wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
aff70dd896310b2e00a97afd3efa1fe0d7ddd224
awoooi/docs/security/security-mirror-readiness.snapshot.json

349 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "security_mirror_readiness_v1",
"status": "draft",
"date": "2026-05-13",
"default_enforcement_level": "mirror_only",
"runtime_execution_authorized": false,
"summary": {
"total_contracts": 30,
"ready_for_mirror_count": 27,
"partial_ready_count": 2,
"contract_only_count": 1,
"blocked_count": 0
},
"mirror_destinations": [
"awooop_operator_console",
"awooop_runtime_state",
"awooop_channel_event",
"awooop_audit_evidence",
"awooop_approval_queue"
],
"contract_readiness": [
{
"contract": "security_rollout_policy_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "read_only_policy",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-rollout-policy.snapshot.json"],
"human_docs": ["docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"],
"notes": "可供 AwoooP 顯示 observe-first / mirror-only policy不得 runtime enforcement。"
},
{
"contract": "security_finding_v1",
"readiness": "partial_ready",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-finding-kali-sample.snapshot.json"],
"human_docs": ["docs/security/SECURITY-FINDING-CONTRACT.md"],
"notes": "目前只有 Kali sample snapshotruntime ingestion 尚未啟用。"
},
{
"contract": "kali_integration_status_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/kali-integration-status.snapshot.json"],
"human_docs": ["docs/security/KALI-INTEGRATION-STATUS.md"],
"notes": "可 mirror Kali health、更新紀錄、缺口與高風險 gate。"
},
{
"contract": "kali_scan_scope_approval_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/kali-scan-scope-approval.snapshot.json"],
"human_docs": ["docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"],
"notes": "可 mirror scope group 與 approval gates不得啟動 scan。"
},
{
"contract": "security_approval_queue_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-approval-queue.snapshot.json"],
"human_docs": ["docs/security/SECURITY-APPROVAL-QUEUE.md"],
"notes": "可 mirror 8 個 queue items、review order、blocked reason 與 required reviewers。"
},
{
"contract": "security_approval_gate_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-approval-gate.snapshot.json"],
"human_docs": ["docs/security/SECURITY-APPROVAL-GATE.md"],
"notes": "可 mirror S3 人工批准 gate、決策範圍與 follow-up runtime gate不得執行 gate item。"
},
{
"contract": "security_approval_decision_record_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-approval-decision-record.snapshot.json"],
"human_docs": ["docs/security/SECURITY-APPROVAL-DECISION-RECORD.md"],
"notes": "可 mirror S3 人工決策紀錄格式;目前尚無 approved decision record且 execution_authorized=false。"
},
{
"contract": "security_approval_review_packet_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-approval-review-packet.snapshot.json"],
"human_docs": ["docs/security/SECURITY-APPROVAL-REVIEW-PACKET.md"],
"notes": "可 mirror S3 人工審查封包、review lane、required reviewers 與 still forbidden不代表批准或執行授權。"
},
{
"contract": "security_mirror_readiness_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-readiness.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-READINESS.md"],
"notes": "本契約提供 AwoooP mirror/read-only readiness index不授權執行。"
},
{
"contract": "security_mirror_intake_plan_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-intake-plan.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-INTAKE-PLAN.md"],
"notes": "提供 AwoooP mirror-only intake waves、destinations、allowed/blocked processing 與 acceptance gates。"
},
{
"contract": "security_mirror_event_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-event-sample.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-EVENT-CONTRACT.md"],
"notes": "提供 AwoooP mirror event envelope所有 mirror events 都必須帶 execution_authorized=false 與 action_buttons_allowed=false。"
},
{
"contract": "security_mirror_route_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-route.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-ROUTE.md"],
"notes": "提供 AwoooP mirror-only route groups、channel policy 與 review lane不授權執行。"
},
{
"contract": "security_mirror_acceptance_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-acceptance.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-ACCEPTANCE.md"],
"notes": "提供 AwoooP mirror-only ingestion 驗收 checks不作 runtime blocker。"
},
{
"contract": "security_mirror_quarantine_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-quarantine.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-QUARANTINE.md"],
"notes": "提供 AwoooP mirror-only 驗收失敗隔離與 retry gate不授權執行。"
},
{
"contract": "security_mirror_dry_run_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-dry-run.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-DRY-RUN.md"],
"notes": "提供 AwoooP mirror-only 接入演練回報格式;目前為 contract_defined_not_executed。"
},
{
"contract": "security_mirror_status_rollup_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/security-mirror-status-rollup.snapshot.json"],
"human_docs": ["docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md"],
