Files
awoooi/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
2026-05-19 11:04:34 +08:00

38 KiB
Raw Blame History

資安供應鏈整體進度

項目 內容
日期 2026-05-17
狀態 S0/S1 read-only evidence 建置中
本階段完成 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約
原則 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary

0. 本階段完成後整體進度

0.1 2026-05-17 整體進度估算

進度面向 估算 判讀
整體資安網 58% 框架與只讀治理已成形,仍等待 owner response、redacted payload、runtime gate 與 GitHub primary readiness
框架 / 治理 / 文件 / schema / read-only evidence 80-85% 35 個主要 contract 中 32 ready、2 partial、1 contract-only、0 blocked
真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing 35-40% owner response 仍 0、active runtime gate 仍 0、payload ingestion=false、github_primary_ready_count=0

這個進度估算用於雙 Session 同步與階段判讀,不是 approval、runtime execution、GitHub primary cutover 或 Kali scan authorization。現階段仍維持統帥要求的低摩擦策略先建完整框架與 evidence之後再分階段收斂。

本估算可用以下只讀 guard 驗證:

python3 scripts/security/security-mirror-progress-guard.py

0.2 Headline 58% 不代表停滯

近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks以及 S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates 都是有效進展,但它們是 framework detail不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。

最近完成 目前狀態 headline delta
S4.10 request packet 已完成草案,只顯示 owner 要回覆什麼 0
S4.10 template status ledger 已完成草案7 個 targets 仍 waiting owner response 0
S4.10 audit event templates 已完成草案,emitted_event_count=0 0
S4.10 redaction examples 已完成草案,只示範脫敏 metadata shape 0
S4.10 collection checks 已完成草案,只維持 request / received / accepted 狀態分離 0
S4.10 intake preflight checks 已完成草案,只分類可收、補證、隔離或拒收 0
S4.11 request packet 已完成草案,只顯示 owner 要回覆哪 5 類 refs truth 問題 0
S4.11 template status ledger 已完成草案5 類 refs truth responses 仍 waiting owner response 0
S4.11 audit event templates 已完成草案,emitted_event_count=0 0
S4.11 redaction examples 已完成草案,只示範脫敏 metadata shape 0
S4.11 collection checks 已完成草案,只維持 request / received / accepted 狀態分離 0
S4.11 intake preflight checks 已完成草案,只分類可審、補證、隔離、拒收或等待 0
S4.12 request packet 已完成草案,只顯示 owner 要回覆哪 5 類 workflow / secret 名稱問題 0
S4.12 template status ledger 已完成草案5 類 workflow / secret 名稱 responses 仍 waiting owner response 0
S4.12 audit event templates 已完成草案,emitted_event_count=0,只定義脫敏 metadata 0
S4.12 redaction examples 已完成草案,只示範安全 metadata shape 0
S4.12 collection checks 已完成草案,只維持 request / received / accepted 狀態分離 0
S4.12 intake preflight checks 已完成草案,只分類可審、補證、隔離或拒收 0
S4.13 evidence routing rules 已完成草案,只路由 owner evidence pointer 到補證、隔離、拒收、跨包 review 或只讀更新 0
S4.13 display sections 已完成草案,只固定 AwoooP Operator Console 的 read-only 呈現順序 0
S4.13 state transition rules 已完成草案,只固定 owner response validation 的 read-only 狀態語義 0
S4.13 reviewer checklist 已完成草案,只提供人工審查順序與只讀檢查提示 0
S4.13 reviewer outcome lanes 已完成草案,只分類等待、補證、隔離、拒收、跨包 review、只讀候選或等待 runtime gate 0
S4.13 reviewer audit event templates 已完成草案,只定義未來可留痕的脫敏 metadataemitted 仍為 0 0

headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。

階段 狀態 目前結果 下一個 gate
S0 文件與契約同步 完成 Kali / Codex / GitHub / Gitea / AwoooP 邊界已文件化,核心 schema 草案已建立 AwoooP 只讀 mirror 消費
S1 source-control read-only inventory 進行中 已有 Gitea/GitHub refs、Gitea public-only user repo list、本機 remote、GitHub target probe、canonical lineage、110 refs evidence Gitea private/internal 全量 repo list
S1.0 Gitea 全量 inventory approval 完成草案 已建立 read-only token / admin export approval package 統帥或 repo owner 批准
S1.1 GitHub target 決策 完成草案 8 個 target 候選7 個需人工批准3 個 not_found_or_private 不得自動建立S4.10 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包 owner / visibility / canonical response
S1.2 GitHub target 逐 repo approval 完成草案 7 個 approval-required targets 已拆成逐 repo pending package並彙整成 8-item approval boardS4.10 目前 response 0 筆 低摩擦逐項批准
S1.2a refs reconcile plan 完成草案 awoooiclawbot-v5wooo-aiops 已產生 draft plan狀態仍為 draft_blocked authenticated inventory + branch/tag diff + single-repo approval
S1.2b branch/tag detail diff 完成草案 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff已忽略本 PR 分支避免 evidence 自我污染 人工判定真相來源與 deprecated refs
S1.2c refs 真相來源分類 完成草案 141 個 ref review items 已分類4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refsS4.11 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包 repo owner 單 ref / 單 repo 判定
S1.3 低摩擦 rollout policy 完成草案 observe-first / mirror-only matrix 已建立 AwoooP read-only policy 消費
S1.4 契約索引 完成草案 35 個主要 contract 已集中成 manifest AwoooP mirror-only contract registry
S1.5 Kali 112 live 整合狀態 完成第一波 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required scan result ingestion + /execute high-risk gate
S1.6 Kali finding / scan scope approval 完成草案 security_finding_v1 sample snapshot 與 kali_scan_scope_approval_v1 approval package 已建立111/168 已納入 observe-only scope 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate
S1.7 Security approval queue 完成草案 8 個 approval queue items 已集中7 pending approval、1 block candidateAwoooP 可 mirror 但不得執行 先 review redacted finding ingestion再 review safe crawl / Gitea inventory
S2 AwoooP mirror-only readiness 完成草案 security_mirror_readiness_v1 已整理 35 個 contracts32 ready、2 partial、1 contract-only、0 blocked AwoooP 主線建立只讀入口
S2.1 AwoooP mirror-only intake plan 完成草案 security_mirror_intake_plan_v1 已建立 5 個 intake waves 與 4 個 acceptance gates AwoooP 主線照 wave mirror不新增 execution router
S2.2 AwoooP 鏡像事件信封 完成草案 security_mirror_event_v1 已建立,要求每筆鏡像 payload 標示 execution_authorized=falseaction_buttons_allowed=false AwoooP 鏡像 payload 統一信封
S2.3 AwoooP 鏡像路由矩陣 完成草案 security_mirror_route_v1 已建立 5 個 route groups定義目的地、channel policy 與 review lane AwoooP 消費時不猜路由、不新增執行入口
S2.4 AwoooP 鏡像驗收契約 完成草案 security_mirror_acceptance_v1 已建立 8 個 acceptance checksblocking 只針對鏡像資料不完整、未脫敏或進度估算被誤當授權 AwoooP 接入時可驗收,不升級成 runtime enforcement
S2.5 AwoooP 鏡像隔離契約 完成草案 security_mirror_quarantine_v1 已建立 5 個 quarantine lanes失敗 payload 必須等新 snapshot commit 後才能 retry AwoooP 可隔離壞資料,不阻擋 runtime
S2.6 AwoooP 鏡像 dry-run 報告契約 完成草案 security_mirror_dry_run_v1 已建立 8 個 dry-run steps已納入 CHECK_PROGRESS_GUARDCHECK_OWNER_RESPONSE_GUARDlatest local validation 為 repo_snapshot_guard_pass;目前狀態仍為 contract defined not executed AwoooP 未來可回報演練結果,但不啟動 production ingestion
S2.7 AwoooP 鏡像狀態彙整契約 完成草案 security_mirror_status_rollup_v1 已建立,彙整 S0-S4、approval queue summary 與下一個安全 gateS4.13 已補 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates 兩個 Session 用同一份 rollup 同步,不誤啟執行面
