wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
d7b5dfd85e3e16ffbd0a66a8d963ca2145eb0f21
awoooi/docs/security/SECURITY-MIRROR-READINESS.md
Your Name 9e15fd08b3
All checks were successful
CD Pipeline / tests (push) Successful in 1m39s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 5m19s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m11s
Details
feat(web): land iwooos security posture surfaces
2026-05-25 20:35:52 +08:00

11 KiB
Raw Blame History

資安供應鏈鏡像就緒狀態

項目 內容
日期 2026-05-17
狀態 草案
Schema docs/schemas/security_mirror_readiness_v1.schema.json
Snapshot docs/security/security-mirror-readiness.snapshot.json
預設 enforcement mirror_only
原則 AwoooP 可 mirror / read-only 顯示,不可執行

0. 核心結論

本 readiness index 是給 AwoooP 主線的安全消費入口。

它回答三個問題:

  1. 哪些 contract 已可 mirror
  2. 哪些 contract 只能 partial mirror 或 contract-only 顯示?
  3. AwoooP 消費時仍然禁止哪些動作?

目前統計:

狀態 數量 說明
ready_for_mirror 33 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence
partial_ready 2 可 mirror但 evidence 仍不完整
contract_only 1 有 schema / handoff尚無正式 snapshot
blocked 0 目前沒有禁止 mirror 的 contract

這不代表可以執行。execution_allowed=false 對所有 contract 都成立。

1. Partial / Contract-only 項目

Contract 狀態 原因 下一步
security_finding_v1 partial_ready 目前只有 Kali sample snapshotruntime ingestion 尚未啟用 先 review kali-finding-runtime-ingestion-approval-20260513
gitea_repo_inventory_v1 partial_ready 目前只有 public-only / blocked endpoint evidenceS4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約S4.7 已補 owner coverage attestationS4.9 已補 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆 先依 S4.9 request packet 要求 owner 回覆,並用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,再驗收 S4.7 owner response之後依 S4.5 請求取得脫敏清冊並用 S4.6 驗收 / 拒收 / 隔離;不保存 token value
coding_task_v1 contract_only 已有 schema 與 handoff prompt尚無正式 coding task snapshot 等 code review 產生實際 task 後再 mirror

2. AwoooP 鏡像目的地

AwoooP 可以將 ready / partial contracts mirror 到:

  1. Operator Console。
  2. Runtime State。
  3. Channel Event。
  4. Audit evidence。
  5. Approval Queue。

初期只顯示狀態、風險、review order、evidence refs 與 blocked reason。

3. 永久禁止

  1. 不執行 mirror item。
  2. 不啟動 Kali scan。
  3. 不呼叫 Kali /execute
  4. 不建立 GitHub repo。
  5. 不修改 repo visibility。
  6. 不 sync refs。
  7. 不切 GitHub primary。
  8. 不保存 raw secret、token、cookie、private key 或 exploit payload。
  9. 不把 LOW / MEDIUM observation 變成 blocking gate。
  10. 不把缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接變 runtime blocker。

4. 下一步建議

最安全的 S2 落地順序:

