docs(security): add gitea coverage attestation gate [skip ci]
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 初版,供 AwoooP Session 只讀消費 |
|
||||
| 範圍 | Kali / Code Review / Codex / Gitea / GitHub 資安供應鏈事件 |
|
||||
| 低摩擦 policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` |
|
||||
@@ -44,7 +44,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `security_mirror_status_rollup_v1` | AwoooP 鏡像狀態彙整契約 | Operator Console、Runtime State、Audit | mirror-only | 只顯示階段狀態、下一個 gate 與禁止事項;不得視為 runtime authorization |
|
||||
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
|
||||
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
|
||||
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export request 與 S4.6 redacted import acceptance;不保存 token value、不刪除或停用 Gitea repo |
|
||||
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export request、S4.6 redacted import acceptance 與 S4.7 owner coverage attestation;不保存 token value、不刪除或停用 Gitea repo |
|
||||
| `local_git_remote_inventory_v1` | 本機可見 Git working tree remote | Source-control coverage evidence、migration matrix | mirror-only | 不視為 Gitea server 全量、不修改 remote |
|
||||
| `github_target_probe_v1` | 候選 GitHub repo read-only probe | Migration target evidence | mirror-only | `not_found_or_private` 不等同確認不存在 |
|
||||
| `github_target_decision_v1` | GitHub target 建立與可見性決策草案 | Approval candidate、Migration target evidence | mirror-only | approval 前不得建立 repo、修改 visibility、同步 refs |
|
||||
@@ -116,7 +116,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason,不允許切 primary |
|
||||
| `source_control_migration_event_v1.status=verified` | `approve_required` | 仍需人工批准主控切換 |
|
||||
| `gitea_repo_inventory_v1.status=blocked` | `observe` | 補只讀 token 或管理匯出,不做同步 |
|
||||
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence,顯示 S4.5 export request、S4.6 import acceptance 與 coverage gap,不做同步 |
|
||||
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence,顯示 S4.5 export request、S4.6 import acceptance、S4.7 owner attestation request 與 coverage gap,不做同步 |
|
||||
| `gitea_repo_inventory_v1.status=ok` | `warn` | 進入 repo mapping / branch tag diff |
|
||||
| `approval_required_event_v1.requested_action=run_gitea_readonly_inventory` | `approve_required` | 只允許 read-only token 或 redacted admin export,不保存 token value |
|
||||
| `local_git_remote_inventory_v1.status=partial` | `observe` | 補 server-side inventory,不做主控切換 |
|
||||
@@ -156,6 +156,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| Gitea repo inventory 人讀版 | `docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md` |
|
||||
| Gitea authenticated inventory export request | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| Gitea authenticated inventory import acceptance | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| Gitea inventory coverage owner attestation | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` / `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| Gitea org endpoint blocked snapshot | `docs/security/gitea-org-repo-inventory-blocked.snapshot.json` / `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
|
||||
| Gitea server-side inventory runbook | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
|
||||
| Gitea read-only inventory approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
|
||||
|
||||
@@ -327,7 +327,7 @@ Schema:`docs/schemas/security_mirror_status_rollup_v1.schema.json`
|
||||
|
||||
Snapshot:`docs/security/security-mirror-status-rollup.snapshot.json`
|
||||
|
||||
目前 rollup:`framework_ready_waiting_approval`;35 個 contracts、32 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆;primary ready 0 筆;S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。
|
||||
目前 rollup:`framework_ready_waiting_approval`;35 個 contracts、32 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆;primary ready 0 筆;S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。
|
||||
|
||||
AwoooP 初期處理方式:只顯示階段狀態、下一個 gate 與禁止事項,可寫入 Audit evidence;不得把 rollup 當 runtime authorization。
|
||||
|
||||
@@ -479,6 +479,8 @@ S4.5 支援性請求:已新增 `docs/schemas/gitea_authenticated_inventory_exp
|
||||
|
||||
S4.6 支援性驗收:已新增 `docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json`、`docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` 與 `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md`。此驗收仍不新增第 36 個主 contract,只定義 owner / 管理者提供脫敏 payload 後的 schema、redaction、coverage gap、quarantine 與 allowed output;目前 `received_payload_count=0`、`accepted_payload_count=0`、`runtime_execution_authorized=false`,不得把驗收格式視為 inventory 已完成或 primary cutover approval。
|
||||
|
||||
S4.7 支援性 owner attestation:已新增 `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json`、`docs/security/gitea-inventory-coverage-attestation.snapshot.json` 與 `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md`。此 attestation 仍不新增第 36 個主 contract,只定義 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition 的 owner decision;目前 `required_attestation_item_count=5`、`received_attestation_count=0`、`accepted_attestation_count=0`、`runtime_execution_authorized=false`,不得把 attestation request 視為 repo migration approval。
|
||||
|
||||
### `local_git_remote_inventory_v1`
|
||||
|
||||
用途:在 Gitea API 受阻時,盤點本機可見 Git working tree 的 remote URL,找出仍指向 Gitea、GitHub、110 內部 Git 或 GitLab 類 remote 的專案。
|
||||
@@ -819,6 +821,8 @@ Console 初期不提供高風險執行按鈕。
|
||||
|
||||
2026-05-13 S4.6 Gitea 認證清冊匯入驗收追加:已新增 `docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json`、`docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` 與 `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md`。本輪只定義 owner / 管理者提供脫敏 payload 後的驗收、拒收與隔離規則;目前收到 payload 0 筆、接受 0 筆、拒收 0 筆;不得保存 token value、不得匯入 DB dump 或 git object、不得寫 Gitea、不得 sync refs、不得切 GitHub primary。
|
||||
|
||||
2026-05-17 S4.7 Gitea 清冊覆蓋 owner attestation 追加:已新增 `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json`、`docs/security/gitea-inventory-coverage-attestation.snapshot.json` 與 `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md`。本輪只定義 5 個 owner scope decision items:public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition;目前收到 attestation 0 筆、接受 0 筆;不得保存 token value、不得寫 Gitea、不得建立 GitHub repo、不得 sync refs、不得切 GitHub primary。
|
||||
|
||||
2026-05-13 Kali 112 live 整合狀態追加:已在授權下登入 `192.168.0.112` 做 read-only 盤點與低風險更新,並新增 `docs/schemas/kali_integration_status_v1.schema.json`、`docs/security/kali-integration-status.snapshot.json` 與 `docs/security/KALI-INTEGRATION-STATUS.md`。Kali Scanner API `/health` healthy、`kali-scanner.service` active/enabled、node-exporter 與 wg-easy container up;已 targeted update `nmap`、`nikto`、`nuclei`、`curl`、`openssl`、CA 套件,安裝 `jq`,時區改為 `Asia/Taipei`,更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence,但不得直接啟動 scan、credentialed scan 或 `/execute`。
