38 KiB
資安供應鏈整體進度
| 項目 | 內容 |
|---|---|
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
0. 本階段完成後整體進度
0.1 2026-05-17 整體進度估算
| 進度面向 | 估算 | 判讀 |
|---|---|---|
| 整體資安網 | 58% | 框架與只讀治理已成形,仍等待 owner response、redacted payload、runtime gate 與 GitHub primary readiness |
| 框架 / 治理 / 文件 / schema / read-only evidence | 80-85% | 35 個主要 contract 中 32 ready、2 partial、1 contract-only、0 blocked |
| 真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing | 35-40% | owner response 仍 0、active runtime gate 仍 0、payload ingestion=false、github_primary_ready_count=0 |
這個進度估算用於雙 Session 同步與階段判讀,不是 approval、runtime execution、GitHub primary cutover 或 Kali scan authorization。現階段仍維持統帥要求的低摩擦策略:先建完整框架與 evidence,之後再分階段收斂。
本估算可用以下只讀 guard 驗證:
python3 scripts/security/security-mirror-progress-guard.py
0.2 Headline 58% 不代表停滯
近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks,以及 S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
| 最近完成 | 目前狀態 | headline delta |
|---|---|---|
| S4.10 request packet | 已完成草案,只顯示 owner 要回覆什麼 | 0 |
| S4.10 template status ledger | 已完成草案,7 個 targets 仍 waiting owner response | 0 |
| S4.10 audit event templates | 已完成草案,emitted_event_count=0 |
0 |
| S4.10 redaction examples | 已完成草案,只示範脫敏 metadata shape | 0 |
| S4.10 collection checks | 已完成草案,只維持 request / received / accepted 狀態分離 | 0 |
| S4.10 intake preflight checks | 已完成草案,只分類可收、補證、隔離或拒收 | 0 |
| S4.11 request packet | 已完成草案,只顯示 owner 要回覆哪 5 類 refs truth 問題 | 0 |
| S4.11 template status ledger | 已完成草案,5 類 refs truth responses 仍 waiting owner response | 0 |
| S4.11 audit event templates | 已完成草案,emitted_event_count=0 |
0 |
| S4.11 redaction examples | 已完成草案,只示範脫敏 metadata shape | 0 |
| S4.11 collection checks | 已完成草案,只維持 request / received / accepted 狀態分離 | 0 |
| S4.11 intake preflight checks | 已完成草案,只分類可審、補證、隔離、拒收或等待 | 0 |
| S4.12 request packet | 已完成草案,只顯示 owner 要回覆哪 5 類 workflow / secret 名稱問題 | 0 |
| S4.12 template status ledger | 已完成草案,5 類 workflow / secret 名稱 responses 仍 waiting owner response | 0 |
| S4.12 audit event templates | 已完成草案,emitted_event_count=0,只定義脫敏 metadata |
0 |
| S4.12 redaction examples | 已完成草案,只示範安全 metadata shape | 0 |
| S4.12 collection checks | 已完成草案,只維持 request / received / accepted 狀態分離 | 0 |
| S4.12 intake preflight checks | 已完成草案,只分類可審、補證、隔離或拒收 | 0 |
| S4.13 evidence routing rules | 已完成草案,只路由 owner evidence pointer 到補證、隔離、拒收、跨包 review 或只讀更新 | 0 |
| S4.13 display sections | 已完成草案,只固定 AwoooP Operator Console 的 read-only 呈現順序 | 0 |
| S4.13 state transition rules | 已完成草案,只固定 owner response validation 的 read-only 狀態語義 | 0 |
| S4.13 reviewer checklist | 已完成草案,只提供人工審查順序與只讀檢查提示 | 0 |
| S4.13 reviewer outcome lanes | 已完成草案,只分類等待、補證、隔離、拒收、跨包 review、只讀候選或等待 runtime gate | 0 |
| S4.13 reviewer audit event templates | 已完成草案,只定義未來可留痕的脫敏 metadata,emitted 仍為 0 | 0 |
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
| 階段 | 狀態 | 目前結果 | 下一個 gate |
|---|---|---|---|
| S0 文件與契約同步 | 完成 | Kali / Codex / GitHub / Gitea / AwoooP 邊界已文件化,核心 schema 草案已建立 | AwoooP 只讀 mirror 消費 |
| S1 source-control read-only inventory | 進行中 | 已有 Gitea/GitHub refs、Gitea public-only user repo list、本機 remote、GitHub target probe、canonical lineage、110 refs evidence | Gitea private/internal 全量 repo list |
| S1.0 Gitea 全量 inventory approval | 完成草案 | 已建立 read-only token / admin export approval package | 統帥或 repo owner 批准 |
| S1.1 GitHub target 決策 | 完成草案 | 8 個 target 候選,7 個需人工批准;3 個 not_found_or_private 不得自動建立;S4.10 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包 |
owner / visibility / canonical response |
| S1.2 GitHub target 逐 repo approval | 完成草案 | 7 個 approval-required targets 已拆成逐 repo pending package,並彙整成 8-item approval board;S4.10 目前 response 0 筆 | 低摩擦逐項批准 |
| S1.2a refs reconcile plan | 完成草案 | awoooi、clawbot-v5、wooo-aiops 已產生 draft plan;狀態仍為 draft_blocked |
authenticated inventory + branch/tag diff + single-repo approval |
| S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff;已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs |
| S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類:4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs;S4.11 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包 | repo owner 單 ref / 單 repo 判定 |
| S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立 | AwoooP read-only policy 消費 |
| S1.4 契約索引 | 完成草案 | 35 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
| S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + /execute high-risk gate |
| S1.6 Kali finding / scan scope approval | 完成草案 | security_finding_v1 sample snapshot 與 kali_scan_scope_approval_v1 approval package 已建立;111/168 已納入 observe-only scope |
人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate |
| S1.7 Security approval queue | 完成草案 | 8 個 approval queue items 已集中:7 pending approval、1 block candidate;AwoooP 可 mirror 但不得執行 | 先 review redacted finding ingestion,再 review safe crawl / Gitea inventory |
| S2 AwoooP mirror-only readiness | 完成草案 | security_mirror_readiness_v1 已整理 35 個 contracts:32 ready、2 partial、1 contract-only、0 blocked |
AwoooP 主線建立只讀入口 |
| S2.1 AwoooP mirror-only intake plan | 完成草案 | security_mirror_intake_plan_v1 已建立 5 個 intake waves 與 4 個 acceptance gates |
AwoooP 主線照 wave mirror,不新增 execution router |
| S2.2 AwoooP 鏡像事件信封 | 完成草案 | security_mirror_event_v1 已建立,要求每筆鏡像 payload 標示 execution_authorized=false 與 action_buttons_allowed=false |
AwoooP 鏡像 payload 統一信封 |
| S2.3 AwoooP 鏡像路由矩陣 | 完成草案 | security_mirror_route_v1 已建立 5 個 route groups,定義目的地、channel policy 與 review lane |
AwoooP 消費時不猜路由、不新增執行入口 |
| S2.4 AwoooP 鏡像驗收契約 | 完成草案 | security_mirror_acceptance_v1 已建立 8 個 acceptance checks;blocking 只針對鏡像資料不完整、未脫敏或進度估算被誤當授權 |
AwoooP 接入時可驗收,不升級成 runtime enforcement |
| S2.5 AwoooP 鏡像隔離契約 | 完成草案 | security_mirror_quarantine_v1 已建立 5 個 quarantine lanes;失敗 payload 必須等新 snapshot commit 後才能 retry |
AwoooP 可隔離壞資料,不阻擋 runtime |
| S2.6 AwoooP 鏡像 dry-run 報告契約 | 完成草案 | security_mirror_dry_run_v1 已建立 8 個 dry-run steps,已納入 CHECK_PROGRESS_GUARD 與 CHECK_OWNER_RESPONSE_GUARD;latest local validation 為 repo_snapshot_guard_pass;目前狀態仍為 contract defined not executed |
AwoooP 未來可回報演練結果,但不啟動 production ingestion |
| S2.7 AwoooP 鏡像狀態彙整契約 | 完成草案 | security_mirror_status_rollup_v1 已建立,彙整 S0-S4、approval queue summary 與下一個安全 gate;S4.13 已補 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates |
兩個 Session 用同一份 rollup 同步,不誤啟執行面 |
| S3 approval gate | 進行中 | security_approval_gate_v1 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved |
不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | security_approval_decision_record_v1 已建立;目前 0 筆 decision records、0 個 runtime action 授權 |
AwoooP 可稽核決策,不可把決策當執行 |
| S3.2 人工審查封包契約 | 完成草案 | security_approval_review_packet_v1 已建立;8 個 review packets、7 ready for human review、1 block candidate、0 個 runtime action 授權 |
AwoooP 可顯示 review lane,不可把 packet 當批准或執行 |
| S3.3 人工決策狀態轉移契約 | 完成草案 | security_approval_state_transition_v1 已建立;5 個 decision options 都有 next state、0 個 runtime action 授權 |
AwoooP 可顯示決策後狀態,不可把 transition 當執行 |
| S3.4 後續 runtime gate 準備契約 | 完成草案 | security_followup_runtime_gate_v1 已建立;8 個 gate templates、0 個 active runtime gates、0 個 approved scope |
AwoooP 可顯示前置 evidence、preflight checks 與 rollback / disable requirement,不可啟用 runtime gate |
| S4.0 GitHub primary readiness gate | 完成草案 | source_control_primary_readiness_gate_v1 已建立;8 個 candidate repos、7 個 in-scope blocked、0 個 primary ready;S4.10 已補 target owner response gate;S4.11 已補 refs truth owner response gate;S4.12 已補 workflow / secret 名稱 owner response gate |
AwoooP 可顯示 parity、owner、rollback ADR 缺口,不可切 primary |
| S4.1 Workflow / Secret 名稱 inventory 契約 | 完成草案 | source_control_workflow_secret_name_inventory_v1 已建立;8 個 candidate repos、7 個 in-scope repos 尚缺實際 inventory、0 個 complete、禁止收集 secret value |
AwoooP 可顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱缺口,不可修改 workflow 或 secret |
