feat(governance): 新增全產品 Code Review 防木馬 Gate
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m49s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m49s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
This commit is contained in:
370
docs/evaluations/product_code_review_gate_2026-06-19.json
Normal file
370
docs/evaluations/product_code_review_gate_2026-06-19.json
Normal file
@@ -0,0 +1,370 @@
|
||||
{
|
||||
"schema_version": "product_code_review_gate_v1",
|
||||
"generated_at": "2026-06-19T00:42:00+08:00",
|
||||
"program_status": {
|
||||
"overall_completion_percent": 100,
|
||||
"current_priority": "P2",
|
||||
"current_task_id": "P2-111",
|
||||
"next_task_id": "P2-112",
|
||||
"read_only_mode": true,
|
||||
"runtime_authority": "repo_only_product_code_review_gate_no_external_scanner_or_write",
|
||||
"status_note": "P2-111 將全產品資產台帳、Gitea code-review、供應鏈漂移、Aider 事件與 AI reviewer 分工收斂成推版前後防木馬 Gate 讀回;本輪不啟用外部掃描、不改 workflow、不 auto-merge、不部署、不讀 secret。"
|
||||
},
|
||||
"source_refs": [
|
||||
"apps/api/src/services/platform_operator_service.py",
|
||||
".gitea/workflows/code-review.yaml",
|
||||
"scripts/ci_code_review.py",
|
||||
"apps/api/src/services/local_code_review_service.py",
|
||||
"apps/api/src/services/aider_event_service.py",
|
||||
"docs/evaluations/package_supply_chain_inventory_2026-06-04.json",
|
||||
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"
|
||||
],
|
||||
"rollups": {
|
||||
"product_scope_count": 16,
|
||||
"public_route_count_minimum": 31,
|
||||
"source_candidate_repo_count": 10,
|
||||
"pre_deploy_gate_count": 8,
|
||||
"post_deploy_gate_count": 6,
|
||||
"ai_reviewer_count": 5,
|
||||
"mainstream_tool_count": 9,
|
||||
"owner_review_required_count": 9,
|
||||
"critical_gap_count": 6,
|
||||
"blocked_operation_count": 17,
|
||||
"active_write_gate_count": 0,
|
||||
"action_button_count": 0
|
||||
},
|
||||
"pre_deploy_gates": [
|
||||
{
|
||||
"gate_id": "gitea_deterministic_diff_review",
|
||||
"label": "Gitea deterministic diff review",
|
||||
"coverage": "active_current_repo",
|
||||
"status": "wired",
|
||||
"owner_agent": "hermes",
|
||||
"evidence_refs": [".gitea/workflows/code-review.yaml", "scripts/ci_code_review.py"],
|
||||
"current_gap": "目前主要覆蓋 AWOOOI main push,尚未擴成所有產品的必經 pre-deploy Gate。",
|
||||
"next_action": "將所有產品來源範圍映射到同一份 gate packet,阻擋未審查 deploy。"
|
||||
},
|
||||
{
|
||||
"gate_id": "secret_pattern_guard",
|
||||
"label": "Secret / token diff guard",
|
||||
"coverage": "active_current_repo",
|
||||
"status": "wired",
|
||||
"owner_agent": "openclaw",
|
||||
"evidence_refs": ["scripts/ci_code_review.py", "scripts/ci/check-gitea-step-env-secrets.js"],
|
||||
"current_gap": "已做 diff pattern 與 workflow secret surface guard,缺 full-history gitleaks lane。",
|
||||
"next_action": "新增 gitleaks approval packet;未批准前只呈現工具候選,不執行全史掃描。"
|
||||
},
|
||||
{
|
||||
"gate_id": "high_risk_operation_guard",
|
||||
"label": "Destructive operation guard",
|
||||
"coverage": "active_current_repo",
|
||||
"status": "wired",
|
||||
"owner_agent": "elephant_alpha",
|
||||
"evidence_refs": ["scripts/ci_code_review.py", "docs/HARD_RULES.md"],
|
||||
"current_gap": "只抓高風險字串,不足以判斷資料流、權限升級或木馬行為。",
|
||||
"next_action": "接 Semgrep / CodeQL candidate,並由 ElephantAlpha 做高風險人工 review packet。"
|
||||
},
|
||||
{
|
||||
"gate_id": "supply_chain_drift_gate",
|
||||
"label": "Dependency / supply-chain drift",
|
||||
"coverage": "repo_only_snapshot",
|
||||
"status": "wired",
|
||||
"owner_agent": "openclaw",
|
||||