  1. AwoooP 先 mirror security_mirror_readiness_v1security_supply_chain_contract_manifest_v1
  2. 再使用 security_mirror_event_v1 包裝每一筆 mirror payload。
  3. 再 mirror security_mirror_route_v1決定目的地、channel policy 與 review lane。
  4. 再 mirror security_mirror_acceptance_v1,驗收 contract count、event envelope、route coverage 與 redaction。
  5. 再 mirror security_mirror_quarantine_v1,定義驗收失敗時的隔離與 retry gate。
  6. 再 mirror security_mirror_dry_run_v1,定義接入演練回報格式。
  7. 再 mirror security_mirror_status_rollup_v1security_rollout_policy_v1iwooos_posture_projection_v1 與 S4.13 SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md,顯示跨 Session 狀態、IwoooS 前端資安態勢投影、7 條 low-friction non-blocking escalation lanes、四個 owner response packets、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與下一個 gate。
  8. 再 mirror security_mirror_intake_plan_v1,照 wave 執行 read-only intake。
  9. 再 mirror security_approval_queue_v1,只顯示 review order。
  10. 再 mirror security_approval_gate_v1,只記錄人工決策與 follow-up runtime gate。
  11. 再 mirror security_approval_decision_record_v1,只保存人工決策紀錄,不觸發執行。
  12. 再 mirror security_approval_review_packet_v1只顯示人工審查封包、review lane 與仍然禁止事項。
  13. 再 mirror security_approval_state_transition_v1,只顯示決策後 next state 與 follow-up runtime gate。
  14. 再 mirror security_followup_runtime_gate_v1,只顯示 runtime gate 準備模板、preflight checks 與 rollback / disable requirement。
  15. 再 mirror source_control_primary_readiness_gate_v1,只顯示 GitHub primary parity、owner、rollback 與人工批准缺口。
  16. 再 mirror source_control_primary_rollback_adr_v1,只顯示 7 個 in-scope repo 的 rollback ADR 草案、validation window 與 owner review不執行 rollback、不切 primary。
  17. 再 mirror gitea_repo_inventory_v1、S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response request packet / 收件包,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則、5 個 owner scope decision items、request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks、response templates、intake preflight checks 與 outcome lanes不保存 token value、不寫 Gitea、不 sync refs。
  18. 再 mirror source_control_workflow_secret_name_inventory_v1、S4.2 local evidence 與 S4.3 redacted export request只顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 local evidence 有 4 個 repos、31 個 workflow files、43 個 referenced secret namesexport request 有 7 個 repos、5 類 lanes不保存 secret value。
  19. 再 mirror kali_integration_status_v1kali_scan_scope_approval_v1
  20. 最後再 mirror source-control 其他 contracts。

GitHub target 決策面需同時 mirror S4.10 GITHUB-TARGET-OWNER-DECISION-RESPONSE.mdgithub-target-owner-decision-response.snapshot.json,只顯示 1 個 owner response request packet、7 個 owner response template statuses、3 個 owner response audit event templates、5 個 owner response redaction examples、6 個 owner response collection checks、6 個 intake preflight checks、7 個 owner decision response templates、received / accepted response 皆為 0、8 個 acceptance checks 與 10 個 rejection rules不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation、visibility change、refs sync 或 GitHub primary approval。

Ref truth 決策面需同時 mirror S4.11 SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.mdsource-control-ref-truth-owner-response.snapshot.json,只顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 owner response templates、received / accepted response 皆為 0、audit events emitted 仍為 0、8 個 acceptance checks 與 10 個 rejection rules不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync、delete、force push 或 GitHub primary approval。

Workflow / secret 名稱決策面需同時 mirror S4.12 SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.mdsource-control-workflow-secret-name-owner-response.snapshot.json,只顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 owner response templates、received / accepted response 皆為 0、audit events emitted 仍為 0、8 個 acceptance checks 與 10 個 rejection rules不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value 收集、workflow 修改、GitHub hosted runner 啟用或 GitHub primary approval。

Owner response validation 決策面需同時 mirror S4.13 SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.mdsource-control-owner-response-validation-rollup.snapshot.json,只顯示 S4.9 / S4.10 / S4.11 / S4.12 四個 response packets 的驗收總覽22 個 templates、received / accepted / rejected 皆為 0、cross-packet checks 10 個、evidence routing rules 6 條、display sections 8 個、state transition rules 7 條、reviewer checklist 9 個、reviewer outcome lanes 7 條、reviewer audit event templates 4 個、reviewer audit display sections 5 個、reviewer audit collection checks 6 個、reviewer audit redaction examples 5 個、reviewer audit retention rules 5 條、reviewer audit retention checks 6 個、reviewer audit handoff packets 6 個、reviewer audit handoff checks 6 個、parallel session sync checks 6 個、parallel session conflict lanes 6 條、parallel session recovery checks 6 個、parallel session recovery outcome lanes 7 條,且 reviewer audit emitted 仍為 0不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets / checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 或 parallel session recovery outcome lanes 當成 approval、runtime gate、production ingestion 或 execution authorization。

整個 S2 不新增 execution router、不新增執行按鈕、不新增 runtime blocker。

Reference in New Issue View Git Blame Copy Permalink