S3 approval gate 進行中 security_approval_gate_v1 已建立 8 個人工 gate items7 pending、1 block candidate、0 approved 不得繞過人工批准;批准後仍需 follow-up runtime gate
S3.0 人工批准 Gate 契約 完成草案 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate AwoooP 可記錄決策,不可執行 gate item
S3.1 人工決策紀錄契約 完成草案 security_approval_decision_record_v1 已建立;目前 0 筆 decision records、0 個 runtime action 授權 AwoooP 可稽核決策,不可把決策當執行
S3.2 人工審查封包契約 完成草案 security_approval_review_packet_v1 已建立8 個 review packets、7 ready for human review、1 block candidate、0 個 runtime action 授權 AwoooP 可顯示 review lane不可把 packet 當批准或執行
S3.3 人工決策狀態轉移契約 完成草案 security_approval_state_transition_v1 已建立5 個 decision options 都有 next state、0 個 runtime action 授權 AwoooP 可顯示決策後狀態,不可把 transition 當執行
S3.4 後續 runtime gate 準備契約 完成草案 security_followup_runtime_gate_v1 已建立8 個 gate templates、0 個 active runtime gates、0 個 approved scope AwoooP 可顯示前置 evidence、preflight checks 與 rollback / disable requirement不可啟用 runtime gate
S4.0 GitHub primary readiness gate 完成草案 source_control_primary_readiness_gate_v1 已建立8 個 candidate repos、7 個 in-scope blocked、0 個 primary readyS4.10 已補 target owner response gateS4.11 已補 refs truth owner response gateS4.12 已補 workflow / secret 名稱 owner response gate AwoooP 可顯示 parity、owner、rollback ADR 缺口,不可切 primary
S4.1 Workflow / Secret 名稱 inventory 契約 完成草案 source_control_workflow_secret_name_inventory_v1 已建立8 個 candidate repos、7 個 in-scope repos 尚缺實際 inventory、0 個 complete、禁止收集 secret value AwoooP 可顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱缺口,不可修改 workflow 或 secret
S4.2 Workflow / Secret 名稱 local evidence 完成草案 已建立 local read-only collector 與 snapshot7 個 local repos visible、4 個 local evidence repos、31 個 workflow files、43 個 referenced secret names、secret value detected=false 補 webhook / deploy key / branch protection / repository secret parity 的 redacted evidence仍不可切 primary
S4.3 Workflow / Secret 名稱 redacted export request 完成草案 已建立 export request schema / snapshot / 人讀版7 個 in-scope repos、5 類 export laneswebhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name paritywrite token allowed=false repo owner 或未來只讀 API 依 request 補 redacted export仍不可收 secret value、不可修改 GitHub/Gitea
S4.12 Workflow / Secret Name Owner Response 收件包 完成草案 已建立 owner response schema / snapshot / 人讀版1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 response templates、8 個 acceptance checks、10 個 rejection rules、candidate repos 8、in-scope repos 7、received response 0、accepted 0、audit events emitted 0、execution authorized=false owner 依 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與模板回覆 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parityresponse 通過只更新 read-only inventory / export request / readiness wording不代表收 secret value、改 workflow、啟用 runner 或 primary approval
S4.13 Source Control Owner Response Validation Rollup 完成草案 已建立 validation rollup schema / snapshot / 人讀版;彙整 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets、4 條 missing response lanes、4 步 owner response collection order、next collection candidate、22 個 response templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、40 個 rejection rules、received / accepted / rejected response 皆為 0、reviewer audit emitted 仍為 0、execution authorized=falselatest local validation 為 SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK AwoooP 可顯示四包 owner response 驗收總覽、缺口摘要、建議收件順序、下一個建議收件項目、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates 與 quarantine rulesrollup 不代表 approval、runtime gate、production ingestion、repo / refs / workflow / secret / runner 執行授權或 primary approval