| S4.2 Workflow / Secret 名稱 local evidence | 完成草案 | 已建立 local read-only collector 與 snapshot;7 個 local repos visible、4 個 local evidence repos、31 個 workflow files、43 個 referenced secret names、secret value detected=false | 補 webhook / deploy key / branch protection / repository secret parity 的 redacted evidence;仍不可切 primary |
| S4.3 Workflow / Secret 名稱 redacted export request | 完成草案 | 已建立 export request schema / snapshot / 人讀版;7 個 in-scope repos、5 類 export lanes:webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity;write token allowed=false | repo owner 或未來只讀 API 依 request 補 redacted export;仍不可收 secret value、不可修改 GitHub/Gitea |
| S4.12 Workflow / Secret Name Owner Response 收件包 | 完成草案 | 已建立 owner response schema / snapshot / 人讀版;1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 response templates、8 個 acceptance checks、10 個 rejection rules、candidate repos 8、in-scope repos 7、received response 0、accepted 0、audit events emitted 0、execution authorized=false | owner 依 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與模板回覆 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity;response 通過只更新 read-only inventory / export request / readiness wording,不代表收 secret value、改 workflow、啟用 runner 或 primary approval |
| S4.13 Source Control Owner Response Validation Rollup | 完成草案 | 已建立 validation rollup schema / snapshot / 人讀版;彙整 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets、4 條 missing response lanes、4 步 owner response collection order、next collection candidate、22 個 response templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、40 個 rejection rules、received / accepted / rejected response 皆為 0、reviewer audit emitted 仍為 0、execution authorized=false;latest local validation 為 SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK |
AwoooP 可顯示四包 owner response 驗收總覽、缺口摘要、建議收件順序、下一個建議收件項目、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates 與 quarantine rules;rollup 不代表 approval、runtime gate、production ingestion、repo / refs / workflow / secret / runner 執行授權或 primary approval |
| S4.4 GitHub Primary rollback ADR | 完成草案 | 已建立 rollback ADR schema / snapshot / 人讀版;7 個 in-scope rollback drafts、0 owner approved、0 dry-run completed、0 active cutover | repo owner 審查 rollback owner、validation window 與 triggers;仍不可切 primary 或執行 rollback |
| S4.5 Gitea 認證清冊匯出請求 | 完成草案 | 已建立匯出請求 schema / snapshot / 人讀版;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;允許收集 token value=false | repo owner 依只讀 token API 或已脫敏管理匯出補私有 / 內部全量 repo list;仍不可保存 token、不可 write Gitea、不可 refs sync |
| S4.6 Gitea 認證清冊匯入驗收契約 | 完成草案 | 已建立匯入驗收 schema / snapshot / 人讀版;目前 received payload 0、accepted 0、rejected 0;定義 10 個驗收檢查、10 個拒收規則與 4 個 quarantine lanes | owner 提供脫敏 payload 後先驗收 / 拒收 / 隔離;仍不可把驗收當 primary approval |
| S4.7 Gitea 清冊覆蓋 Owner Attestation | 完成草案 | 已建立 coverage attestation schema / snapshot / 人讀版;5 個 owner decision items、received attestation 0、accepted 0、execution authorized=false | owner 判定 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition;仍不可把 attestation 當 migration approval |
| S4.8 Gitea Owner Attestation Approval Lane 對齊 | 完成草案 | 已將既有 Gitea approval queue / gate / review packet / follow-up runtime gate 對齊 S4.7 先行條件;queue items 維持 8、review packets 維持 8、active runtime gates 維持 0 | AwoooP 先顯示 5 個 attestation items,owner decision 接受前不得執行 read-only inventory 或標記 complete |
| S4.9 Gitea Owner Attestation Response 收件包 | 完成草案 | 已建立 owner response schema / snapshot / 人讀版;1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false | owner 依 request packet 與模板回覆 S4.7 五個 items;AwoooP 先用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,再用 preflight / outcome lanes 判斷可審、補證、隔離、拒收或等待;response 通過只更新 read-only matrix / decision table / readiness gate,不代表 inventory 執行、audit production ingestion 或 primary approval |
