docs(github): record safe credential intake readback [skip ci]
This commit is contained in:
@@ -47890,3 +47890,52 @@ production browser smoke:
|
||||
|
||||
**下一個 P0**:
|
||||
- commit feature,正常 push 到 Gitea;確認 CD idle/success 後 normal push `HEAD:main`,再做 production readback,目標為 `safe_credential_evidence_intake_ready=true`、required refs `9`、rules `5`、redaction examples `5`、forbidden payloads `15`、quarantine lanes `1`,同時 create/private ready `0`、refs sync ready `0`、execution ready `0` 維持不變。
|
||||
|
||||
## 2026-06-27 — 22:35 GitHub safe credential evidence intake readiness production 讀回完成
|
||||
|
||||
**時間與來源**:
|
||||
- 2026-06-27 22:18-22:35 Asia/Taipei。
|
||||
- 來源:feature branch `codex/github-safe-credential-intake-20260627`、main release `30af0fb420`、deploy marker `257544d09`、Gitea Actions 與 production API readback。
|
||||
|
||||
**完成內容**:
|
||||
- GitHub private backup evidence gate 已正式暴露 `safe_credential_evidence_intake_readiness`,可讀出脫敏 evidence ref 收件狀態、redaction examples、forbidden payloads 與 quarantine lanes。
|
||||
- 本段只建立 safe credential evidence 的 read-only intake contract;不代表 safe credential evidence 已 accepted,也不代表 repo creation、visibility change、refs sync 或 GitHub primary switch 已授權。
|
||||
|
||||
**runs 與驗證**:
|
||||
- feature latest:`30af0fb420 Merge remote-tracking branch 'gitea/main' into codex/github-safe-credential-intake-20260627`。
|
||||
- deploy marker:`257544d09 chore(cd): deploy 30af0fb [skip ci]`。
|
||||
- Gitea CD run `3707`:Success。
|
||||
- Gitea code-review run `3708`:Success。
|
||||
- 本地驗證:`python3.11 -m ruff check ...` 通過、`python3 -m py_compile apps/api/src/services/github_target_private_backup_evidence_gate.py` 通過、focused pytest `12 passed`、`pnpm --dir apps/web typecheck` 通過、`git diff --check` 通過。
|
||||
|
||||
**production API readback**:
|
||||
- `GET https://awoooi.wooo.work/api/v1/health`:`200`,`status=healthy`、`environment=prod`、`mock_mode=false`。
|
||||
- `GET https://awoooi.wooo.work/api/v1/agents/github-target-private-backup-evidence-gate`:`200`。
|
||||
- `safe_credential_evidence_intake_ready=True`。
|
||||
- `safe_credential_required_redacted_evidence_ref_count=9`、`safe_credential_evidence_ref_rule_count=5`、`safe_credential_redaction_example_count=5`、`safe_credential_forbidden_payload_count=15`、`safe_credential_quarantine_lane_count=1`。
|
||||
- `safe_credential_raw_payload_storage_allowed=False`、`private_clone_url_collection_allowed=False`、`secret_value_collection_allowed=False`。
|
||||
- top-level status:`ready_to_collect_redacted_evidence_refs_not_credentials`、`intake_ready=True`、`execution_authorized=False`、`not_approval=True`。
|
||||
- first target `owenhytsai/awoooi`:`safe_credential_evidence_submission_status=waiting_redacted_evidence_ref`、`safe_credential_raw_payload_storage_allowed=False`。
|
||||
|
||||
**production delivery readback**:
|
||||
- `GET https://awoooi.wooo.work/api/v1/agents/delivery-closure-workbench`:`200`,`schema_version=delivery_closure_workbench_v1`。
|
||||
- GitHub lane:`lane_id=github`、`status=blocked_private_visibility_and_safe_credential_evidence_required`、`completion_percent=44`、`blocker_count=9`。
|
||||
|
||||
**完成度與同步狀態**:
|
||||
- 本段「GitHub safe credential evidence intake readiness API / production 讀回」:`85% -> 100%`。
|
||||
- GitHub backup mirror governance:仍為 blocked;本段只把安全收件契約正式上線,不代表 private backup gate 已開。
|
||||
|
||||
**仍維持 0 / false**:
|
||||
- `safe_credential_accepted_evidence_count=0`、`owner_response_received_count=0`、`owner_response_accepted_count=0`。
|
||||
- `github_missing_target_create_private_repo_ready_count=0`、`github_missing_target_refs_sync_ready_count=0`、`execution_ready_count=0`、`blocked_target_count=9`、`private_backup_verified_count=4`。
|
||||
- `repo_creation_authorized=false`、`visibility_change_authorized=false`、`refs_sync_authorized=false`、`workflow_trigger_authorized=false`、`secret_value_collection_allowed=false`、`private_clone_url_collection_allowed=false`、`stored_raw_payload_allowed=false`。
|
||||
|
||||
**做過的命令類型**:
|
||||
- 寫入:repo service / test / LOGBOOK,以及正常 Gitea feature / main push。
|
||||
- 只讀:Gitea Actions UI readback、production health、production GitHub gate API、Delivery Workbench API。
|
||||
- 未做:沒有 GitHub repo creation、visibility change、refs sync、workflow trigger、private clone URL collection、secret value collection;沒有 host / Docker / systemd / Nginx / firewall / K8s / DB / Wazuh runtime 寫操作;沒有 force push。
|
||||
|
||||
**下一個 P0**:
|
||||
- `P0-01` GitHub private backup evidence acceptance:逐 target 收 owner-provided redacted evidence refs,讓 `safe_credential_accepted_evidence_count` 從 `0/9` 往上推;仍不得收 private clone URL、secret value、repo archive 或 git object pack。
|
||||
- `P0-02` missing target canonical source owner decision:釐清 `ewoooc`、`bitan-pharmacy`、`tsenyang-website`、`VibeWork`、`agent-bounty-protocol` 的 canonical source before repo creation。
|
||||
- `P0-03` refs sync readiness:canonical source 與 owner decision 未成立前,`refs_sync_ready_count` 必須維持 `0`。
|
||||
|
||||
Reference in New Issue
Block a user