"evidence_refs": ["docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"],
|
||||
"current_gap": "OSV / Trivy / registry / license lookup 尚未批准,不能宣稱已抓到所有 CVE。",
|
||||
"next_action": "建立 external scanner activation owner packet 與 no-write schedule gate。"
|
||||
},
|
||||
{
|
||||
"gate_id": "container_iac_gate",
|
||||
"label": "Container / IaC review",
|
||||
"coverage": "repo_only_snapshot",
|
||||
"status": "partial",
|
||||
"owner_agent": "nemotron",
|
||||
"evidence_refs": ["docs/evaluations/package_supply_chain_inventory_2026-06-04.json"],
|
||||
"current_gap": "Docker digest、checksum、K8s/IaC policy 仍是 read-only gap。",
|
||||
"next_action": "接 Trivy / Checkov candidate 與 digest pin approval packet。"
|
||||
},
|
||||
{
|
||||
"gate_id": "aider_patch_boundary",
|
||||
"label": "Aider patch boundary",
|
||||
"coverage": "event_intake_present",
|
||||
"status": "candidate_only",
|
||||
"owner_agent": "aider",
|
||||
"evidence_refs": ["apps/api/src/api/v1/aider_events.py", "apps/api/src/services/aider_event_service.py"],
|
||||
"current_gap": "Aider 事件可進 Redis stream / Incident,但尚未接成 code-review 修補批准包。",
|
||||
"next_action": "Aider 只作 approved patch executor,輸出 diff、test receipt、rollback note,不得 auto-merge。"
|
||||
},
|
||||
{
|
||||
"gate_id": "ai_reviewer_consensus",
|
||||
"label": "AI reviewer consensus",
|
||||
"coverage": "agent_contract_defined",
|
||||
"status": "partial",
|
||||
"owner_agent": "openclaw",
|
||||
"evidence_refs": ["apps/api/src/services/local_code_review_service.py", "docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"],
|
||||
"current_gap": "現有 LLM review 可用於 PR / push 摘要,但沒有多模型交叉 reviewer scorecard。",
|
||||
"next_action": "建立 Hermes / OpenClaw / ElephantAlpha / NemoTron / Aider 分工與 scorecard readback。"
|
||||
},
|
||||
{
|
||||
"gate_id": "human_owner_gate",
|
||||
"label": "Owner review / CODEOWNERS gate",
|
||||
"coverage": "policy_required",
|
||||
"status": "gap",
|
||||
"owner_agent": "elephant_alpha",
|
||||
"evidence_refs": ["docs/HARD_RULES.md", "docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md"],
|
||||
"current_gap": "高風險產品與跨產品修改尚未有統一 CODEOWNERS / owner response 阻擋。",
|
||||
"next_action": "建立 all-products CODEOWNERS / owner lane proposal,不直接修改 workflow。"
|
||||
}
|
||||
],
|
||||
"post_deploy_gates": [
|
||||
{
|
||||
"gate_id": "deploy_marker_readback",
|
||||
"label": "Deploy marker readback",
|
||||
"coverage": "active_current_repo",
|
||||
"status": "wired",
|
||||
"owner_agent": "hermes",
|
||||
"evidence_refs": ["docs/LOGBOOK.md"],
|
||||
"current_gap": "目前主要靠人工回填與 smoke 紀錄,尚未自動串回每個產品 release gate。",
|
||||
"next_action": "把 deploy marker、image revision、route smoke 寫入 product release receipt read model。"
|
||||
},
|
||||
{
|
||||
"gate_id": "production_route_smoke",
|
||||
"label": "Production route smoke",
|
||||
"coverage": "active_current_repo",
|
||||
"status": "wired",
|
||||
"owner_agent": "nemotron",
|
||||
"evidence_refs": [".gitea/workflows/cd.yaml", "docs/LOGBOOK.md"],
|
||||
"current_gap": "AWOOOI routes 有 post-deploy smoke,其他產品尚未統一納入。",
|
||||
"next_action": "以 Tenants public routes 產生 smoke matrix,成功安靜、失敗進 AwoooI SRE 戰情室。"
|
||||
},
|
||||
{
|
||||
"gate_id": "artifact_provenance",
|
||||
"label": "Artifact provenance / signing",
|
||||
"coverage": "candidate",
|
||||
"status": "gap",
|
||||
"owner_agent": "openclaw",
|
||||
"evidence_refs": ["docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"],
|
||||
"current_gap": "尚未有 SLSA provenance、Sigstore / cosign image signing 與 verification readback。",
|
||||