|
||||
|
||||
本波仍不做:
|
||||
@@ -855,6 +859,8 @@ Console 初期不提供高風險執行按鈕。
|
||||
- [gitea_authenticated_inventory_export_request_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-authenticated-inventory-export-request.snapshot.json)
|
||||
- [Gitea 認證清冊匯入驗收契約](/Users/ogt/awoooi/docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md)
|
||||
- [gitea_authenticated_inventory_import_acceptance_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json)
|
||||
- [Gitea 清冊覆蓋 owner attestation](/Users/ogt/awoooi/docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md)
|
||||
- [gitea_inventory_coverage_attestation_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-inventory-coverage-attestation.snapshot.json)
|
||||
- [Gitea admin export redaction checklist](/Users/ogt/awoooi/docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md)
|
||||
- [Gitea public repo search snapshot](/Users/ogt/awoooi/docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md)
|
||||
- [gitea public repo search JSON](/Users/ogt/awoooi/docs/security/gitea-public-repo-search.snapshot.json)
|
||||
@@ -912,6 +918,7 @@ Console 初期不提供高風險執行按鈕。
|
||||
- [gitea_repo_inventory_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_repo_inventory_v1.schema.json)
|
||||
- [gitea_authenticated_inventory_export_request_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json)
|
||||
- [gitea_authenticated_inventory_import_acceptance_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json)
|
||||
- [gitea_inventory_coverage_attestation_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json)
|
||||
- [local_git_remote_inventory_v1 schema](/Users/ogt/awoooi/docs/schemas/local_git_remote_inventory_v1.schema.json)
|
||||
- [github_target_probe_v1 schema](/Users/ogt/awoooi/docs/schemas/github_target_probe_v1.schema.json)
|
||||
- [github_target_decision_v1 schema](/Users/ogt/awoooi/docs/schemas/github_target_decision_v1.schema.json)
|
||||
|
||||
@@ -2,12 +2,13 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-12 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 第一版,給 `gitea_repo_inventory_v1` 管理匯入使用 |
|
||||
| 搭配文件 | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
|
||||
| Approval | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
|
||||
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
|
||||
## 0. 允許保留的欄位
|
||||
|
||||
@@ -65,6 +66,7 @@
|
||||
| repo 欄位完整 | 檢查 `full_name` 或 `owner.login + name` | 每個 repo 可識別 |
|
||||
| visibility 可判斷 | 檢查 `private` | 每個 repo 有布林值 |
|
||||
| S4.6 驗收 | 依 `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` 檢查 payload | 不完整或含敏感值時必須拒收或隔離 |
|
||||
| S4.7 owner attestation | 依 `GITEA-INVENTORY-COVERAGE-ATTESTATION.md` 補 scope decision | public-only / local remote gap、org/user endpoint、110 adjacent source 都有 owner 判定 |
|
||||
|
||||
## 4. 匯入指令
|
||||
|
||||
@@ -87,3 +89,4 @@ python3 scripts/security/gitea-repo-inventory.py \
|
||||
5. 下一步仍只更新 migration matrix,不同步 refs、不建 repo、不切 primary。
|
||||
6. 必須能解釋 public-only API 看到 2 個 repos、本機 Gitea remote 看到 4 個 unique Gitea repos 的 coverage gap。
|
||||
7. 必須通過 S4.6 import acceptance;payload 驗收通過仍不代表 GitHub primary 已批准。
|
||||
8. 必須補 S4.7 owner coverage attestation;attestation 只更新 evidence / matrix / gate,不執行 repo 遷移。
|
||||
|
||||
@@ -2,11 +2,12 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案,等待 owner 匯出 / 只讀批准 |
|
||||
| 資料契約 | `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json` |
|
||||
| 快照 | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
|
||||
| 後續驗收 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| 覆蓋 Attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| 來源契約 | `gitea_repo_inventory_v1` |
|
||||
| 模式 | `redacted_export_request_only` |
|
||||
| 執行面授權 | `false` |
|
||||
@@ -21,6 +22,8 @@ S4.5 把 Gitea 私有 / 內部全量 repo 清冊的下一步匯出請求正式
|
||||
|
||||
S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload,也必須先通過 schema、脫敏、coverage gap 與隔離規則,才能成為 `gitea_repo_inventory_v1.status=ok` 的候選 evidence。
|
||||
|
||||
S4.7 已補 owner coverage attestation:在補全量清冊前,owner 仍需判定 public-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent sources 的 scope。S4.7 不授權 token 收集、repo 寫入、refs sync 或 primary cutover。
|
||||
|
||||
## 1. 摘要
|
||||
|
||||
| 指標 | 數量 |
|
||||
@@ -37,6 +40,7 @@ S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload
|
||||
| 允許 repo 寫入 | `false` |
|
||||
| 允許 refs sync | `false` |
|
||||
| 授權切換 GitHub primary | `false` |
|
||||
| S4.7 owner attestation items | 5 |
|
||||
|
||||
## 2. 匯出來源選項
|
||||
|
||||
@@ -98,4 +102,4 @@ S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload
|
||||
|
||||
S4.5 只是把 Gitea 認證清冊的下一步請求、欄位、拒收規則與驗收 gate 定清楚。
|
||||
|
||||
這補的是「完整轉移 Gitea 目前所有專案版本到 GitHub」前的第一個資料缺口;仍然停在框架期,不進入執行、同步或主控切換。
|
||||
S4.7 會在此基礎上要求 owner 說明 coverage gap 與 scope decision。這補的是「完整轉移 Gitea 目前所有專案版本到 GitHub」前的資料缺口;仍然停在框架期,不進入執行、同步或主控切換。
|
||||
|
||||
@@ -2,12 +2,13 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案,等待脫敏清冊 payload |
|
||||
| 資料契約 | `docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json` |
|
||||
| 快照 | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` |
|
||||
| 來源契約 | `gitea_repo_inventory_v1` |
|
||||
| 上游請求 | `gitea_authenticated_inventory_export_request_v1` |
|
||||
| 覆蓋 Attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| 模式 | `redacted_payload_acceptance_only` |
|
||||
| 執行面授權 | `false` |
|
||||
|
||||
@@ -17,6 +18,8 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
|
||||
|
||||
這不是實際匯入,也不是宣告 Gitea inventory 完成。它只把未來可接受的 payload 形狀、必要欄位、拒收規則、隔離 lane 與允許輸出先固定下來,避免 owner 提供資料時把 token、DB dump、git object 或 repo 操作要求混進來。
|
||||
|
||||
S4.7 已補 owner coverage attestation:即使 payload 通過 S4.6,也仍需 owner 對 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition 作 scope decision,才可把 blocker 往 primary readiness 下一關推進。
|
||||
|
||||
## 1. 驗收摘要
|
||||
|
||||
| 指標 | 值 |
|
||||
@@ -37,6 +40,7 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
|
||||
| 允許 DB dump / git object | `false` |
|
||||
| 允許 repo write / refs sync | `false` |
|
||||
| 授權切換 GitHub primary | `false` |
|
||||
| S4.7 owner attestation items | 5 |
|
||||
|
||||
## 2. 可接受 Payload 形狀
|
||||
|
||||
@@ -117,4 +121,4 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
|
