence"
      ],
      "allowed_processing": [
        "create_approval_candidate",
        "record_human_decision",
        "display_followup_runtime_gate",
        "display_decision_record",
        "display_review_packet",
        "display_required_reviewers",
        "display_blocked_until_approved"
      ],
      "blocked_processing": [
        "auto_approve",
        "execute_after_approval_without_new_runtime_gate",
        "store_secret_value"
      ],
      "exit_gate": "Approval candidate、S3 approval gate、decision record 與 review packet 可顯示與留痕，但任何批准後執行仍需要下一階段 runtime gate。"
    },
    {
      "wave_id": "M4_patch_only_backlog",
      "title": "Code review / Codex patch-only backlog",
      "contracts": [
        "coding_task_v1"
      ],
      "destinations": [
        "operator_console",
        "approval_queue",
        "audit_evidence"
      ],
      "allowed_processing": [
        "display_patch_backlog_contract",
        "create_draft_patch_task_after_review",
        "request_reviewers"
      ],
      "blocked_processing": [
        "auto_merge",
        "production_deploy",
        "secret_rotation",
        "network_policy_change"
      ],
      "exit_gate": "AwoooP 只顯示 patch-only backlog lane；沒有 Codex runner action。"
    }
  ],
  "acceptance_gates": [
    {
      "gate_id": "MIRROR_ONLY_DEFAULT",
      "requirement": "所有 intake waves 都必須維持 runtime_execution_authorized=false。",
      "evidence_ref": "docs/security/security-mirror-intake-plan.snapshot.json"
    },
    {
      "gate_id": "NO_ACTION_BUTTONS",
      "requirement": "Operator Console 不得新增 scan、execute、repo、refs、deploy、secret 類 action button。",
      "evidence_ref": "docs/security/SECURITY-MIRROR-READINESS.md"
    },
    {
      "gate_id": "REDACTION_ONLY",
      "requirement": "Mirror payload 不得保存 raw secret、token、cookie、private key 或 exploit payload。",
      "evidence_ref": "docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
    },
    {
      "gate_id": "LOW_MEDIUM_NOT_BLOCKING",
      "requirement": "LOW / MEDIUM observation 初期只能 observe / warn，不得升為 blocking gate。",
      "evidence_ref": "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md"
    }
  ],
  "forbidden_actions": [
    "start_kali_scan",
    "call_kali_execute_endpoint",
    "run_credentialed_scan",
    "create_github_repo",
    "change_repo_visibility",
    "sync_git_refs",
    "switch_github_primary",
    "auto_merge",
    "production_deploy",
    "store_secret_token_cookie_private_key_or_exploit_payload"
  ]
}