awoooi/docs/security/source-control-reconcile-plan.snapshot.json

{
  "schema_version": "source_control_reconcile_plan_v1",
  "status": "draft_blocked",
  "date": "2026-05-13",
  "default_mode": "plan_only",
  "inventory_gate": {
    "status": "blocked",
    "reason": "Gitea authenticated / admin_export server-side inventory 尚未完成；本 plan 只能作草案，不可執行 refs sync。",
    "required_before_execution": [
      "Gitea authenticated 或 admin_export server-side repo inventory status=ok",
      "branch-by-branch SHA diff 已完成",
      "tag-by-tag SHA diff 已完成",
      "workflow / webhook / runner / secret 名稱 inventory 已完成",
      "repo owner / visibility / branch protection / CODEOWNERS 已確認",
      "rollback plan 與 GitHub primary ADR 已完成",
      "人工批准只針對單一 repo 生效，不得批次套用到所有 repo"
    ]
  },
  "plan_count": 3,
  "owner_response_packet": {
    "schema_version": "source_control_ref_truth_owner_response_v1",
    "snapshot_path": "docs/security/source-control-ref-truth-owner-response.snapshot.json",
    "human_doc": "docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md",
    "received_response_count": 0,
    "accepted_response_count": 0,
    "execution_authorized": false,
    "allowed_effect": "response 通過後只更新 draft wording，不授權 refs sync/delete/force push/primary switch"
  },
  "plans": [
    {
      "gitea_repo": "wooo/awoooi",
      "github_repo": "owenhytsai/awoooi",
      "risk": "HIGH",
      "source_status": "blocked",
      "divergence_summary": {
        "gitea_branch_count": 117,
        "github_branch_count": 2,
        "gitea_tag_count": 2,
        "github_tag_count": 0,
        "gitea_main_sha": "5294f0712f1a3370d0155c0d88e5d10c6ec0250e",
        "github_main_sha": "202071f7a8724d5e8c29de441c3f380575a0ea94",
        "blocking_reason": "branches 尚未完全對齊；tags 尚未完全對齊"
      },
      "proposed_plan_steps": [
        "先確認目前 production deploy 真相來源與 deploy marker 流程，避免主控切換影響發版。",
        "針對 `wooo/awoooi` 與 `owenhytsai/awoooi` 產生 branch-by-branch diff 表。",
        "針對 `wooo/awoooi` 與 `owenhytsai/awoooi` 產生 tag-by-tag diff 表。",
        "標記每個 diff 的真相來源候選：Gitea、GitHub、人工指定或 deprecated。",
        "列出 workflow / webhook / runner / secret 名稱差異，只記名稱不記 value。",
        "產生 dry-run PR / ADR 草案，仍不 push refs。"
      ],
      "execution_gates": [
        "Gitea authenticated 或 admin_export server-side repo inventory status=ok",
        "branch-by-branch SHA diff 已完成",
        "tag-by-tag SHA diff 已完成",
        "workflow / webhook / runner / secret 名稱 inventory 已完成",
        "repo owner / visibility / branch protection / CODEOWNERS 已確認",
        "rollback plan 與 GitHub primary ADR 已完成",
        "人工批准只針對單一 repo 生效，不得批次套用到所有 repo"
      ],
      "allowed_now": [
        "更新 read-only evidence",
        "更新 approval board",
        "產生 draft reconcile plan",
        "讓 AwoooP mirror plan 狀態"
      ],
      "still_forbidden": [
        "push refs",
        "force push",
        "delete refs",
        "create GitHub repo",
        "change repo visibility",
        "switch GitHub primary",
        "disable Gitea",
        "move secret values"
      ],
      "evidence_refs": [
        "docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "gitea_repo": "wooo/clawbot-v5",
      "github_repo": "owenhytsai/clawbot-v5",
      "risk": "MEDIUM",
      "source_status": "blocked",
      "divergence_summary": {
        "gitea_branch_count": 1,
        "github_branch_count": 1,
        "gitea_tag_count": 1,
        "github_tag_count": 0,