||||
|
||||
S4.6 補的是 S4.5 後面的「安全收件規格」。它讓下一個 owner export / admin export 有清楚門檻,但仍然停在框架期。
|
||||
|
||||
真正讓 `gitea_repo_inventory_v1.status=ok`,必須等到脫敏 payload 實際產生、通過驗收、經人工 review 後,再另行提交 snapshot。此文件本身不代表 inventory 已完成。
|
||||
真正讓 `gitea_repo_inventory_v1.status=ok`,必須等到脫敏 payload 實際產生、通過驗收、經人工 review,並完成 S4.7 owner coverage attestation 後,再另行提交 snapshot。此文件本身不代表 inventory 已完成。
|
||||
|
||||
83
docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md
Normal file
83
docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md
Normal file
@@ -0,0 +1,83 @@
|
||||
# Gitea 清冊覆蓋 Owner Attestation
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案,等待 owner attestation |
|
||||
| 資料契約 | `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json` |
|
||||
| 快照 | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` |
|
||||
| 來源契約 | `gitea_repo_inventory_v1` |
|
||||
| 上游請求 | `gitea_authenticated_inventory_export_request_v1` / `gitea_authenticated_inventory_import_acceptance_v1` |
|
||||
| 模式 | `coverage_attestation_only` |
|
||||
| 執行面授權 | `false` |
|
||||
|
||||
## 0. 核心結論
|
||||
|
||||
S4.7 補的是「owner 怎麼說明 Gitea 清冊覆蓋缺口」。
|
||||
|
||||
目前 `gitea_repo_inventory_v1` 仍是 public-only / partial:未認證公開範圍只看到 2 個 repos,本機 remote evidence 看到 4 個 Gitea unique repos,另有 4 個 110 internal adjacent sources 需要判定是否屬本輪 GitHub migration scope。
|
||||
|
||||
此文件不要求使用者貼 token,不匯入 payload,不寫 Gitea,不建立 GitHub repo,不 sync refs,也不切 GitHub primary。它只把 owner 需要表態的 5 個 coverage items 固定下來,讓 AwoooP 可以 mirror 成 review lane。
|
||||
|
||||
## 1. Attestation 摘要
|
||||
|
||||
| 指標 | 值 |
|
||||
|------|----|
|
||||
| owner attestation 狀態 | `waiting_owner_attestation` |
|
||||
| 必要 attestation items | 5 |
|
||||
| 已收到 attestation | 0 |
|
||||
| 已接受 attestation | 0 |
|
||||
| 已拒收 attestation | 0 |
|
||||
| 未認證公開範圍 repos | 2 |
|
||||
| 本機可見 Gitea unique repos | 4 |
|
||||
| 本機 Gitea 覆蓋缺口 | 2 |
|
||||
| 110 internal adjacent sources | 4 |
|
||||
| 需要 owner scope decision | `true` |
|
||||
| 允許收集 token value | `false` |
|
||||
| 允許 repo write / refs sync | `false` |
|
||||
| 授權切換 GitHub primary | `false` |
|
||||
|
||||
## 2. 必要 Attestation Items
|
||||
|
||||
| Item | 需要 owner 判定 | 目前缺口 |
|
||||
|------|----------------|----------|
|
||||
| `public_only_vs_local_gitea_gap` | `wooo/clawbot-v5`、`wooo/wooo-aiops` 是否仍屬本輪 scope | public-only 2 repos,本機 Gitea unique 4 repos |
|
||||
| `org_user_endpoint_identity` | `wooo` 應以 user、org 或兩者盤點 | org endpoint blocked / 404 不等於沒有 private repos |
|
||||
| `internal_110_adjacent_scope` | `bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config` 是否納入 | 110 adjacent sources 未正式 scope decision |
|
||||
| `repo_owner_canonical_scope` | 每個 in-scope repo 的 owner、canonical source、GitHub target、visibility 責任人 | GitHub target / canonical / owner 尚未全量確認 |
|
||||
| `legacy_or_inaccessible_repo_disposition` | legacy、archived、external 或 inaccessible repo 的處置 | 未出現在 payload 的 repo 不能自動視為完成 |
|
||||
|
||||
## 3. 可接受決策值
|
||||
|
||||
| 決策值 | 意義 |
|
||||
|--------|------|
|
||||
| `in_scope` | 納入本輪 inventory / GitHub migration scope |
|
||||
| `out_of_scope` | 排除本輪 scope,但必須留下 owner 理由 |
|
||||
| `legacy_archived` | 歷史或封存來源,只保留 evidence 與後續 review |
|
||||
| `external_system` | 由外部系統或非本輪 source-control 管線管理 |
|
||||
| `inaccessible_requires_followup` | 目前不可讀,需要 owner / 管理者補 evidence |
|
||||
| `unknown_requires_more_evidence` | evidence 不足,維持 blocker |
|
||||
|
||||
## 4. AwoooP 可做
|
||||
|
||||
1. 顯示 S4.7 owner attestation request 與 5 個 coverage items。
|
||||
2. 將每個 item mirror 成 review lane 或 approval candidate。
|
||||
3. 顯示目前 `received_attestation_count=0`、`accepted_attestation_count=0`。
|
||||
4. 在 owner 提供決策後,只更新 read-only matrix、decision table、readiness gate 與 status rollup。
|
||||
5. 維持 `gitea_repo_inventory_v1.status=partial`,直到 S4.6 payload 通過且 attestation 被接受。
|
||||
|
||||
## 5. AwoooP 不可做
|
||||
|
||||
1. 不要求使用者貼 token value。
|
||||
2. 不保存 token、secret、cookie、session、private key。
|
||||
3. 不用 write-capable token。
|
||||
4. 不寫入 Gitea,不建立、刪除、封存或修改 repo。
|
||||
5. 不建立 GitHub repo,不修改 visibility,不 sync refs,不 delete refs,不 force push。
|
||||
6. 不把 owner attestation 當成 GitHub primary approval。
|
||||
7. 不新增 scan / execute / repo / refs action button。
|
||||
|
||||
## 6. 階段定位
|
||||
|
||||
S4.7 是 S4.5 匯出請求與 S4.6 匯入驗收之後的 owner scope decision gate。
|
||||
|
||||
它解決的是「哪些缺口需要 owner 說清楚」,不是「開始搬 repo」。完成 S4.7 後,仍需 authenticated/admin export payload、refs truth、workflow / secret name parity、rollback ADR owner approval 與逐 repo runtime gate,才能談 GitHub primary cutover。
|
||||
@@ -2,13 +2,14 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-12 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案,等待人工批准 |
|
||||
| 來源事件 | `gitea_repo_inventory_v1` |
|
||||
| Approval event | `docs/security/gitea-readonly-inventory-approval.snapshot.json` |
|
||||
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
|
||||
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| 目的 | 補齊 Gitea private/internal server-side repo list |
|
||||
| 原則 | 低摩擦、只讀、只盤 metadata、不保存 token value、不做同步或主控切換 |
|
||||
|
||||
@@ -31,6 +32,8 @@ S4.5 已補 `gitea_authenticated_inventory_export_request_v1`,把 read-only to
|
||||
|
||||
S4.6 已補 `gitea_authenticated_inventory_import_acceptance_v1`,把 owner / 管理者提供脫敏 payload 後的 schema 檢查、敏感值拒收、coverage gap 驗收與 mirror quarantine lane 正式文件化。payload 驗收通過仍不等於 GitHub primary cutover 被批准。
|
||||
|
||||
S4.7 已補 `gitea_inventory_coverage_attestation_v1`,把 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition 的 owner decision 正式文件化。attestation 只做 scope 判定,不等於 repo migration 或 primary cutover approval。
|
||||
|
||||
## 1. 申請批准的動作
|
||||
|
||||
| 動作 | 風險 | 批准後允許 | 仍然禁止 |
|
||||
@@ -83,6 +86,7 @@ python3 scripts/security/gitea-repo-inventory.py \
|
||||
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` 已通過 |
|
||||
| Coverage gap | public-only 2 repos 與 local Gitea 4 repos 的差異已解釋 |
|
||||
| Import acceptance | S4.6 驗收檢查通過;敏感 payload 必須進隔離 |
|
||||
| Owner attestation | S4.7 五個 coverage items 已有 owner scope decision |
|
||||
| 後續動作 | 只更新 matrix / decision table,不同步 refs |
|
||||
|
||||
## 5. 批准前不得做
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
| 阻塞原因 | 未提供 token,結果只代表公開可見 repo;private/internal repos 仍需只讀 token 或管理匯出 |
|
||||
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
|
||||
## Repo 清單
|
||||
|
||||
@@ -28,3 +29,5 @@
|
||||
S4.5 已將 authenticated inventory / redacted admin export 的欄位、拒收規則與 coverage gap 驗收文件化;本 snapshot 仍是 `partial`,不得視為 server-side 全量。