"notes": "提供 AwoooP / Security Supply Chain 跨 Session 狀態總覽、下一個 gate 與禁止事項;不授權執行。"
},
{
"contract": "coding_task_v1",
"readiness": "contract_only",
"consumption_mode": "suggest_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": [],
"human_docs": ["docs/security/CODEX-PATCH-ONLY-HANDOFF-PROMPT.md"],
"notes": "已有 schema 與 handoff prompt但尚無正式 coding task snapshot。"
},
{
"contract": "source_control_migration_event_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": [
"docs/security/gitea-github-awoooi-inventory.snapshot.json",
"docs/security/source-control-clawbot-v5.snapshot.json",
"docs/security/source-control-wooo-aiops.snapshot.json"
],
"human_docs": ["docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md"],
"notes": "可 mirror source-control diff summary仍不得 sync refs 或切 primary。"
},
{
"contract": "gitea_repo_inventory_v1",
"readiness": "partial_ready",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": [
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json"
],
"human_docs": ["docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md"],
"notes": "目前仍是 public-only / blocked endpoint evidenceprivate/internal 全量需 approval。"
},
{
"contract": "local_git_remote_inventory_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/local-git-remote-inventory.snapshot.json"],
"human_docs": ["docs/security/LOCAL-GIT-REMOTE-INVENTORY-SNAPSHOT.md"],
"notes": "可 mirror 本機 remote coverage 與 embedded credential hygiene risk不修改 remote。"
},
{
"contract": "github_target_probe_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/github-target-probe.snapshot.json"],
"human_docs": ["docs/security/GITHUB-TARGET-PROBE-SNAPSHOT.md"],
"notes": "可 mirror GitHub target visibilitynot_found_or_private 不等同可自動建立。"
},
{
"contract": "github_target_decision_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/github-target-decision.snapshot.json"],
"human_docs": ["docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md"],
"notes": "可 mirror target decisionrepo 建立與 visibility 修改仍需人工批准。"
},
{
"contract": "github_target_repo_approval_package_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/github-target-repo-approval-package.snapshot.json"],
"human_docs": ["docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md"],
"notes": "可 mirror 逐 repo approval package不得執行 item。"
},
{
"contract": "source_control_approval_board_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/source-control-approval-board.snapshot.json"],
"human_docs": ["docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md"],
"notes": "可 mirror owner / visibility / canonical / refs 決策 board。"
},
{
"contract": "source_control_reconcile_plan_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/source-control-reconcile-plan.snapshot.json"],
"human_docs": ["docs/security/SOURCE-CONTROL-RECONCILE-PLAN.md"],
"notes": "可 mirror draft reconcile plan不得 push refs。"
},
{
"contract": "source_control_ref_detail_diff_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/source-control-ref-detail-diff.snapshot.json"],
"human_docs": ["docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"],
"notes": "可 mirror branch/tag detail diff不得 fetch、push 或 delete refs。"
},
{
"contract": "source_control_ref_truth_classification_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/source-control-ref-truth-classification.snapshot.json"],
"human_docs": ["docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md"],
"notes": "可 mirror refs truth classification 與 review lanes不得執行分類結果。"
},
{
"contract": "local_repo_canonical_probe_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/local-repo-canonical-ewoooc-momo.snapshot.json"],
"human_docs": ["docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md"],
"notes": "可 mirror momo/ewoooc lineage evidence不得自動合併 unrelated histories。"
},
{
"contract": "git_remote_refs_probe_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "mirror_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": [
"docs/security/git-remote-refs-bitan-tsenyang.snapshot.json",
"docs/security/git-remote-refs-wooo-infra-config.snapshot.json"
],
"human_docs": [
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
"docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md"
],
"notes": "可 mirror read-only refs readiness不得 fetch 或 push。"
},
{
"contract": "approval_required_event_v1",
"readiness": "ready_for_mirror",
"consumption_mode": "approval_only",
"mirror_allowed": true,
"execution_allowed": false,
"snapshot_paths": ["docs/security/gitea-readonly-inventory-approval.snapshot.json"],
"human_docs": ["docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md"],
"notes": "可 mirror approval candidateblocked_until_approved=true 時不得執行。"
}
],
"still_forbidden": [
"execute_mirror_item",
"start_kali_scan",
"call_kali_execute_endpoint",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"switch_github_primary",
"store_secret_token_cookie_private_key_or_exploit_payload",
"turn_low_medium_observations_into_blocking_gates"
]
}
Reference in New Issue View Git Blame Copy Permalink