wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
e14fa3d8fd203e00a34300f6a912fb36d4e3eadd
awoooi/docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md
Your Name 9e15fd08b3
All checks were successful
CD Pipeline / tests (push) Successful in 1m39s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 5m19s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m11s
Details
feat(web): land iwooos security posture surfaces
2026-05-25 20:35:52 +08:00

11 KiB
Raw Blame History

GitHub Primary Readiness Gate

項目 內容
日期 2026-05-17
狀態 草案blocked by default
Schema docs/schemas/source_control_primary_readiness_gate_v1.schema.json
Snapshot docs/security/source-control-primary-readiness-gate.snapshot.json
Rollback ADR docs/security/source-control-primary-rollback-adr.snapshot.json
GitHub target owner response docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md
Ref truth owner response docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md
Workflow / secret owner response docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md
Owner response validation rollup docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md
模式 primary_readiness_gate_only
runtime 執行授權 false

0. 核心結論

source_control_primary_readiness_gate_v1 是 S4.0 的 GitHub primary readiness gate 草案。

它只回答一件事:如果長期方向要把 Gitea 降成本地 mirror / fallback並把 GitHub 做成 primaryAwoooP 在任何切換前必須看到哪些 parity、owner、rollback 與人工批准 evidence。

它不是 cutover plan也不是 refs sync plan。目前 primary_ready_count=0github_primary_switch_authorized=false

1. 目前狀態

指標 數量
Candidate repos 8
In-scope repos 7
External scope review 1
Primary ready 0
Blocked in-scope 7
Approval required 7

2. 全域 Gate

Gate 目前狀態 說明
Gitea authenticated inventory blocked private/internal 全量 repo list 尚未完成S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 與 collection checks 已可顯示,但 S4.7 owner coverage attestation response 仍未收到audit events emitted 仍為 0S4.13 已集中顯示四包 owner response validation、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes但 total accepted response 仍為 0、reviewer audit emitted 仍為 0
refs truth / branch-tag parity blocked 3 個 mapped repos 仍有 refs driftS4.11 已補 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包received / accepted response 皆為 0、audit events emitted 仍為 0
workflow / runner / secret name parity missing evidence S4.1 已建立 inventory 契約S4.12 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包received / accepted response 皆為 0、audit events emitted 仍為 0尚未有實際 redacted workflow、webhook、runner、secret 名稱 snapshot
owner / visibility / canonical pending review 7 個 in-scope targets 仍需人工決策S4.10 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包received / accepted response 皆為 0
rollback ADR pending review S4.4 已建立 rollback ADR 草案7 個 in-scope repos 仍需 owner approval、dry-run 與 validation window

3. AwoooP 可做

  1. 顯示每個 repo 的 readiness state、blockers 與 evidence refs。
  2. 顯示 primary_ready_count=0
  3. 將 7 個 in-scope repos 維持在 approval / review lane。
  4. 顯示哪些 evidence 仍缺Gitea authenticated inventory、S4.7 owner coverage attestation、S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / owner response、S4.10 GitHub target owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.11 refs truth owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.12 workflow / secret name owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.13 validation rollup / evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes、workflow/runner/secret name inventory、rollback ADR。
  5. 連到 S4.10 github_target_owner_decision_response_v1 顯示 1 個 owner response request packet、7 個 owner response template statuses、3 個 owner response audit event templates、5 個 owner response redaction examples、6 個 owner response collection checks、6 個 intake preflight checks、7 個 owner decision response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0。
  6. 連到 S4.11 source_control_ref_truth_owner_response_v1 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 refs owner response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0、audit events emitted 仍為 0。
  7. 連到 source_control_workflow_secret_name_inventory_v1 顯示 8 個 candidate repos 的 inventory lane 缺口與 S4.2 local evidence只保存 secret 名稱與 owner不保存 value。
  8. 連到 S4.12 source_control_workflow_secret_name_owner_response_v1 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 owner response templates、8 個 acceptance checks、10 個 rejection rules且 received / accepted response 皆為 0、audit events emitted 仍為 0。
  9. 連到 S4.13 source_control_owner_response_validation_rollup_v1 顯示四包 owner response validation 狀態22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received / accepted / rejected response 皆為 0、reviewer audit emitted 仍為 0。
  10. 連到 source_control_primary_rollback_adr_v1 顯示 7 個 in-scope repos 的 rollback owner、trigger 與 validation window 草案。
  11. 把狀態寫入 Audit evidence 與 Operator Console。

4. AwoooP 不可做

  1. 不建立 GitHub repo。
  2. 不修改 repo visibility。
  3. 不 sync refs、不 delete refs、不 force push。
  4. 不切 GitHub primary。
  5. 不停用、刪除、封存或降級 Gitea repo。
  6. 不搬移或保存 secret value。
  7. 不顯示 repo、refs、primary switch 類 action button。

5. 階段定位

S4.0 只是把「切換前一定要看見什麼」先定義清楚。

S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包不是切換批准。S4.7 已補上 Gitea coverage owner attestationS4.9 已補上 Gitea owner response request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks、收件包、preflight 與 outcome lanesS4.10 已補上 GitHub target owner decision response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包S4.11 已補上 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包S4.12 已補上 workflow / secret 名稱 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包S4.13 已補上四包 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes它們只是 scope decision、response 收件提示、metadata audit template、脫敏範例、只讀收件檢查、只讀 preflight、只讀顯示順序、只讀 evidence routing、只讀狀態語義、人工審查提示、結果分類、脫敏稽核格式、稽核顯示邊界、只讀稽核檢查、安全 metadata 顯示範例、metadata retention 邊界、只讀 retention 驗證、跨 Session 只讀交接、交接消費檢查、平行 Session 同步檢查、衝突 lane、復原前檢查、復原結果分類與驗收框架不是 audit production ingestion、migration approval、repo creation approval、visibility change approval、refs sync approval、delete approval、force-push approval、secret value collection approval、workflow modification approval 或 primary approval。owner_approved_count=0dry_run_completed_count=0active_cutover_count=0

這讓長期回到 GitHub 的方向可以繼續往前,但仍維持低摩擦:目前只 mirror、只顯示、只留痕不執行。

Reference in New Issue View Git Blame Copy Permalink