|
||||
|
||||
S4.6 已將後續脫敏 payload 的驗收、拒收與隔離規則文件化;目前尚未收到 payload,`gitea_repo_inventory_v1.status` 仍不得標記為 `ok`。
|
||||
|
||||
S4.7 已將 owner coverage attestation 文件化;目前尚未收到 owner attestation,public-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent source 的 scope 仍不得視為已完成。
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-12 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 第一版,read-only / export-only |
|
||||
| 工具 | `scripts/security/gitea-repo-inventory.py` |
|
||||
| 事件 | `gitea_repo_inventory_v1` |
|
||||
@@ -10,6 +10,7 @@
|
||||
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
|
||||
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
|
||||
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo |
|
||||
|
||||
## 0. 核心結論
|
||||
@@ -33,6 +34,8 @@ S4.5 已補 `gitea_authenticated_inventory_export_request_v1`:正式要求 aut
|
||||
|
||||
S4.6 已補 `gitea_authenticated_inventory_import_acceptance_v1`:收到 owner / 管理者提供的脫敏 payload 後,必須先依 S4.6 檢查 schema、URL 脫敏、coverage gap、redaction attestation 與敏感值隔離。此驗收仍不授權 repo 建立、refs sync 或 GitHub primary cutover。
|
||||
|
||||
S4.7 已補 `gitea_inventory_coverage_attestation_v1`:owner 必須先對 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition 作 scope decision。此 attestation 仍不授權 token 收集、repo 寫入、refs sync 或 primary cutover。
|
||||
|
||||
## 1. Public-only 快照指令
|
||||
|
||||
```bash
|
||||
@@ -142,4 +145,4 @@ python3 scripts/security/gitea-repo-inventory.py \
|
||||
4. 每個 repo 建立 mirror / archive / keep-local 判定。
|
||||
5. 產出 GitHub primary ADR 與 rollback plan。
|
||||
|
||||
S4.6 驗收通過只代表「脫敏清冊 payload 可以變成 evidence」;任何 GitHub repo 建立、visibility 修改、refs sync、primary cutover 或 Gitea 停用仍需後續人工批准與 runtime gate。
|
||||
S4.6 驗收通過只代表「脫敏清冊 payload 可以變成 evidence」;S4.7 owner attestation 通過只代表「coverage gap 有 scope decision」。任何 GitHub repo 建立、visibility 修改、refs sync、primary cutover 或 Gitea 停用仍需後續人工批准與 runtime gate。
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案 |
|
||||
| Schema | `docs/schemas/security_mirror_readiness_v1.schema.json` |
|
||||
| Snapshot | `docs/security/security-mirror-readiness.snapshot.json` |
|
||||
@@ -35,7 +35,7 @@
|
||||
| Contract | 狀態 | 原因 | 下一步 |
|
||||
|----------|------|------|--------|
|
||||
| `security_finding_v1` | `partial_ready` | 目前只有 Kali sample snapshot,runtime ingestion 尚未啟用 | 先 review `kali-finding-runtime-ingestion-approval-20260513` |
|
||||
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidence;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約;未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個 | 依 S4.5 請求取得脫敏清冊後,先用 S4.6 驗收 / 拒收 / 隔離;不保存 token value |
|
||||
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidence;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation;未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個 | 先取得 S4.7 owner scope decision,再依 S4.5 請求取得脫敏清冊並用 S4.6 驗收 / 拒收 / 隔離;不保存 token value |
|
||||
| `coding_task_v1` | `contract_only` | 已有 schema 與 handoff prompt,尚無正式 coding task snapshot | 等 code review 產生實際 task 後再 mirror |
|
||||
|
||||
## 2. AwoooP 鏡像目的地
|
||||
@@ -82,7 +82,7 @@ AwoooP 可以將 ready / partial contracts mirror 到:
|
||||
14. 再 mirror `security_followup_runtime_gate_v1`,只顯示 runtime gate 準備模板、preflight checks 與 rollback / disable requirement。
|
||||
15. 再 mirror `source_control_primary_readiness_gate_v1`,只顯示 GitHub primary parity、owner、rollback 與人工批准缺口。
|
||||
16. 再 mirror `source_control_primary_rollback_adr_v1`,只顯示 7 個 in-scope repo 的 rollback ADR 草案、validation window 與 owner review;不執行 rollback、不切 primary。
|
||||
17. 再 mirror `gitea_repo_inventory_v1`、S4.5 認證清冊匯出請求與 S4.6 匯入驗收契約,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則;不保存 token value、不寫 Gitea、不 sync refs。
|
||||
17. 再 mirror `gitea_repo_inventory_v1`、S4.5 認證清冊匯出請求、S4.6 匯入驗收契約與 S4.7 owner coverage attestation,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則與 5 個 owner scope decision items;不保存 token value、不寫 Gitea、不 sync refs。
|
||||
18. 再 mirror `source_control_workflow_secret_name_inventory_v1`、S4.2 local evidence 與 S4.3 redacted export request,只顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 local evidence 有 4 個 repos、31 個 workflow files、43 個 referenced secret names,export request 有 7 個 repos、5 類 lanes,不保存 secret value。
|
||||
19. 再 mirror `kali_integration_status_v1` 與 `kali_scan_scope_approval_v1`。
|
||||
20. 最後再 mirror source-control 其他 contracts。
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案 |
|
||||
| Schema | `docs/schemas/security_mirror_status_rollup_v1.schema.json` |
|
||||
| Snapshot | `docs/security/security-mirror-status-rollup.snapshot.json` |
|
||||
@@ -29,7 +29,7 @@
|
||||
| Follow-up runtime gate templates | S3.4 已建立;8 個 templates、0 個 active runtime gates |
|
||||
| GitHub primary readiness gate | S4.0 已建立;8 個 candidate repos、7 個 in-scope blocked、0 個 primary ready |
|
||||
| GitHub primary rollback ADR | S4.4 已建立;7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed、0 個 active cutover |
|
||||
| Gitea inventory | S4.5 已補認證清冊匯出請求;S4.6 已補匯入驗收契約;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
|
||||
| Gitea inventory | S4.5 已補認證清冊匯出請求;S4.6 已補匯入驗收契約;S4.7 已補 owner coverage attestation;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
|
||||
| Workflow / secret name inventory | S4.1 已建立;S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidence;S4.3 補 7 個 repos、5 類 lanes 的 redacted export request;0 個 inventory complete、禁止收集 secret value、禁止 write token |
|
||||
| Dry-run | `contract_defined_not_executed` |
|
||||
| Runtime actions | `false` |
|
||||
@@ -59,7 +59,7 @@
|
||||
|
||||
1. redacted finding ingestion adapter。
|
||||
2. safe web crawl scope。
|
||||
3. Gitea private/internal read-only inventory:依 S4.5 認證匯出請求補全量清冊;收到脫敏 payload 後先依 S4.6 驗收 / 拒收 / 隔離;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個,不保存 token value。
|
||||
3. Gitea private/internal read-only inventory:先依 S4.7 取得 owner coverage attestation,再依 S4.5 認證匯出請求補全量清冊;收到脫敏 payload 後先依 S4.6 驗收 / 拒收 / 隔離;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個,不保存 token value。
|
||||
4. GitHub target / owner / visibility / canonical。
|
||||
5. Kali `/execute` 維持 block candidate。
|
||||
6. GitHub primary readiness blockers 與 rollback ADR 缺口。
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案 |
|
||||
| JSON snapshot | `docs/security/security-supply-chain-contract-manifest.snapshot.json` |
|
||||
| Schema | `docs/schemas/security_supply_chain_contract_manifest_v1.schema.json` |
|
||||
@@ -39,7 +39,7 @@
