docs(github): record safe credential intake readback [skip ci]

This commit is contained in:
Your Name
2026-06-27 22:37:12 +08:00
parent 257544d097
commit 62309d3990

View File

@@ -47890,3 +47890,52 @@ production browser smoke:
**下一個 P0**
- commit feature正常 push 到 Gitea確認 CD idle/success 後 normal push `HEAD:main`,再做 production readback目標為 `safe_credential_evidence_intake_ready=true`、required refs `9`、rules `5`、redaction examples `5`、forbidden payloads `15`、quarantine lanes `1`,同時 create/private ready `0`、refs sync ready `0`、execution ready `0` 維持不變。
## 2026-06-27 — 22:35 GitHub safe credential evidence intake readiness production 讀回完成
**時間與來源**
- 2026-06-27 22:18-22:35 Asia/Taipei。
- 來源feature branch `codex/github-safe-credential-intake-20260627`、main release `30af0fb420`、deploy marker `257544d09`、Gitea Actions 與 production API readback。
**完成內容**
- GitHub private backup evidence gate 已正式暴露 `safe_credential_evidence_intake_readiness`,可讀出脫敏 evidence ref 收件狀態、redaction examples、forbidden payloads 與 quarantine lanes。
- 本段只建立 safe credential evidence 的 read-only intake contract不代表 safe credential evidence 已 accepted也不代表 repo creation、visibility change、refs sync 或 GitHub primary switch 已授權。
**runs 與驗證**
- feature latest`30af0fb420 Merge remote-tracking branch 'gitea/main' into codex/github-safe-credential-intake-20260627`
- deploy marker`257544d09 chore(cd): deploy 30af0fb [skip ci]`
- Gitea CD run `3707`Success。
- Gitea code-review run `3708`Success。
- 本地驗證:`python3.11 -m ruff check ...` 通過、`python3 -m py_compile apps/api/src/services/github_target_private_backup_evidence_gate.py` 通過、focused pytest `12 passed``pnpm --dir apps/web typecheck` 通過、`git diff --check` 通過。
**production API readback**
- `GET https://awoooi.wooo.work/api/v1/health``200``status=healthy``environment=prod``mock_mode=false`
- `GET https://awoooi.wooo.work/api/v1/agents/github-target-private-backup-evidence-gate``200`
- `safe_credential_evidence_intake_ready=True`
- `safe_credential_required_redacted_evidence_ref_count=9``safe_credential_evidence_ref_rule_count=5``safe_credential_redaction_example_count=5``safe_credential_forbidden_payload_count=15``safe_credential_quarantine_lane_count=1`
- `safe_credential_raw_payload_storage_allowed=False``private_clone_url_collection_allowed=False``secret_value_collection_allowed=False`
- top-level status`ready_to_collect_redacted_evidence_refs_not_credentials``intake_ready=True``execution_authorized=False``not_approval=True`
- first target `owenhytsai/awoooi``safe_credential_evidence_submission_status=waiting_redacted_evidence_ref``safe_credential_raw_payload_storage_allowed=False`
**production delivery readback**
- `GET https://awoooi.wooo.work/api/v1/agents/delivery-closure-workbench``200``schema_version=delivery_closure_workbench_v1`
- GitHub lane`lane_id=github``status=blocked_private_visibility_and_safe_credential_evidence_required``completion_percent=44``blocker_count=9`
**完成度與同步狀態**
- 本段「GitHub safe credential evidence intake readiness API / production 讀回」:`85% -> 100%`
- GitHub backup mirror governance仍為 blocked本段只把安全收件契約正式上線不代表 private backup gate 已開。
**仍維持 0 / false**
- `safe_credential_accepted_evidence_count=0``owner_response_received_count=0``owner_response_accepted_count=0`
- `github_missing_target_create_private_repo_ready_count=0``github_missing_target_refs_sync_ready_count=0``execution_ready_count=0``blocked_target_count=9``private_backup_verified_count=4`
- `repo_creation_authorized=false``visibility_change_authorized=false``refs_sync_authorized=false``workflow_trigger_authorized=false``secret_value_collection_allowed=false``private_clone_url_collection_allowed=false``stored_raw_payload_allowed=false`
**做過的命令類型**
- 寫入repo service / test / LOGBOOK以及正常 Gitea feature / main push。
- 只讀Gitea Actions UI readback、production health、production GitHub gate API、Delivery Workbench API。
- 未做:沒有 GitHub repo creation、visibility change、refs sync、workflow trigger、private clone URL collection、secret value collection沒有 host / Docker / systemd / Nginx / firewall / K8s / DB / Wazuh runtime 寫操作;沒有 force push。
**下一個 P0**
- `P0-01` GitHub private backup evidence acceptance逐 target 收 owner-provided redacted evidence refs`safe_credential_accepted_evidence_count``0/9` 往上推;仍不得收 private clone URL、secret value、repo archive 或 git object pack。
- `P0-02` missing target canonical source owner decision釐清 `ewoooc``bitan-pharmacy``tsenyang-website``VibeWork``agent-bounty-protocol` 的 canonical source before repo creation。
- `P0-03` refs sync readinesscanonical source 與 owner decision 未成立前,`refs_sync_ready_count` 必須維持 `0`