S4.4 GitHub Primary rollback ADR 完成草案 已建立 rollback ADR schema / snapshot / 人讀版7 個 in-scope rollback drafts、0 owner approved、0 dry-run completed、0 active cutover repo owner 審查 rollback owner、validation window 與 triggers仍不可切 primary 或執行 rollback
S4.5 Gitea 認證清冊匯出請求 完成草案 已建立匯出請求 schema / snapshot / 人讀版;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;允許收集 token value=false repo owner 依只讀 token API 或已脫敏管理匯出補私有 / 內部全量 repo list仍不可保存 token、不可 write Gitea、不可 refs sync
S4.6 Gitea 認證清冊匯入驗收契約 完成草案 已建立匯入驗收 schema / snapshot / 人讀版;目前 received payload 0、accepted 0、rejected 0定義 10 個驗收檢查、10 個拒收規則與 4 個 quarantine lanes owner 提供脫敏 payload 後先驗收 / 拒收 / 隔離;仍不可把驗收當 primary approval
S4.7 Gitea 清冊覆蓋 Owner Attestation 完成草案 已建立 coverage attestation schema / snapshot / 人讀版5 個 owner decision items、received attestation 0、accepted 0、execution authorized=false owner 判定 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition仍不可把 attestation 當 migration approval
S4.8 Gitea Owner Attestation Approval Lane 對齊 完成草案 已將既有 Gitea approval queue / gate / review packet / follow-up runtime gate 對齊 S4.7 先行條件queue items 維持 8、review packets 維持 8、active runtime gates 維持 0 AwoooP 先顯示 5 個 attestation itemsowner decision 接受前不得執行 read-only inventory 或標記 complete
S4.9 Gitea Owner Attestation Response 收件包 完成草案 已建立 owner response schema / snapshot / 人讀版1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false owner 依 request packet 與模板回覆 S4.7 五個 itemsAwoooP 先用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,再用 preflight / outcome lanes 判斷可審、補證、隔離、拒收或等待response 通過只更新 read-only matrix / decision table / readiness gate不代表 inventory 執行、audit production ingestion 或 primary approval
S4.10 GitHub Target Owner Decision Response 收件包 完成草案 已建立 owner decision response schema / snapshot / 人讀版1 個 owner response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、7 個 response templates、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false owner 依 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與模板回覆 7 個 GitHub target 的 owner / visibility / canonicalresponse 通過只更新 read-only decision table / approval package / approval board / readiness gate不代表 repo creation、visibility change、refs sync 或 primary approval
S4.11 Source Control Ref Truth Owner Response 收件包 完成草案 已建立 owner response schema / snapshot / 人讀版1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 response templates、8 個 acceptance checks、10 個 rejection rules、total ref review items 141、received response 0、accepted 0、audit events emitted 0、execution authorized=false owner 依 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與模板回覆 main/dev truth、deprecated drift、release tag、GitHub-only refsresponse 通過只更新 read-only classification / reconcile / readiness wording不代表 refs sync、delete、force push 或 primary approval
S4 migration execution 未開始 GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證rollback ADR 仍待 owner approval SHA/tag/workflow parity、rollback ADR owner approval 與 runtime gate