        "gitea_main_sha": "22074fbe4d6ec6c11c86f76139eea55756d1d160",
        "github_main_sha": "7a769de46450087f9d6a8ef0d2ac23ed15565d2c",
        "blocking_reason": "branches 尚未完全對齊；tags 尚未完全對齊"
      },
      "proposed_plan_steps": [
        "針對 `wooo/clawbot-v5` 與 `owenhytsai/clawbot-v5` 產生 branch-by-branch diff 表。",
        "針對 `wooo/clawbot-v5` 與 `owenhytsai/clawbot-v5` 產生 tag-by-tag diff 表。",
        "標記每個 diff 的真相來源候選：Gitea、GitHub、人工指定或 deprecated。",
        "列出 workflow / webhook / runner / secret 名稱差異，只記名稱不記 value。",
        "產生 dry-run PR / ADR 草案，仍不 push refs。"
      ],
      "execution_gates": [
        "Gitea authenticated 或 admin_export server-side repo inventory status=ok",
        "branch-by-branch SHA diff 已完成",
        "tag-by-tag SHA diff 已完成",
        "workflow / webhook / runner / secret 名稱 inventory 已完成",
        "repo owner / visibility / branch protection / CODEOWNERS 已確認",
        "rollback plan 與 GitHub primary ADR 已完成",
        "人工批准只針對單一 repo 生效，不得批次套用到所有 repo"
      ],
      "allowed_now": [
        "更新 read-only evidence",
        "更新 approval board",
        "產生 draft reconcile plan",
        "讓 AwoooP mirror plan 狀態"
      ],
      "still_forbidden": [
        "push refs",
        "force push",
        "delete refs",
        "create GitHub repo",
        "change repo visibility",
        "switch GitHub primary",
        "disable Gitea",
        "move secret values"
      ],
      "evidence_refs": [
        "docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md"
      ],
      "awooop_consumption": "approval_candidate"
    },
    {
      "gitea_repo": "wooo/wooo-aiops",
      "github_repo": "owenhytsai/wooo-aiops",
      "risk": "MEDIUM",
      "source_status": "blocked",
      "divergence_summary": {
        "gitea_branch_count": 2,
        "github_branch_count": 3,
        "gitea_tag_count": 0,
        "github_tag_count": 19,
        "gitea_main_sha": "507384a2e1943f4183942bf17d7b52e223067853",
        "github_main_sha": "7c7aa109d93da6d75d687d6ee5131151afee37e8",
        "blocking_reason": "branches 尚未完全對齊；tags 尚未完全對齊"
      },
      "proposed_plan_steps": [
        "針對 `wooo/wooo-aiops` 與 `owenhytsai/wooo-aiops` 產生 branch-by-branch diff 表。",
        "針對 `wooo/wooo-aiops` 與 `owenhytsai/wooo-aiops` 產生 tag-by-tag diff 表。",
        "標記每個 diff 的真相來源候選：Gitea、GitHub、人工指定或 deprecated。",
        "列出 workflow / webhook / runner / secret 名稱差異，只記名稱不記 value。",
        "產生 dry-run PR / ADR 草案，仍不 push refs。"
      ],
      "execution_gates": [
        "Gitea authenticated 或 admin_export server-side repo inventory status=ok",
        "branch-by-branch SHA diff 已完成",
        "tag-by-tag SHA diff 已完成",
        "workflow / webhook / runner / secret 名稱 inventory 已完成",
        "repo owner / visibility / branch protection / CODEOWNERS 已確認",
        "rollback plan 與 GitHub primary ADR 已完成",
        "人工批准只針對單一 repo 生效，不得批次套用到所有 repo"
      ],
      "allowed_now": [
        "更新 read-only evidence",
        "更新 approval board",
        "產生 draft reconcile plan",
        "讓 AwoooP mirror plan 狀態"
      ],
      "still_forbidden": [
        "push refs",
        "force push",
        "delete refs",
        "create GitHub repo",
        "change repo visibility",
        "switch GitHub primary",
        "disable Gitea",
        "move secret values"
      ],
      "evidence_refs": [
        "docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md"
      ],
      "awooop_consumption": "approval_candidate"
    }
  ]
}