|
||||
| `security_mirror_status_rollup_v1` | mirror-only | AwoooP / Security Supply Chain 跨 Session 狀態總覽 | `security-mirror-status-rollup.snapshot.json` |
|
||||
| `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot |
|
||||
| `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi`、`clawbot-v5`、`wooo-aiops` |
|
||||
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約 | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance snapshots |
|
||||
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance / S4.7 coverage attestation snapshots |
|
||||
| `local_git_remote_inventory_v1` | mirror-only | 本機 remote coverage | `local-git-remote-inventory.snapshot.json` |
|
||||
| `github_target_probe_v1` | mirror-only | GitHub target visibility | `github-target-probe.snapshot.json` |
|
||||
| `github_target_decision_v1` | mirror-only | GitHub target 決策 | `github-target-decision.snapshot.json` |
|
||||
@@ -60,7 +60,7 @@
|
||||
1. 先讀 `security_rollout_policy_v1`,確認目前仍是 `mirror_only`。
|
||||
2. 再讀本 manifest,取得可消費 contract 與禁止動作。
|
||||
3. 將 snapshot mirror 成 Runtime State / Channel Event / Audit evidence。
|
||||
4. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display;`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求、S4.6 匯入驗收契約與覆蓋缺口,不得觸發 token collection 或 Gitea write。
|
||||
4. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display;`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation request 與覆蓋缺口,不得觸發 token collection 或 Gitea write。
|
||||
5. 不新增執行按鈕,不做 runtime enforcement。
|
||||
|
||||
## 3. 永久禁止
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | S0/S1 read-only evidence 建置中 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
|
||||
## 0. 本階段完成後整體進度
|
||||
@@ -45,6 +45,7 @@
|
||||
| S4.4 GitHub Primary rollback ADR | 完成草案 | 已建立 rollback ADR schema / snapshot / 人讀版;7 個 in-scope rollback drafts、0 owner approved、0 dry-run completed、0 active cutover | repo owner 審查 rollback owner、validation window 與 triggers;仍不可切 primary 或執行 rollback |
|
||||
| S4.5 Gitea 認證清冊匯出請求 | 完成草案 | 已建立匯出請求 schema / snapshot / 人讀版;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;允許收集 token value=false | repo owner 依只讀 token API 或已脫敏管理匯出補私有 / 內部全量 repo list;仍不可保存 token、不可 write Gitea、不可 refs sync |
|
||||
| S4.6 Gitea 認證清冊匯入驗收契約 | 完成草案 | 已建立匯入驗收 schema / snapshot / 人讀版;目前 received payload 0、accepted 0、rejected 0;定義 10 個驗收檢查、10 個拒收規則與 4 個 quarantine lanes | owner 提供脫敏 payload 後先驗收 / 拒收 / 隔離;仍不可把驗收當 primary approval |
|
||||
| S4.7 Gitea 清冊覆蓋 Owner Attestation | 完成草案 | 已建立 coverage attestation schema / snapshot / 人讀版;5 個 owner decision items、received attestation 0、accepted 0、execution authorized=false | owner 判定 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition;仍不可把 attestation 當 migration approval |
|
||||
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證,rollback ADR 仍待 owner approval | SHA/tag/workflow parity、rollback ADR owner approval 與 runtime gate |
|
||||
|
||||
## 1. 已建立的主要 evidence
|
||||
@@ -61,6 +62,8 @@
|
||||
| Gitea 認證清冊匯出請求 JSON | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
|
||||
| Gitea 認證清冊匯入驗收契約 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
|
||||
| Gitea 認證清冊匯入驗收契約 JSON | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` |
|
||||
| Gitea 清冊覆蓋 owner attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
|
||||
| Gitea 清冊覆蓋 owner attestation JSON | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` |
|
||||
| Gitea 管理匯出 redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
|
||||
| Gitea org endpoint blocked evidence | `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
|
||||
| Source-control migration matrix | `docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md` |
|
||||
@@ -146,11 +149,11 @@
|
||||
|
||||
## 3. 下一階段建議
|
||||
|
||||
1. 依 S4.5 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` 取得 Gitea 認證清冊;收到 payload 後依 S4.6 `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` 驗收 / 拒收 / 隔離。目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list,不保存 token value。
|
||||
1. 先依 S4.7 `GITEA-INVENTORY-COVERAGE-ATTESTATION.md` 取得 owner coverage attestation,再依 S4.5 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` 取得 Gitea 認證清冊;收到 payload 後依 S4.6 `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` 驗收 / 拒收 / 隔離。目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list,不保存 token value。
|
||||
2. 依 `SOURCE-CONTROL-APPROVAL-BOARD.md` 對 7 個 `approval_required=true` 的 GitHub target 做 owner / visibility / canonical 決策。
|
||||
3. 依 `SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md` 對 `awoooi`、`clawbot-v5`、`wooo-aiops` 做單 repo / 單 ref owner 判定;仍不得 push refs。
|
||||
4. 對 `ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
|
||||
5. 依 `KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`。
|
||||
6. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1`、`security_mirror_status_rollup_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求與 S4.6 匯入驗收契約,workflow / secret inventory 需同時顯示 S4.3 redacted export request,primary readiness 需同時顯示 S4.4 rollback ADR 草案。
|
||||
6. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_quarantine_v1`、`security_mirror_dry_run_v1`、`security_mirror_status_rollup_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1` 與 `source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求、S4.6 匯入驗收契約與 S4.7 owner coverage attestation,workflow / secret inventory 需同時顯示 S4.3 redacted export request,primary readiness 需同時顯示 S4.4 rollback ADR 草案。
|
||||
7. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy,不做 runtime blocking。
|
||||
8. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1`、`source_control_workflow_secret_name_inventory_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。
|
||||
8. AwoooP 主線再讀 `security_approval_queue_v1`、`security_approval_gate_v1`、`security_approval_decision_record_v1`、`security_approval_review_packet_v1`、`security_approval_state_transition_v1`、`security_followup_runtime_gate_v1`、`source_control_primary_readiness_gate_v1`、`source_control_primary_rollback_adr_v1`、`source_control_workflow_secret_name_inventory_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason,不新增 execution router。
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | 草案,blocked by default |
|
||||
| Schema | `docs/schemas/source_control_primary_readiness_gate_v1.schema.json` |
|
||||
| Snapshot | `docs/security/source-control-primary-readiness-gate.snapshot.json` |
|
||||
@@ -33,7 +33,7 @@
|
||||
|
||||
