141 lines
3.9 KiB
JSON
141 lines
3.9 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "urn:awoooi:security-approval-queue-v1",
|
|
"title": "AWOOOI Security Supply Chain Approval Queue (v1)",
|
|
"description": "集中整理 Security Supply Chain 初期需要 AwoooP 顯示、排隊、等待人工批准的高風險或敏感邊界項目。此契約不授權執行。",
|
|
"type": "object",
|
|
"required": [
|
|
"schema_version",
|
|
"status",
|
|
"date",
|
|
"default_mode",
|
|
"execution_authorized",
|
|
"runtime_changes_authorized",
|
|
"raw_secret_storage_authorized",
|
|
"summary",
|
|
"queue_items",
|
|
"next_recommended_review_order"
|
|
],
|
|
"properties": {
|
|
"schema_version": {
|
|
"const": "security_approval_queue_v1"
|
|
},
|
|
"status": {
|
|
"type": "string",
|
|
"enum": ["draft"]
|
|
},
|
|
"date": {
|
|
"type": "string"
|
|
},
|
|
"default_mode": {
|
|
"type": "string",
|
|
"enum": ["approval_only"]
|
|
},
|
|
"execution_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"runtime_changes_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"raw_secret_storage_authorized": {
|
|
"type": "boolean",
|
|
"const": false
|
|
},
|
|
"summary": {
|
|
"type": "object",
|
|
"required": [
|
|
"total_items",
|
|
"pending_approval_count",
|
|
"block_candidate_count",
|
|
"observe_or_warn_count"
|
|
],
|
|
"properties": {
|
|
"total_items": {"type": "integer", "minimum": 0},
|
|
"pending_approval_count": {"type": "integer", "minimum": 0},
|
|
"block_candidate_count": {"type": "integer", "minimum": 0},
|
|
"observe_or_warn_count": {"type": "integer", "minimum": 0}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"queue_items": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"queue_item_id",
|
|
"source_contract",
|
|
"source_event_id",
|
|
"title",
|
|
"risk",
|
|
"state",
|
|
"recommended_awooop_mode",
|
|
"requested_decision",
|
|
"blocked_until_approved",
|
|
"required_reviewers",
|
|
"evidence_refs",
|
|
"allowed_after_approval",
|
|
"still_forbidden"
|
|
],
|
|
"properties": {
|
|
"queue_item_id": {"type": "string"},
|
|
"source_contract": {"type": "string"},
|
|
"source_event_id": {"type": "string"},
|
|
"title": {"type": "string"},
|
|
"risk": {
|
|
"type": "string",
|
|
"enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"]
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": ["observe_only", "warn_only", "pending_approval", "block_candidate"]
|
|
},
|
|
"recommended_awooop_mode": {
|
|
"type": "string",
|
|
"enum": ["observe", "warn", "approve_required", "block_candidate"]
|
|
},
|
|
"requested_decision": {"type": "string"},
|
|
"blocked_until_approved": {"type": "boolean"},
|
|
"required_reviewers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"critic",
|
|
"vuln-verifier",
|
|
"migration-engineer",
|
|
"security-commander",
|
|
"human-owner"
|
|
]
|
|
},
|
|
"uniqueItems": true
|
|
},
|
|
"evidence_refs": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
},
|
|
"allowed_after_approval": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
},
|
|
"still_forbidden": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
},
|
|
"expires_at": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"next_recommended_review_order": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|