| S4.10 GitHub Target Owner Decision Response 收件包 | 完成草案 | 已建立 owner decision response schema / snapshot / 人讀版;1 個 owner response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、7 個 response templates、8 個 acceptance checks、10 個 rejection rules、received response 0、accepted 0、execution authorized=false | owner 依 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與模板回覆 7 個 GitHub target 的 owner / visibility / canonical;response 通過只更新 read-only decision table / approval package / approval board / readiness gate,不代表 repo creation、visibility change、refs sync 或 primary approval |
| S4.11 Source Control Ref Truth Owner Response 收件包 | 完成草案 | 已建立 owner response schema / snapshot / 人讀版;1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 response templates、8 個 acceptance checks、10 個 rejection rules、total ref review items 141、received response 0、accepted 0、audit events emitted 0、execution authorized=false | owner 依 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與模板回覆 main/dev truth、deprecated drift、release tag、GitHub-only refs;response 通過只更新 read-only classification / reconcile / readiness wording,不代表 refs sync、delete、force push 或 primary approval |
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證,rollback ADR 仍待 owner approval | SHA/tag/workflow parity、rollback ADR owner approval 與 runtime gate |
1. 已建立的主要 evidence
| 類型 | 檔案 |
|---|---|
| AwoooP handoff | docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md |
| Mirror-only 清單 | docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md |
| Gitea/GitHub migration inventory | docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md |
| Gitea server-side inventory runbook | docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md |
| Gitea read-only inventory approval package | docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md |
| Gitea read-only inventory approval JSON | docs/security/gitea-readonly-inventory-approval.snapshot.json |
| Gitea 認證清冊匯出請求 | docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md |
| Gitea 認證清冊匯出請求 JSON | docs/security/gitea-authenticated-inventory-export-request.snapshot.json |
| Gitea 認證清冊匯入驗收契約 | docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md |
| Gitea 認證清冊匯入驗收契約 JSON | docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json |
| Gitea 清冊覆蓋 owner attestation | docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md |
| Gitea 清冊覆蓋 owner attestation JSON | docs/security/gitea-inventory-coverage-attestation.snapshot.json |
| Gitea owner attestation response 收件包 | docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md |
| Gitea owner attestation response JSON | docs/security/gitea-inventory-owner-attestation-response.snapshot.json |
| Gitea 管理匯出 redaction checklist | docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md |
| Gitea org endpoint blocked evidence | docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md |
| Source-control migration matrix | docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md |
| Canonical repo 判定表 | docs/security/SOURCE-CONTROL-CANONICAL-DECISION-TABLE.md |
| GitHub target 決策表 | docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md |
| GitHub target 決策 JSON | docs/security/github-target-decision.snapshot.json |
| GitHub target owner decision response 收件包 | docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md |
| GitHub target owner decision response JSON | docs/security/github-target-owner-decision-response.snapshot.json |
| GitHub target repo approval package | docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md |
| GitHub target repo approval JSON | docs/security/github-target-repo-approval-package.snapshot.json |
| Source Control approval board | docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md |
| Source Control approval board JSON | docs/security/source-control-approval-board.snapshot.json |
| Source Control draft reconcile plan | docs/security/SOURCE-CONTROL-RECONCILE-PLAN.md |
| Source Control draft reconcile plan JSON | docs/security/source-control-reconcile-plan.snapshot.json |
| Source Control branch/tag detail diff | docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md |