1. 已建立的主要 evidence

類型 檔案
AwoooP handoff docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md
Mirror-only 清單 docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md
Gitea/GitHub migration inventory docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md
Gitea server-side inventory runbook docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md
Gitea read-only inventory approval package docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md
Gitea read-only inventory approval JSON docs/security/gitea-readonly-inventory-approval.snapshot.json
Gitea 認證清冊匯出請求 docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md
Gitea 認證清冊匯出請求 JSON docs/security/gitea-authenticated-inventory-export-request.snapshot.json
Gitea 認證清冊匯入驗收契約 docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md
Gitea 認證清冊匯入驗收契約 JSON docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json
Gitea 清冊覆蓋 owner attestation docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md
Gitea 清冊覆蓋 owner attestation JSON docs/security/gitea-inventory-coverage-attestation.snapshot.json
Gitea owner attestation response 收件包 docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md
Gitea owner attestation response JSON docs/security/gitea-inventory-owner-attestation-response.snapshot.json
Gitea 管理匯出 redaction checklist docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md
Gitea org endpoint blocked evidence docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md
Source-control migration matrix docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md
Canonical repo 判定表 docs/security/SOURCE-CONTROL-CANONICAL-DECISION-TABLE.md
GitHub target 決策表 docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md
GitHub target 決策 JSON docs/security/github-target-decision.snapshot.json
GitHub target owner decision response 收件包 docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md
GitHub target owner decision response JSON docs/security/github-target-owner-decision-response.snapshot.json
GitHub target repo approval package docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md
GitHub target repo approval JSON docs/security/github-target-repo-approval-package.snapshot.json
Source Control approval board docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md
Source Control approval board JSON docs/security/source-control-approval-board.snapshot.json
Source Control draft reconcile plan docs/security/SOURCE-CONTROL-RECONCILE-PLAN.md
Source Control draft reconcile plan JSON docs/security/source-control-reconcile-plan.snapshot.json
Source Control branch/tag detail diff docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md
Source Control branch/tag detail diff JSON docs/security/source-control-ref-detail-diff.snapshot.json
Source Control ref truth classification docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md
Source Control ref truth classification JSON docs/security/source-control-ref-truth-classification.snapshot.json
Source Control ref truth owner response 收件包 docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md
Source Control ref truth owner response JSON docs/security/source-control-ref-truth-owner-response.snapshot.json
Source Control GitHub primary readiness gate docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md
Source Control GitHub primary readiness gate JSON docs/security/source-control-primary-readiness-gate.snapshot.json
Source Control GitHub primary rollback ADR docs/security/SOURCE-CONTROL-PRIMARY-ROLLBACK-ADR.md
Source Control GitHub primary rollback ADR JSON docs/security/source-control-primary-rollback-adr.snapshot.json
Source Control workflow / secret name inventory docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md
Source Control workflow / secret name inventory JSON docs/security/source-control-workflow-secret-name-inventory.snapshot.json
Source Control workflow / secret name local evidence docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-LOCAL-EVIDENCE.md