| Gate | 目前狀態 | 說明 |
|
||||
|------|----------|------|
|
||||
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成 |
|
||||
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成;S4.7 owner coverage attestation 仍未收到 |
|
||||
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs drift |
|
||||
| workflow / runner / secret name parity | missing evidence | S4.1 已建立 inventory 契約;尚未有實際 redacted workflow、webhook、runner、secret 名稱 snapshot |
|
||||
| owner / visibility / canonical | pending review | 7 個 in-scope targets 仍需人工決策 |
|
||||
@@ -44,7 +44,7 @@
|
||||
1. 顯示每個 repo 的 readiness state、blockers 與 evidence refs。
|
||||
2. 顯示 `primary_ready_count=0`。
|
||||
3. 將 7 個 in-scope repos 維持在 approval / review lane。
|
||||
4. 顯示哪些 evidence 仍缺:Gitea authenticated inventory、refs truth、workflow/runner/secret name inventory、rollback ADR。
|
||||
4. 顯示哪些 evidence 仍缺:Gitea authenticated inventory、S4.7 owner coverage attestation、refs truth、workflow/runner/secret name inventory、rollback ADR。
|
||||
5. 連到 `source_control_workflow_secret_name_inventory_v1` 顯示 8 個 candidate repos 的 inventory lane 缺口與 S4.2 local evidence;只保存 secret 名稱與 owner,不保存 value。
|
||||
6. 連到 `source_control_primary_rollback_adr_v1` 顯示 7 個 in-scope repos 的 rollback owner、trigger 與 validation window 草案。
|
||||
7. 把狀態寫入 Audit evidence 與 Operator Console。
|
||||
@@ -63,6 +63,6 @@
|
||||
|
||||
S4.0 只是把「切換前一定要看見什麼」先定義清楚。
|
||||
|
||||
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。`owner_approved_count=0`、`dry_run_completed_count=0`、`active_cutover_count=0`。
|
||||
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。S4.7 已補上 Gitea coverage owner attestation,但它只是 scope decision request,不是 migration approval。`owner_approved_count=0`、`dry_run_completed_count=0`、`active_cutover_count=0`。
|
||||
|
||||
這讓長期回到 GitHub 的方向可以繼續往前,但仍維持低摩擦:目前只 mirror、只顯示、只留痕,不執行。
|
||||
|
||||
209
docs/security/gitea-inventory-coverage-attestation.snapshot.json
Normal file
209
docs/security/gitea-inventory-coverage-attestation.snapshot.json
Normal file
@@ -0,0 +1,209 @@
|
||||
{
|
||||
"schema_version": "gitea_inventory_coverage_attestation_v1",
|
||||
"status": "draft_waiting_owner_attestation",
|
||||
"date": "2026-05-17",
|
||||
"mode": "coverage_attestation_only",
|
||||
"runtime_execution_authorized": false,
|
||||
"source_contract": "gitea_repo_inventory_v1",
|
||||
"source_request_contracts": [
|
||||
"gitea_authenticated_inventory_export_request_v1",
|
||||
"gitea_authenticated_inventory_import_acceptance_v1"
|
||||
],
|
||||
"source_indexes": [
|
||||
"docs/security/gitea-repo-inventory.snapshot.json",
|
||||
"docs/security/gitea-public-repo-search.snapshot.json",
|
||||
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
|
||||
"docs/security/local-git-remote-inventory.snapshot.json",
|
||||
"docs/security/git-remote-refs-bitan-tsenyang.snapshot.json",
|
||||
"docs/security/git-remote-refs-wooo-infra-config.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json"
|
||||
],
|
||||
"summary": {
|
||||
"owner_attestation_status": "waiting_owner_attestation",
|
||||
"required_attestation_item_count": 5,
|
||||
"received_attestation_count": 0,
|
||||
"accepted_attestation_count": 0,
|
||||
"rejected_attestation_count": 0,
|
||||
"public_only_repo_count": 2,
|
||||
"local_gitea_unique_repo_count": 4,
|
||||
"local_gitea_gap_count": 2,
|
||||
"internal_110_adjacent_source_count": 4,
|
||||
"owner_scope_decision_required": true,
|
||||
"token_value_collection_allowed": false,
|
||||
"repo_write_allowed": false,
|
||||
"refs_sync_allowed": false,
|
||||
"github_primary_switch_authorized": false,
|
||||
"action_buttons_allowed": false
|
||||
},
|
||||
"attestation_items": [
|
||||
{
|
||||
"item_id": "public_only_vs_local_gitea_gap",
|
||||
"title": "public-only 與本機 Gitea remote 覆蓋缺口",
|
||||
"why_required": "public-only API 目前只看到 2 個 repos,但本機 remote evidence 顯示至少 4 個 Gitea unique repos,GitHub primary 前必須由 owner 說明差異。",
|
||||
"current_evidence_gap": "未認證公開範圍看到 `wooo/awoooi`、`wooo/ewoooc`;本機 remote 另看到 `wooo/clawbot-v5`、`wooo/wooo-aiops`。",
|
||||
"requested_owner_decision": "判定 `wooo/clawbot-v5` 與 `wooo/wooo-aiops` 是否仍屬本輪 Gitea inventory / GitHub migration scope,或屬 legacy / archived / external / inaccessible。",
|
||||
"acceptable_decisions": [
|
||||
"in_scope",
|
||||
"out_of_scope",
|
||||
"legacy_archived",
|
||||
"external_system",
|
||||
"inaccessible_requires_followup",
|
||||
"unknown_requires_more_evidence"
|
||||
],
|
||||
"minimum_evidence_refs": [
|
||||
"docs/security/gitea-repo-inventory.snapshot.json",
|
||||
"docs/security/local-git-remote-inventory.snapshot.json"
|
||||
],
|
||||
"received_decision": null,
|
||||
"accepted": false,
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"item_id": "org_user_endpoint_identity",
|
||||
"title": "Gitea `wooo` org/user endpoint 身分確認",
|
||||
"why_required": "`orgs/wooo/repos` 未認證查詢 blocked / 404,不能自動解讀為不存在 private/internal repos。",
|
||||
"current_evidence_gap": "目前 public-only evidence 走 user endpoint;org endpoint 仍需 owner 或管理者說明 `wooo` 是 user、org,或兩者皆需盤。",
|
||||
"requested_owner_decision": "確認 Gitea inventory 的 canonical endpoint 與需要盤點的 owner namespace。",
|
||||
"acceptable_decisions": [
|
||||
"in_scope",
|
||||
"out_of_scope",
|
||||
"inaccessible_requires_followup",
|
||||
"unknown_requires_more_evidence"
|
||||
],
|
||||
"minimum_evidence_refs": [
|
||||
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json"
|
||||
],
|
||||
"received_decision": null,
|
||||
"accepted": false,
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"item_id": "internal_110_adjacent_scope",
|
||||
"title": "110 內部相鄰來源是否納入本輪 scope",
|
||||
"why_required": "本機與 110 adjacent evidence 看到多個非 public-only Gitea list 的來源;若它們屬於產品或部署路徑,必須納入 GitHub primary 前的 owner 判定。",
|
||||
"current_evidence_gap": "目前需 owner 判定 `bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config` 是否屬本輪 Gitea/GitHub migration scope。",
|
||||
"requested_owner_decision": "逐項標示 in-scope、out-of-scope、external_system、legacy_archived 或 inaccessible_requires_followup。",
|
||||
"acceptable_decisions": [
|
||||
"in_scope",
|
||||
"out_of_scope",
|
||||
"legacy_archived",
|
||||
"external_system",
|
||||
"inaccessible_requires_followup",
|
||||
"unknown_requires_more_evidence"
|
||||
],
|
||||
"minimum_evidence_refs": [
|
||||
"docs/security/git-remote-refs-bitan-tsenyang.snapshot.json",
|
||||
"docs/security/git-remote-refs-wooo-infra-config.snapshot.json",
|
||||