"next_action": "建立 signing / provenance activation approval packet;未批准前不推 registry 或改 deploy。"
|
||||
},
|
||||
{
|
||||
"gate_id": "rollback_verifier",
|
||||
"label": "Rollback / verifier receipt",
|
||||
"coverage": "policy_required",
|
||||
"status": "partial",
|
||||
"owner_agent": "elephant_alpha",
|
||||
"evidence_refs": ["docs/HARD_RULES.md"],
|
||||
"current_gap": "部分部署有 smoke,但缺統一 rollback owner、verifier plan 與 fail-close 判定。",
|
||||
"next_action": "把 rollback owner、verifier plan、post-check receipt 做成必填 gate。"
|
||||
},
|
||||
{
|
||||
"gate_id": "runtime_anomaly_watch",
|
||||
"label": "Runtime anomaly watch",
|
||||
"coverage": "observability_candidate",
|
||||
"status": "partial",
|
||||
"owner_agent": "hermes",
|
||||
"evidence_refs": ["docs/evaluations/ai_agent_report_no_write_analysis_runtime_2026-06-18.json"],
|
||||
"current_gap": "告警、報表與 code-review 尚未用同一個 release fingerprint 關聯。",
|
||||
"next_action": "把 release fingerprint 關聯到 incident、Sentry、SigNoz、K8s 與 SRE digest。"
|
||||
},
|
||||
{
|
||||
"gate_id": "learning_writeback",
|
||||
"label": "KM / PlayBook writeback",
|
||||
"coverage": "candidate",
|
||||
"status": "gap",
|
||||
"owner_agent": "hermes",
|
||||
"evidence_refs": ["docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"],
|
||||
"current_gap": "Code Review 結果還沒有完整回寫 KM / PlayBook trust / reviewer scorecard。",
|
||||
"next_action": "建立 code-review finding -> work item -> fix receipt -> KM / PlayBook trust 的 writeback gate。"
|
||||
}
|
||||
],
|
||||
"ai_reviewer_lanes": [
|
||||
{
|
||||
"agent_id": "hermes",
|
||||
"label": "Hermes",
|
||||
"role": "證據整理、產品資產與 KM / 報表沉澱",
|
||||
"allowed_output": "readback packet, KM draft, report digest draft",
|
||||
"write_allowed": false
|
||||
},
|
||||
{
|
||||
"agent_id": "openclaw",
|
||||
"label": "OpenClaw",
|
||||
"role": "風險仲裁、供應鏈 Gate、owner packet 編排",
|
||||
"allowed_output": "risk verdict, owner gate, policy decision packet",
|
||||
"write_allowed": false
|
||||
},
|
||||
{
|
||||
"agent_id": "elephant_alpha",
|
||||
"label": "ElephantAlpha",
|
||||
"role": "高風險與防木馬 read-only reviewer",
|
||||
"allowed_output": "security review finding, high-risk hold, rollback requirement",
|
||||
"write_allowed": false
|
||||
},
|
||||
{
|
||||
"agent_id": "nemotron",
|
||||
"label": "NemoTron",
|
||||
"role": "長任務回放、供應鏈版本與 post-deploy verifier",
|
||||
"allowed_output": "replay scorecard, smoke matrix, drift comparison",
|
||||
"write_allowed": false
|
||||
},
|
||||
{
|
||||
"agent_id": "aider",
|
||||
"label": "Aider",
|
||||
"role": "批准後的 patch pair-programmer,不作審批者",
|
||||
"allowed_output": "draft patch, lint/test receipt, rollback note",
|
||||
"write_allowed": false
|
||||
}
|
||||
],
|
||||
"mainstream_tool_lanes": [
|
||||
{
|
||||
"tool_id": "codeql",
|
||||
"label": "CodeQL",
|
||||
"category": "semantic_sast",
|
||||
"source_url": "https://docs.github.com/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "跨語言語意分析與高風險資料流審查",
|
||||
"blocked_now": ["enable workflow", "upload alerts"]
|
||||
},
|
||||
{
|
||||
"tool_id": "semgrep",
|
||||
"label": "Semgrep",
|
||||
"category": "sast_policy",
|
||||
"source_url": "https://semgrep.dev/docs/semgrep-code/overview",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "快速規則化 SAST、框架風險與組織 policy guard",
|
||||
"blocked_now": ["install scanner", "network rule fetch"]
|
||||
},
|
||||
{
|
||||
"tool_id": "gitleaks",
|
||||
"label": "Gitleaks",
|
||||
"category": "secret_scanning",
|
||||