| Source Control branch/tag detail diff JSON | docs/security/source-control-ref-detail-diff.snapshot.json |
| Source Control ref truth classification | docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md |
| Source Control ref truth classification JSON | docs/security/source-control-ref-truth-classification.snapshot.json |
| Source Control ref truth owner response 收件包 | docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md |
| Source Control ref truth owner response JSON | docs/security/source-control-ref-truth-owner-response.snapshot.json |
| Source Control GitHub primary readiness gate | docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md |
| Source Control GitHub primary readiness gate JSON | docs/security/source-control-primary-readiness-gate.snapshot.json |
| Source Control GitHub primary rollback ADR | docs/security/SOURCE-CONTROL-PRIMARY-ROLLBACK-ADR.md |
| Source Control GitHub primary rollback ADR JSON | docs/security/source-control-primary-rollback-adr.snapshot.json |
| Source Control workflow / secret name inventory | docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md |
| Source Control workflow / secret name inventory JSON | docs/security/source-control-workflow-secret-name-inventory.snapshot.json |
| Source Control workflow / secret name local evidence | docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-LOCAL-EVIDENCE.md |
| Source Control workflow / secret name local evidence JSON | docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json |
| Source Control workflow / secret name local collector | scripts/security/source-control-workflow-secret-name-local-inventory.py |
| Source Control workflow / secret name export request | docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-EXPORT-REQUEST.md |
| Source Control workflow / secret name export request JSON | docs/security/source-control-workflow-secret-name-export-request.snapshot.json |
| Source Control workflow / secret name owner response 收件包 | docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md |
| Source Control workflow / secret name owner response JSON | docs/security/source-control-workflow-secret-name-owner-response.snapshot.json |
| Source Control owner response validation rollup | docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md |
| Source Control owner response validation rollup JSON | docs/security/source-control-owner-response-validation-rollup.snapshot.json |
| Kali 112 integration status | docs/security/KALI-INTEGRATION-STATUS.md |
| Kali 112 integration status JSON | docs/security/kali-integration-status.snapshot.json |
| Security finding contract | docs/security/SECURITY-FINDING-CONTRACT.md |
| Security finding sample JSON | docs/security/security-finding-kali-sample.snapshot.json |
| Kali scan scope approval package | docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md |
| Kali scan scope approval JSON | docs/security/kali-scan-scope-approval.snapshot.json |
| Security approval queue | docs/security/SECURITY-APPROVAL-QUEUE.md |
| Security approval queue JSON | docs/security/security-approval-queue.snapshot.json |
| Security approval gate | docs/security/SECURITY-APPROVAL-GATE.md |
| Security approval gate JSON | docs/security/security-approval-gate.snapshot.json |
| Security approval decision record | docs/security/SECURITY-APPROVAL-DECISION-RECORD.md |
| Security approval decision record JSON | docs/security/security-approval-decision-record.snapshot.json |
| Security approval review packet | docs/security/SECURITY-APPROVAL-REVIEW-PACKET.md |
| Security approval review packet JSON | docs/security/security-approval-review-packet.snapshot.json |
| Security approval state transition | docs/security/SECURITY-APPROVAL-STATE-TRANSITION.md |
| Security approval state transition JSON | docs/security/security-approval-state-transition.snapshot.json |
| Security follow-up runtime gate preparation | docs/security/SECURITY-FOLLOWUP-RUNTIME-GATE.md |