Source Control workflow / secret name local evidence JSON docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json
Source Control workflow / secret name local collector scripts/security/source-control-workflow-secret-name-local-inventory.py
Source Control workflow / secret name export request docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-EXPORT-REQUEST.md
Source Control workflow / secret name export request JSON docs/security/source-control-workflow-secret-name-export-request.snapshot.json
Source Control workflow / secret name owner response 收件包 docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md
Source Control workflow / secret name owner response JSON docs/security/source-control-workflow-secret-name-owner-response.snapshot.json
Source Control owner response validation rollup docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md
Source Control owner response validation rollup JSON docs/security/source-control-owner-response-validation-rollup.snapshot.json
Kali 112 integration status docs/security/KALI-INTEGRATION-STATUS.md
Kali 112 integration status JSON docs/security/kali-integration-status.snapshot.json
Security finding contract docs/security/SECURITY-FINDING-CONTRACT.md
Security finding sample JSON docs/security/security-finding-kali-sample.snapshot.json
Kali scan scope approval package docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md
Kali scan scope approval JSON docs/security/kali-scan-scope-approval.snapshot.json
Security approval queue docs/security/SECURITY-APPROVAL-QUEUE.md
Security approval queue JSON docs/security/security-approval-queue.snapshot.json
Security approval gate docs/security/SECURITY-APPROVAL-GATE.md
Security approval gate JSON docs/security/security-approval-gate.snapshot.json
Security approval decision record docs/security/SECURITY-APPROVAL-DECISION-RECORD.md
Security approval decision record JSON docs/security/security-approval-decision-record.snapshot.json
Security approval review packet docs/security/SECURITY-APPROVAL-REVIEW-PACKET.md
Security approval review packet JSON docs/security/security-approval-review-packet.snapshot.json
Security approval state transition docs/security/SECURITY-APPROVAL-STATE-TRANSITION.md
Security approval state transition JSON docs/security/security-approval-state-transition.snapshot.json
Security follow-up runtime gate preparation docs/security/SECURITY-FOLLOWUP-RUNTIME-GATE.md
Security follow-up runtime gate preparation JSON docs/security/security-followup-runtime-gate.snapshot.json
Security mirror readiness docs/security/SECURITY-MIRROR-READINESS.md
Security mirror readiness JSON docs/security/security-mirror-readiness.snapshot.json
Security mirror intake plan docs/security/SECURITY-MIRROR-INTAKE-PLAN.md
Security mirror intake plan JSON docs/security/security-mirror-intake-plan.snapshot.json
資安鏡像事件契約 docs/security/SECURITY-MIRROR-EVENT-CONTRACT.md
資安鏡像事件範例 JSON docs/security/security-mirror-event-sample.snapshot.json
資安鏡像路由矩陣 docs/security/SECURITY-MIRROR-ROUTE.md
資安鏡像路由矩陣 JSON docs/security/security-mirror-route.snapshot.json
資安鏡像驗收契約 docs/security/SECURITY-MIRROR-ACCEPTANCE.md
資安鏡像驗收契約 JSON docs/security/security-mirror-acceptance.snapshot.json
資安鏡像隔離契約 docs/security/SECURITY-MIRROR-QUARANTINE.md
資安鏡像隔離契約 JSON docs/security/security-mirror-quarantine.snapshot.json
資安鏡像 dry-run 報告契約 docs/security/SECURITY-MIRROR-DRY-RUN.md
資安鏡像 dry-run 報告契約 JSON docs/security/security-mirror-dry-run.snapshot.json
資安鏡像狀態彙整契約 docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
資安鏡像狀態彙整契約 JSON docs/security/security-mirror-status-rollup.snapshot.json
低摩擦 rollout policy docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md
低摩擦 rollout policy JSON docs/security/security-rollout-policy.snapshot.json
Security Supply Chain contract manifest docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md
Security Supply Chain contract manifest JSON docs/security/security-supply-chain-contract-manifest.snapshot.json