"source_url": "https://gitleaks.io/",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "repo / diff / history secret scanning",
|
||||
"blocked_now": ["full-history scan", "write report artifact"]
|
||||
},
|
||||
{
|
||||
"tool_id": "osv_scanner",
|
||||
"label": "OSV-Scanner",
|
||||
"category": "dependency_vulnerability",
|
||||
"source_url": "https://google.github.io/osv-scanner/",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "dependency manifest / lockfile vulnerability matching",
|
||||
"blocked_now": ["external vulnerability lookup"]
|
||||
},
|
||||
{
|
||||
"tool_id": "trivy",
|
||||
"label": "Trivy",
|
||||
"category": "container_iac_vulnerability",
|
||||
"source_url": "https://trivy.dev/",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "container image、filesystem、IaC 與 secret scan",
|
||||
"blocked_now": ["image pull", "external DB update"]
|
||||
},
|
||||
{
|
||||
"tool_id": "openssf_scorecard",
|
||||
"label": "OpenSSF Scorecard",
|
||||
"category": "repo_security_posture",
|
||||
"source_url": "https://scorecard.dev/",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "repository security posture / branch / token / CI hygiene score",
|
||||
"blocked_now": ["external repo metadata lookup"]
|
||||
},
|
||||
{
|
||||
"tool_id": "slsa",
|
||||
"label": "SLSA",
|
||||
"category": "provenance_framework",
|
||||
"source_url": "https://slsa.dev/",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "build provenance 與 artifact integrity framework",
|
||||
"blocked_now": ["provenance emission", "workflow write"]
|
||||
},
|
||||
{
|
||||
"tool_id": "sigstore_cosign",
|
||||
"label": "Sigstore / cosign",
|
||||
"category": "artifact_signing",
|
||||
"source_url": "https://www.sigstore.dev/",
|
||||
"integration_status": "candidate_owner_approval_required",
|
||||
"recommended_role": "container / artifact signing and verification",
|
||||
"blocked_now": ["keyless signing", "registry write"]
|
||||
},
|
||||
{
|
||||
"tool_id": "coderabbit_or_snyk",
|
||||
"label": "CodeRabbit / Snyk",
|
||||
"category": "ai_appsec_platform",
|
||||
"source_url": "https://docs.coderabbit.ai/",
|
||||
"integration_status": "paid_or_external_candidate_owner_approval_required",
|
||||
"recommended_role": "PR AI review、SCA、container / IaC 風險與 developer workflow",
|
||||
"blocked_now": ["paid external service", "repo app install"]
|
||||
}
|
||||
],
|
||||
"decision_matrix": [
|
||||
{
|
||||
"risk_lane": "low_ui_or_docs",
|
||||
"reviewer": "Hermes + deterministic guard",
|
||||
"aider_role": "可在批准後起草 patch",
|
||||
"required_gate": "owner_scope_confirmed",
|
||||
"post_deploy": "route smoke + screenshot"
|
||||
},
|
||||
{
|
||||
"risk_lane": "medium_application_logic",
|
||||
"reviewer": "OpenClaw + ElephantAlpha",
|
||||
"aider_role": "只產 patch 與 test receipt",
|
||||
"required_gate": "manual_approval_and_rollback_note",
|
||||
"post_deploy": "API / UI smoke + incident watch"
|
||||
},
|
||||
{
|
||||
"risk_lane": "high_security_supply_chain",
|
||||
"reviewer": "ElephantAlpha + OpenClaw + NemoTron replay",
|
||||
"aider_role": "預設禁用,除非單項批准",
|
||||
"required_gate": "owner_response + security_acceptance + verifier_plan",
|
||||
"post_deploy": "deploy marker + provenance / verifier receipt"
|
||||
},
|
||||
{
|
||||
"risk_lane": "critical_runtime_or_secret",
|
||||
"reviewer": "ElephantAlpha hold",
|
||||
"aider_role": "禁止",
|
||||
"required_gate": "break_glass_or_formal_change_window",
|
||||
"post_deploy": "rollback owner + audit evidence + SRE digest"
|
||||
}
|
||||
],
|
||||
"gate_boundaries": {
|
||||