"docs/security/local-git-remote-inventory.snapshot.json"
|
||||
],
|
||||
"received_decision": null,
|
||||
"accepted": false,
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"item_id": "repo_owner_canonical_scope",
|
||||
"title": "repo owner / canonical / GitHub target scope",
|
||||
"why_required": "GitHub target、canonical repo 與 repo owner 若未確認,會讓後續 refs truth、workflow-secret parity 與 rollback ADR 無法判斷。",
|
||||
"current_evidence_gap": "部分 repo 仍需確認 owner、visibility、canonical target 與 GitHub target,不得用 public API `not_found_or_private` 自動建立 repo。",
|
||||
"requested_owner_decision": "針對每個 in-scope repo 指定 owner、canonical source、GitHub target candidate 與 visibility 判斷責任人。",
|
||||
"acceptable_decisions": [
|
||||
"in_scope",
|
||||
"out_of_scope",
|
||||
"external_system",
|
||||
"unknown_requires_more_evidence"
|
||||
],
|
||||
"minimum_evidence_refs": [
|
||||
"docs/security/github-target-decision.snapshot.json",
|
||||
"docs/security/source-control-approval-board.snapshot.json",
|
||||
"docs/security/local-repo-canonical-ewoooc-momo.snapshot.json"
|
||||
],
|
||||
"received_decision": null,
|
||||
"accepted": false,
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"item_id": "legacy_or_inaccessible_repo_disposition",
|
||||
"title": "legacy / inaccessible repo 處置",
|
||||
"why_required": "若 repo 已封存、不可讀或屬歷史來源,也必須留下明確處置,避免之後把缺口誤當成已完成 inventory。",
|
||||
"current_evidence_gap": "目前沒有 owner attestation 可說明未出現在 authenticated/admin export payload 的 repo 是否應留待後續、排除、封存或另案處理。",
|
||||
"requested_owner_decision": "提供每個 legacy / inaccessible / external repo 的處置:保留 evidence、另案追蹤、納入後續清冊,或明確排除並附理由。",
|
||||
"acceptable_decisions": [
|
||||
"out_of_scope",
|
||||
"legacy_archived",
|
||||
"external_system",
|
||||
"inaccessible_requires_followup",
|
||||
"unknown_requires_more_evidence"
|
||||
],
|
||||
"minimum_evidence_refs": [
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
|
||||
"docs/security/source-control-primary-readiness-gate.snapshot.json"
|
||||
],
|
||||
"received_decision": null,
|
||||
"accepted": false,
|
||||
"execution_authorized": false
|
||||
}
|
||||
],
|
||||
"decision_values": [
|
||||
{
|
||||
"value": "in_scope",
|
||||
"meaning": "屬本輪 Gitea inventory / GitHub migration scope,後續需補 refs truth、workflow-secret parity、rollback ADR 與人工批准。",
|
||||
"allowed_effect": "可更新 read-only matrix / decision table;不可執行 repo 建立、refs sync 或 primary switch。",
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"value": "out_of_scope",
|
||||
"meaning": "不屬本輪 scope,必須留下 owner 理由與 evidence ref。",
|
||||
"allowed_effect": "可在 matrix 標示 out-of-scope;不可刪除、封存或停用來源 repo。",
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"value": "legacy_archived",
|
||||
"meaning": "屬歷史或封存來源,只保留 evidence 與人工處置紀錄。",
|
||||
"allowed_effect": "可建立 archive review lane;不可執行 archive/delete。",
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"value": "external_system",
|
||||
"meaning": "由外部系統或非本輪 source-control 管線管理。",
|
||||
"allowed_effect": "可標示 external owner;不可在本流程自動遷移。",
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"value": "inaccessible_requires_followup",
|
||||
"meaning": "目前不可讀或缺權限,需要 owner / 管理者補脫敏 evidence。",
|
||||
"allowed_effect": "可建立 request_more_evidence lane;不可假設已完成 inventory。",
|
||||
"execution_authorized": false
|
||||
},
|
||||
{
|
||||
"value": "unknown_requires_more_evidence",
|
||||
"meaning": "目前 evidence 不足以判定 scope。",
|
||||
"allowed_effect": "維持 blocker 與 partial status;不可進 primary readiness。",
|
||||
"execution_authorized": false
|
||||
}
|
||||
],
|
||||
"allowed_outputs": [
|
||||
"更新 owner attestation snapshot 與人讀文件",
|
||||
"更新 source-control migration matrix、decision table、readiness gate 與 status rollup 的 read-only 欄位",
|
||||
"把缺口顯示到 AwoooP approval / review lane",
|
||||
"維持 `gitea_repo_inventory_v1.status=partial`,直到 authenticated/admin export payload 通過 S4.6 且 owner attestation 被接受"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"store_token_value",
|
||||
"request_raw_token_in_chat_or_docs",
|
||||
"use_write_capable_token",
|
||||
"write_to_gitea",
|
||||
"create_gitea_repo",
|
||||
"delete_or_archive_gitea_repo",
|
||||
"create_github_repo",
|
||||
"change_repo_visibility",
|
||||
"sync_git_refs",
|
||||
"delete_git_refs",
|
||||
"force_push",
|
||||
"switch_github_primary",
|
||||
"disable_gitea",
|
||||
"add_action_button",
|
||||
"execute_scan_or_runtime_change"
|
||||
]
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schema_version": "security_mirror_readiness_v1",
|
||||
"status": "draft",
|
||||
"date": "2026-05-13",
|
||||
"date": "2026-05-17",
|
||||
"default_enforcement_level": "mirror_only",
|
||||
"runtime_execution_authorized": false,
|
||||
"summary": {
|
||||
@@ -234,14 +234,16 @@
|
||||
"docs/security/gitea-public-repo-search.snapshot.json",
|
||||
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json"
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
|
||||
"docs/security/gitea-inventory-coverage-attestation.snapshot.json"
|
||||
],
|
||||
"human_docs": [
|
||||
"docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md",
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md",
|
||||
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md"
|
||||
],
|
||||
"notes": "目前仍是 public-only / blocked endpoint evidence;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance;private/internal 全量需 approval 與脫敏 payload 驗收。"
|
||||
"notes": "目前仍是 public-only / blocked endpoint evidence;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request;private/internal 全量需 approval、脫敏 payload 驗收與 owner scope decision。"
|
||||
},
|
||||
{
|
||||
"contract": "local_git_remote_inventory_v1",
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schema_version": "security_mirror_status_rollup_v1",
|
||||
"status": "draft",
|
||||
"date": "2026-05-13",
|
||||
"date": "2026-05-17",
|
||||
"mode": "mirror_only",
|
||||
"rollup_status": "framework_ready_waiting_approval",
|
||||
"runtime_execution_authorized": false,
|
||||
@@ -21,6 +21,7 @@
|
||||
"docs/security/security-followup-runtime-gate.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
|
||||
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
|
||||
"docs/security/source-control-primary-readiness-gate.snapshot.json",
|
||||
"docs/security/source-control-primary-rollback-adr.snapshot.json",
|
||||
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
|
||||
@@ -48,6 +49,10 @@
|
||||
"gitea_inventory_import_acceptance_payload_count": 0,