2. 現在不能做的事

  1. 不建立或刪除 GitHub / Gitea repo。
  2. 不修改 repo visibility。
  3. 不同步 refs、branch、tag。
  4. 不切 GitHub primary。
  5. 不把 Codex patch runner、Kali scan 或 deploy 接進 AwoooP runtime。
  6. 不保存 secret / token value。

2.1 初期不要過度收緊

  1. Read-only inventory、文件化、risk label、mirror evidence 可持續推進。
  2. 初期不把 LOW / MEDIUM observation 變成阻擋條件。
  3. 初期不要求所有 repo 一次完成最高等級 controls。
  4. 只針對不可逆或高風險動作設 approval gate。
  5. 每階段完成後再逐步收斂,避免讓產品、架構與部署流程突然變複雜。

3. 下一階段建議

  1. 先依 S4.9 GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md 收到並驗收 S4.7 GITEA-INVENTORY-COVERAGE-ATTESTATION.md 的 owner responseS4.8 已把這件事接到既有 approval queue / gate / review packet / follow-up runtime gate。之後再依 S4.5 GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md 取得 Gitea 認證清冊;收到 payload 後依 S4.6 GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md 驗收 / 拒收 / 隔離。目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list不保存 token value。
  2. 依 S4.10 GITHUB-TARGET-OWNER-DECISION-RESPONSE.md request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 與 SOURCE-CONTROL-APPROVAL-BOARD.md 對 7 個 approval_required=true 的 GitHub target 做 owner / visibility / canonical response目前 response 0 筆、accepted 0 筆,通過後也只更新 read-only decision table / approval package / readiness gate不代表 repo creation、visibility change、refs sync 或 primary approval。
  3. 依 S4.11 SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.mdawoooiclawbot-v5wooo-aiops 做單 repo / 單 ref owner response 驗收audit event templates 目前 0 emittedredaction examples 只示範安全 metadata shapecollection checks 只維持 request / received / accepted 分離preflight 只分類可審、補證、隔離、拒收或等待response 通過也只更新 read-only classification / reconcile / readiness wording仍不得 push/delete refs 或 force push。
  4. 依 S4.12 SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 與 SOURCE-CONTROL-WORKFLOW-SECRET-NAME-EXPORT-REQUEST.md 對 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 做 owner response 驗收request packet 只顯示要回覆欄位與拒收 payloadtemplate status ledger 只顯示 waitingaudit event templates 只定義 0 emitted 的脫敏 metadataredaction examples 只示範安全 metadata shapecollection checks 只維持 request / received / accepted 分離preflight 只分類可審、補證、隔離或拒收,不代表已送出、已收到、已接受或 production ingestionresponse 通過也只更新 read-only inventory / export request / readiness wording仍不得收 secret value、改 workflow 或啟用 runner。
  5. 依 S4.13 SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md 集中檢查 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templatesrollup / routing / sections / transition rules / checklist / outcome lanes / audit templates 通過也只更新 read-only wording不代表 approval、production ingestion 或 execution authorization。
  6. ewoooc / momo-pro-system 完成 server-side canonical 判定。
  7. KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 /execute
  8. AwoooP 主線先讀 security_mirror_readiness_v1security_mirror_intake_plan_v1security_mirror_event_v1security_mirror_route_v1security_mirror_acceptance_v1security_mirror_quarantine_v1security_mirror_dry_run_v1security_mirror_status_rollup_v1、S4.13 source_control_owner_response_validation_rollup_v1security_approval_gate_v1security_approval_decision_record_v1security_approval_review_packet_v1security_approval_state_transition_v1security_followup_runtime_gate_v1source_control_primary_readiness_gate_v1source_control_primary_rollback_adr_v1source_control_workflow_secret_name_inventory_v1,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 S4.13 需顯示四包 owner response validation rollup、missing lanes、collection order、next collection candidate、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templatesGitea inventory 需同時顯示 S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / 收件包GitHub target 決策需同時顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 owner decision response templatesrefs truth 需同時顯示 S4.11 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 templatesworkflow / secret inventory 需同時顯示 S4.3 redacted export request、S4.12 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 5 個 owner response templatesprimary readiness 需同時顯示 S4.4 rollback ADR 草案。
  9. AwoooP 主線消費 security_rollout_policy_v1 時,只做 read-only policy不做 runtime blocking。
  10. AwoooP 主線再讀 security_approval_queue_v1security_approval_gate_v1security_approval_decision_record_v1security_approval_review_packet_v1security_approval_state_transition_v1security_followup_runtime_gate_v1source_control_primary_readiness_gate_v1source_control_primary_rollback_adr_v1source_control_workflow_secret_name_inventory_v1security_supply_chain_contract_manifest_v1,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、S4.9 owner response request packet、S4.9 owner response template status ledger、S4.9 owner response audit event templates、S4.9 owner response redaction examples、S4.9 owner response display sections、S4.9 owner response collection checks、S4.9 owner response templates、S4.10 GitHub target owner response request packet、S4.10 GitHub target owner response template status ledger、S4.10 GitHub target owner response audit event templates、S4.10 GitHub target owner response redaction examples、S4.10 GitHub target owner response collection checks、S4.10 GitHub target owner response intake preflight checks、S4.10 GitHub target owner response templates、S4.11 refs truth owner response request packet、S4.11 refs truth owner response template status ledger、S4.11 refs truth owner response audit event templates、S4.11 refs truth owner response redaction examples、S4.11 refs truth owner response collection checks、S4.11 refs truth owner response intake preflight checks、S4.11 refs truth owner response templates、S4.12 workflow / secret 名稱 owner response request packet、S4.12 workflow / secret 名稱 owner response template status ledger、S4.12 workflow / secret 名稱 owner response audit event templates、S4.12 workflow / secret 名稱 owner response redaction examples、S4.12 workflow / secret 名稱 owner response collection checks、S4.12 workflow / secret 名稱 owner response intake preflight checks、S4.12 workflow / secret 名稱 owner response templates、S4.13 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason不新增 execution router。