"read_only_api_allowed": true,
|
||||
"workflow_write_allowed": false,
|
||||
"external_scanner_activation_allowed": false,
|
||||
"paid_ai_review_allowed": false,
|
||||
"repo_app_install_allowed": false,
|
||||
"auto_merge_allowed": false,
|
||||
"production_deploy_authorized": false,
|
||||
"aider_auto_patch_allowed": false,
|
||||
"elephantalpha_write_allowed": false,
|
||||
"secret_read_allowed": false,
|
||||
"post_deploy_write_allowed": false,
|
||||
"runtime_execution_allowed": false,
|
||||
"telegram_send_allowed": false,
|
||||
"gateway_queue_write_allowed": false,
|
||||
"host_probe_allowed": false,
|
||||
"registry_push_allowed": false,
|
||||
"artifact_signing_allowed": false,
|
||||
"action_buttons_allowed": false
|
||||
},
|
||||
"next_actions": [
|
||||
{
|
||||
"task_id": "P2-112",
|
||||
"priority": "P1",
|
||||
"summary": "把 product_code_review_gate 接到 Gitea workflow pre-deploy policy readback;高風險先 fail-close,低風險仍需 reviewer receipt。",
|
||||
"gate": "workflow_change_owner_approval_required"
|
||||
},
|
||||
{
|
||||
"task_id": "P2-113",
|
||||
"priority": "P1",
|
||||
"summary": "建立 post-deploy release receipt:deploy marker、image revision、product route smoke、rollback owner、verifier receipt。",
|
||||
"gate": "read_only_release_receipt_first"
|
||||
},
|
||||
{
|
||||
"task_id": "P2-114",
|
||||
"priority": "P1",
|
||||
"summary": "設計外部 scanner 啟用批准包:CodeQL、Semgrep、Gitleaks、OSV、Trivy、OpenSSF、SLSA、Sigstore。",
|
||||
"gate": "cost_and_external_lookup_approval_required"
|
||||
}
|
||||
]
|
||||
}
|
||||
175
docs/schemas/product_code_review_gate_v1.schema.json
Normal file
175
docs/schemas/product_code_review_gate_v1.schema.json
Normal file
@@ -0,0 +1,175 @@
|
||||
{
|
||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||
"$id": "urn:awoooi:product-code-review-gate-v1",
|
||||
"title": "AWOOOI product code review gate v1",
|
||||
"description": "全產品推版前後 Code Review / 防木馬 Gate 只讀讀回。此 schema 不授權外部 scanner 啟用、workflow 寫入、auto merge、production deploy、Aider 自動 patch、secret 讀取、host probe、registry push、artifact signing、Telegram 實發或 Gateway queue write。",
|
||||
"type": "object",
|
||||
"required": [
|
||||
"schema_version",
|
||||
"generated_at",
|
||||
"program_status",
|
||||
"source_refs",
|
||||
"rollups",
|
||||
"pre_deploy_gates",
|
||||
"post_deploy_gates",
|
||||
"ai_reviewer_lanes",
|
||||
"mainstream_tool_lanes",
|
||||
"decision_matrix",
|
||||
"gate_boundaries",
|
||||
"next_actions"
|
||||
],
|
||||
"properties": {
|
||||
"schema_version": { "type": "string", "const": "product_code_review_gate_v1" },
|
||||
"generated_at": { "type": "string", "minLength": 1 },
|
||||
"program_status": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"overall_completion_percent",
|
||||
"current_priority",
|
||||
"current_task_id",
|
||||
"next_task_id",
|
||||
"read_only_mode",
|
||||
"runtime_authority",
|
||||
"status_note"
|
||||
],
|
||||
"properties": {
|
||||
"overall_completion_percent": { "type": "integer", "minimum": 0, "maximum": 100 },
|
||||
"current_priority": { "type": "string", "enum": ["P0", "P1", "P2", "P3"] },
|
||||
"current_task_id": { "type": "string", "const": "P2-111" },
|
||||
"next_task_id": { "type": "string", "minLength": 1 },
|
||||
"read_only_mode": { "type": "boolean", "const": true },
|
||||
"runtime_authority": { "type": "string", "minLength": 1 },
|
||||
"status_note": { "type": "string", "minLength": 1 }
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"source_refs": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": { "type": "string", "minLength": 1 }