|
||||
"gitea_inventory_import_acceptance_quarantine_required": true,
|
||||
"gitea_inventory_import_acceptance_execution_authorized": false,
|
||||
"gitea_inventory_coverage_attestation_status": "draft_waiting_owner_attestation",
|
||||
"gitea_inventory_coverage_attestation_required_count": 5,
|
||||
"gitea_inventory_coverage_attestation_received_count": 0,
|
||||
"gitea_inventory_coverage_attestation_execution_authorized": false,
|
||||
"primary_readiness_candidate_repo_count": 8,
|
||||
"github_primary_ready_count": 0,
|
||||
"primary_rollback_adr_repo_plan_count": 7,
|
||||
@@ -80,8 +85,8 @@
|
||||
{
|
||||
"phase_id": "S1_readonly_inventory",
|
||||
"state": "in_progress",
|
||||
"current_result": "已完成多項 read-only evidence;S4.5 已補 Gitea authenticated/admin export request,S4.6 已補 redacted import acceptance,但 private/internal 全量 repo list 仍需批准後補齊。",
|
||||
"next_gate": "只讀 token 或 redacted admin export owner approval;收到 payload 後先依 S4.6 驗收與隔離規則檢查,仍不得保存 token value。"
|
||||
"current_result": "已完成多項 read-only evidence;S4.5 已補 Gitea authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request,但 private/internal 全量 repo list 仍需批准後補齊。",
|
||||
"next_gate": "先取得 owner scope decision / coverage attestation,再等待只讀 token 或 redacted admin export owner approval;收到 payload 後先依 S4.6 驗收與隔離規則檢查,仍不得保存 token value。"
|
||||
},
|
||||
{
|
||||
"phase_id": "S2_mirror_only_consumption",
|
||||
@@ -98,8 +103,8 @@
|
||||
{
|
||||
"phase_id": "S4_migration_execution",
|
||||
"state": "not_started",
|
||||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance,但 inventory status 仍 partial。",
|
||||
"next_gate": "Gitea authenticated inventory payload 通過 S4.6 驗收、refs truth、webhook / runner / deploy key / branch protection / repository secret parity redacted evidence、rollback ADR owner approval 與逐 repo 人工批准。"
|
||||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance;S4.7 已補 owner coverage attestation request,但 inventory status 仍 partial。",
|
||||
"next_gate": "Gitea coverage attestation 被 owner 接受、authenticated inventory payload 通過 S4.6 驗收、refs truth、webhook / runner / deploy key / branch protection / repository secret parity redacted evidence、rollback ADR owner approval 與逐 repo 人工批准。"
|
||||
}
|
||||
],
|
||||
"next_safe_actions": [
|
||||
@@ -190,7 +195,8 @@
|
||||
"mode": "approval_required",
|
||||
"source_contract": "gitea_repo_inventory_v1",
|
||||
"allowed_processing": [
|
||||
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance 與 coverage gap",
|
||||
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation request 與 coverage gap",
|
||||
"顯示 5 個 owner attestation items、received_attestation_count=0 與 accepted_attestation_count=0",
|
||||
"使用 read-only token 或 redacted admin export 補齊 repo list",
|
||||
"收到 payload 後只做 schema / redaction / coverage gap 驗收與隔離",
|
||||
"只保存 token_present=true/false",
|
||||
@@ -199,6 +205,7 @@
|
||||
"blocked_processing": [
|
||||
"保存 token value",
|
||||
"使用 write-capable token",
|
||||
"把 S4.7 owner attestation request 當成 repo migration approval",
|
||||
"把 S4.6 payload 驗收當成 primary approval",
|
||||
"建立 GitHub repo 或 sync refs"
|
||||
]
|
||||
|
||||
@@ -379,19 +379,27 @@
|
||||
"docs/security/gitea-public-repo-search.snapshot.json",
|
||||
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json"
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
|
||||
"docs/security/gitea-inventory-coverage-attestation.snapshot.json"
|
||||
],
|
||||
"human_docs": [
|
||||
"docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md",
|
||||
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
|
||||
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md",
|
||||
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md"
|
||||
],
|
||||
"consumer": "AwoooP migration matrix evidence",
|
||||
"consumption_mode": "mirror_only",
|
||||
"allowed_actions": ["mirror_public_only_inventory", "create_readonly_inventory_approval_candidate", "display_authenticated_inventory_export_request", "display_redacted_inventory_import_acceptance"],
|
||||
"allowed_actions": [
|
||||
"mirror_public_only_inventory",
|
||||
"create_readonly_inventory_approval_candidate",
|
||||
"display_authenticated_inventory_export_request",
|
||||
"display_redacted_inventory_import_acceptance",
|
||||
"display_coverage_attestation_request"
|
||||
],
|
||||
"forbidden_actions": ["store_token_value", "write_to_gitea", "delete_or_archive_repo"],
|
||||
"notes": "目前是 partial/public_only;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance;private/internal 全量仍需批准後補齊。"
|
||||
"notes": "目前是 partial/public_only;S4.5 已補 authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request;private/internal 全量仍需批准後補齊。"
|
||||
},
|
||||
{
|
||||
"contract": "local_git_remote_inventory_v1",
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schema_version": "source_control_primary_readiness_gate_v1",
|
||||
"status": "draft_blocked",
|
||||
"date": "2026-05-13",
|
||||
"date": "2026-05-17",
|
||||
"mode": "primary_readiness_gate_only",
|
||||
"runtime_execution_authorized": false,
|
||||
"source_indexes": [
|
||||
@@ -15,6 +15,7 @@
|
||||
"docs/security/gitea-repo-inventory.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
|
||||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
|
||||
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
|
||||
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
|
||||
"docs/security/security-followup-runtime-gate.snapshot.json"
|
||||
],
|
||||
@@ -44,6 +45,7 @@
|
||||
"目前只有 public-only / blocked endpoint evidence",
|
||||
"S4.5 已建立 authenticated/admin export request,但尚未取得 `gitea_repo_inventory_v1.status=ok` evidence",
|
||||
"S4.6 已建立 redacted import acceptance,但目前 received_payload_count=0、accepted_payload_count=0",
|
||||
"S4.7 已建立 owner coverage attestation request,但目前 received_attestation_count=0、accepted_attestation_count=0",
|
||||
"public-only API 只看到 2 個 repos,本機 remote inventory 看到 4 個 unique Gitea repos,gap 仍待 owner 解釋",
|
||||
"GITEA_READONLY_TOKEN 未提供",
|
||||
"不得使用 write-capable credential 當 read-only token"
|
||||
@@ -52,6 +54,7 @@
|
||||
"顯示 blocked reason",
|
||||
"mirror S4.5 authenticated inventory export request",
|
||||
"mirror S4.6 redacted inventory import acceptance",
|
||||
"mirror S4.7 owner coverage attestation request",
|
||||
"等待 read-only token 或 redacted admin export",
|
||||
"更新 approval board 與 decision table"
|
||||
],
|
||||
|
||||
Reference in New Issue
Block a user