| Security follow-up runtime gate preparation JSON | docs/security/security-followup-runtime-gate.snapshot.json |
| Security mirror readiness | docs/security/SECURITY-MIRROR-READINESS.md |
| Security mirror readiness JSON | docs/security/security-mirror-readiness.snapshot.json |
| Security mirror intake plan | docs/security/SECURITY-MIRROR-INTAKE-PLAN.md |
| Security mirror intake plan JSON | docs/security/security-mirror-intake-plan.snapshot.json |
| 資安鏡像事件契約 | docs/security/SECURITY-MIRROR-EVENT-CONTRACT.md |
| 資安鏡像事件範例 JSON | docs/security/security-mirror-event-sample.snapshot.json |
| 資安鏡像路由矩陣 | docs/security/SECURITY-MIRROR-ROUTE.md |
| 資安鏡像路由矩陣 JSON | docs/security/security-mirror-route.snapshot.json |
| 資安鏡像驗收契約 | docs/security/SECURITY-MIRROR-ACCEPTANCE.md |
| 資安鏡像驗收契約 JSON | docs/security/security-mirror-acceptance.snapshot.json |
| 資安鏡像隔離契約 | docs/security/SECURITY-MIRROR-QUARANTINE.md |
| 資安鏡像隔離契約 JSON | docs/security/security-mirror-quarantine.snapshot.json |
| 資安鏡像 dry-run 報告契約 | docs/security/SECURITY-MIRROR-DRY-RUN.md |
| 資安鏡像 dry-run 報告契約 JSON | docs/security/security-mirror-dry-run.snapshot.json |
| 資安鏡像狀態彙整契約 | docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md |
| 資安鏡像狀態彙整契約 JSON | docs/security/security-mirror-status-rollup.snapshot.json |
| 低摩擦 rollout policy | docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md |
| 低摩擦 rollout policy JSON | docs/security/security-rollout-policy.snapshot.json |
| Security Supply Chain contract manifest | docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md |
| Security Supply Chain contract manifest JSON | docs/security/security-supply-chain-contract-manifest.snapshot.json |
2. 現在不能做的事
- 不建立或刪除 GitHub / Gitea repo。
- 不修改 repo visibility。
- 不同步 refs、branch、tag。
- 不切 GitHub primary。
- 不把 Codex patch runner、Kali scan 或 deploy 接進 AwoooP runtime。
- 不保存 secret / token value。
2.1 初期不要過度收緊
- Read-only inventory、文件化、risk label、mirror evidence 可持續推進。
- 初期不把 LOW / MEDIUM observation 變成阻擋條件。
- 初期不要求所有 repo 一次完成最高等級 controls。
- 只針對不可逆或高風險動作設 approval gate。
- 每階段完成後再逐步收斂,避免讓產品、架構與部署流程突然變複雜。
3. 下一階段建議
- 先依 S4.9
GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md收到並驗收 S4.7GITEA-INVENTORY-COVERAGE-ATTESTATION.md的 owner response;S4.8 已把這件事接到既有 approval queue / gate / review packet / follow-up runtime gate。之後再依 S4.5GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md取得 Gitea 認證清冊;收到 payload 後依 S4.6GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md驗收 / 拒收 / 隔離。目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list,不保存 token value。 - 依 S4.10
GITHUB-TARGET-OWNER-DECISION-RESPONSE.mdrequest packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 與SOURCE-CONTROL-APPROVAL-BOARD.md對 7 個approval_required=true的 GitHub target 做 owner / visibility / canonical response;目前 response 0 筆、accepted 0 筆,通過後也只更新 read-only decision table / approval package / readiness gate,不代表 repo creation、visibility change、refs sync 或 primary approval。 - 依 S4.11
SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.mdrequest packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md對awoooi、clawbot-v5、wooo-aiops做單 repo / 單 ref owner response 驗收;audit event templates 目前 0 emitted,redaction examples 只示範安全 metadata shape,collection checks 只維持 request / received / accepted 分離,preflight 只分類可審、補證、隔離、拒收或等待,response 通過也只更新 read-only classification / reconcile / readiness wording,仍不得 push/delete refs 或 force push。 - 依 S4.12
SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.mdrequest packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 與SOURCE-CONTROL-WORKFLOW-SECRET-NAME-EXPORT-REQUEST.md對 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 做 owner response 驗收;request packet 只顯示要回覆欄位與拒收 payload,template status ledger 只顯示 waiting,audit event templates 只定義 0 emitted 的脫敏 metadata,redaction examples 只示範安全 metadata shape,collection checks 只維持 request / received / accepted 分離,preflight 只分類可審、補證、隔離或拒收,不代表已送出、已收到、已接受或 production ingestion,response 通過也只更新 read-only inventory / export request / readiness wording,仍不得收 secret value、改 workflow 或啟用 runner。 - 依 S4.13
SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md集中檢查 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates;rollup / routing / sections / transition rules / checklist / outcome lanes / audit templates 通過也只更新 read-only wording,不代表 approval、production ingestion 或 execution authorization。 - 對
ewoooc/momo-pro-system完成 server-side canonical 判定。 - 依
KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接/execute。 - AwoooP 主線先讀
security_mirror_readiness_v1、security_mirror_intake_plan_v1、security_mirror_event_v1、security_mirror_route_v1、security_mirror_acceptance_v1、security_mirror_quarantine_v1、security_mirror_dry_run_v1、security_mirror_status_rollup_v1、S4.13source_control_owner_response_validation_rollup_v1、security_approval_gate_v1、security_approval_decision_record_v1、security_approval_review_packet_v1、security_approval_state_transition_v1、security_followup_runtime_gate_v1、source_control_primary_readiness_gate_v1、source_control_primary_rollback_adr_v1與source_control_workflow_secret_name_inventory_v1,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 S4.13 需顯示四包 owner response validation rollup、missing lanes、collection order、next collection candidate、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates,Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation 與 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / 收件包,GitHub target 決策需同時顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 owner decision response templates,refs truth 需同時顯示 S4.11 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 templates,workflow / secret inventory 需同時顯示 S4.3 redacted export request、S4.12 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 5 個 owner response templates,primary readiness 需同時顯示 S4.4 rollback ADR 草案。 - AwoooP 主線消費
security_rollout_policy_v1時,只做 read-only policy,不做 runtime blocking。 - AwoooP 主線再讀
security_approval_queue_v1、security_approval_gate_v1、security_approval_decision_record_v1、security_approval_review_packet_v1、security_approval_state_transition_v1、security_followup_runtime_gate_v1、source_control_primary_readiness_gate_v1、source_control_primary_rollback_adr_v1、source_control_workflow_secret_name_inventory_v1與security_supply_chain_contract_manifest_v1,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、S4.9 owner response request packet、S4.9 owner response template status ledger、S4.9 owner response audit event templates、S4.9 owner response redaction examples、S4.9 owner response display sections、S4.9 owner response collection checks、S4.9 owner response templates、S4.10 GitHub target owner response request packet、S4.10 GitHub target owner response template status ledger、S4.10 GitHub target owner response audit event templates、S4.10 GitHub target owner response redaction examples、S4.10 GitHub target owner response collection checks、S4.10 GitHub target owner response intake preflight checks、S4.10 GitHub target owner response templates、S4.11 refs truth owner response request packet、S4.11 refs truth owner response template status ledger、S4.11 refs truth owner response audit event templates、S4.11 refs truth owner response redaction examples、S4.11 refs truth owner response collection checks、S4.11 refs truth owner response intake preflight checks、S4.11 refs truth owner response templates、S4.12 workflow / secret 名稱 owner response request packet、S4.12 workflow / secret 名稱 owner response template status ledger、S4.12 workflow / secret 名稱 owner response audit event templates、S4.12 workflow / secret 名稱 owner response redaction examples、S4.12 workflow / secret 名稱 owner response collection checks、S4.12 workflow / secret 名稱 owner response intake preflight checks、S4.12 workflow / secret 名稱 owner response templates、S4.13 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。