|
||||
},
|
||||
"rollups": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"product_scope_count",
|
||||
"public_route_count_minimum",
|
||||
"source_candidate_repo_count",
|
||||
"pre_deploy_gate_count",
|
||||
"post_deploy_gate_count",
|
||||
"ai_reviewer_count",
|
||||
"mainstream_tool_count",
|
||||
"owner_review_required_count",
|
||||
"critical_gap_count",
|
||||
"blocked_operation_count",
|
||||
"active_write_gate_count",
|
||||
"action_button_count"
|
||||
],
|
||||
"additionalProperties": { "type": "integer" }
|
||||
},
|
||||
"pre_deploy_gates": { "$ref": "#/$defs/gateArray" },
|
||||
"post_deploy_gates": { "$ref": "#/$defs/gateArray" },
|
||||
"ai_reviewer_lanes": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["agent_id", "label", "role", "allowed_output", "write_allowed"],
|
||||
"properties": {
|
||||
"agent_id": { "type": "string", "minLength": 1 },
|
||||
"label": { "type": "string", "minLength": 1 },
|
||||
"role": { "type": "string", "minLength": 1 },
|
||||
"allowed_output": { "type": "string", "minLength": 1 },
|
||||
"write_allowed": { "type": "boolean", "const": false }
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
},
|
||||
"mainstream_tool_lanes": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"tool_id",
|
||||
"label",
|
||||
"category",
|
||||
"source_url",
|
||||
"integration_status",
|
||||
"recommended_role",
|
||||
"blocked_now"
|
||||
],
|
||||
"properties": {
|
||||
"tool_id": { "type": "string", "minLength": 1 },
|
||||
"label": { "type": "string", "minLength": 1 },
|
||||
"category": { "type": "string", "minLength": 1 },
|
||||
"source_url": { "type": "string", "minLength": 1 },
|
||||
"integration_status": { "type": "string", "minLength": 1 },
|
||||
"recommended_role": { "type": "string", "minLength": 1 },
|
||||
"blocked_now": {
|
||||
"type": "array",
|
||||
"items": { "type": "string", "minLength": 1 }
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
},
|
||||
"decision_matrix": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["risk_lane", "reviewer", "aider_role", "required_gate", "post_deploy"],
|
||||
"additionalProperties": { "type": "string" }
|
||||
}
|
||||
},
|
||||
"gate_boundaries": {
|
||||
"type": "object",
|
||||
"required": ["read_only_api_allowed"],
|
||||
"additionalProperties": { "type": "boolean" }
|
||||
},
|
||||
"next_actions": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["task_id", "priority", "summary", "gate"],
|
||||
"additionalProperties": { "type": "string" }
|
||||
}
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
"gateArray": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"gate_id",
|
||||
"label",
|
||||
"coverage",
|
||||
"status",
|
||||
"owner_agent",
|
||||
"evidence_refs",
|
||||
"current_gap",
|
||||
"next_action"
|
||||
],
|
||||
"properties": {
|
||||
"gate_id": { "type": "string", "minLength": 1 },
|
||||
"label": { "type": "string", "minLength": 1 },
|
||||
"coverage": { "type": "string", "minLength": 1 },
|
||||
"status": { "type": "string", "minLength": 1 },
|
||||
"owner_agent": { "type": "string", "minLength": 1 },
|
||||
"evidence_refs": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"items": { "type": "string", "minLength": 1 }
|
||||
},
|
||||
"current_gap": { "type": "string", "minLength": 1 },
|
||||
"next_action": { "type": "string", "minLength": 1 }
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
}
|
||||
},
|
||||
"additionalProperties": true
|
||||
}
|
||||
Reference in New Issue
Block a user