docs(security): add gitea coverage attestation gate [skip ci]

This commit is contained in:
Your Name
2026-05-17 20:46:27 +08:00
parent 9b2b54acb3
commit 679c3bfb88
22 changed files with 643 additions and 45 deletions

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 初版,供 AwoooP Session 只讀消費 |
| 範圍 | Kali / Code Review / Codex / Gitea / GitHub 資安供應鏈事件 |
| 低摩擦 policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` |
@@ -44,7 +44,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| `security_mirror_status_rollup_v1` | AwoooP 鏡像狀態彙整契約 | Operator Console、Runtime State、Audit | mirror-only | 只顯示階段狀態、下一個 gate 與禁止事項;不得視為 runtime authorization |
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export requestS4.6 redacted import acceptance不保存 token value、不刪除或停用 Gitea repo |
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 顯示 public-only evidence、S4.5 authenticated/admin export requestS4.6 redacted import acceptance 與 S4.7 owner coverage attestation;不保存 token value、不刪除或停用 Gitea repo |
| `local_git_remote_inventory_v1` | 本機可見 Git working tree remote | Source-control coverage evidence、migration matrix | mirror-only | 不視為 Gitea server 全量、不修改 remote |
| `github_target_probe_v1` | 候選 GitHub repo read-only probe | Migration target evidence | mirror-only | `not_found_or_private` 不等同確認不存在 |
| `github_target_decision_v1` | GitHub target 建立與可見性決策草案 | Approval candidate、Migration target evidence | mirror-only | approval 前不得建立 repo、修改 visibility、同步 refs |
@@ -116,7 +116,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason不允許切 primary |
| `source_control_migration_event_v1.status=verified` | `approve_required` | 仍需人工批准主控切換 |
| `gitea_repo_inventory_v1.status=blocked` | `observe` | 補只讀 token 或管理匯出,不做同步 |
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence顯示 S4.5 export request、S4.6 import acceptance 與 coverage gap不做同步 |
| `gitea_repo_inventory_v1.status=partial` | `observe` | 視為 public-only evidence顯示 S4.5 export request、S4.6 import acceptance、S4.7 owner attestation request 與 coverage gap不做同步 |
| `gitea_repo_inventory_v1.status=ok` | `warn` | 進入 repo mapping / branch tag diff |
| `approval_required_event_v1.requested_action=run_gitea_readonly_inventory` | `approve_required` | 只允許 read-only token 或 redacted admin export不保存 token value |
| `local_git_remote_inventory_v1.status=partial` | `observe` | 補 server-side inventory不做主控切換 |
@@ -156,6 +156,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
| Gitea repo inventory 人讀版 | `docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md` |
| Gitea authenticated inventory export request | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| Gitea authenticated inventory import acceptance | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` / `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| Gitea inventory coverage owner attestation | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` / `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| Gitea org endpoint blocked snapshot | `docs/security/gitea-org-repo-inventory-blocked.snapshot.json` / `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
| Gitea server-side inventory runbook | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
| Gitea read-only inventory approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |

View File

@@ -327,7 +327,7 @@ Schema`docs/schemas/security_mirror_status_rollup_v1.schema.json`
Snapshot`docs/security/security-mirror-status-rollup.snapshot.json`
目前 rollup`framework_ready_waiting_approval`35 個 contracts、32 ready、2 partial、1 contract-only、0 blockedapproval queue 仍為 8 items其中 7 pending approval、1 block candidatereview packets 8 筆state transition rules 5 筆follow-up runtime gate templates 8 筆active runtime gates 0 筆GitHub primary candidate repos 8 筆primary ready 0 筆S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆Gitea inventory 目前 `partial_waiting_authenticated_inventory`public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、quarantine required=true、token value collection allowed=falseworkflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆decision records 目前 0 筆。
目前 rollup`framework_ready_waiting_approval`35 個 contracts、32 ready、2 partial、1 contract-only、0 blockedapproval queue 仍為 8 items其中 7 pending approval、1 block candidatereview packets 8 筆state transition rules 5 筆follow-up runtime gate templates 8 筆active runtime gates 0 筆GitHub primary candidate repos 8 筆primary ready 0 筆S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆Gitea inventory 目前 `partial_waiting_authenticated_inventory`public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、quarantine required=true、token value collection allowed=falseworkflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆decision records 目前 0 筆。
AwoooP 初期處理方式:只顯示階段狀態、下一個 gate 與禁止事項,可寫入 Audit evidence不得把 rollup 當 runtime authorization。
@@ -479,6 +479,8 @@ S4.5 支援性請求:已新增 `docs/schemas/gitea_authenticated_inventory_exp
S4.6 支援性驗收:已新增 `docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json``docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json``docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md`。此驗收仍不新增第 36 個主 contract只定義 owner / 管理者提供脫敏 payload 後的 schema、redaction、coverage gap、quarantine 與 allowed output目前 `received_payload_count=0``accepted_payload_count=0``runtime_execution_authorized=false`,不得把驗收格式視為 inventory 已完成或 primary cutover approval。
S4.7 支援性 owner attestation已新增 `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json``docs/security/gitea-inventory-coverage-attestation.snapshot.json``docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md`。此 attestation 仍不新增第 36 個主 contract只定義 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition 的 owner decision目前 `required_attestation_item_count=5``received_attestation_count=0``accepted_attestation_count=0``runtime_execution_authorized=false`,不得把 attestation request 視為 repo migration approval。
### `local_git_remote_inventory_v1`
用途:在 Gitea API 受阻時,盤點本機可見 Git working tree 的 remote URL找出仍指向 Gitea、GitHub、110 內部 Git 或 GitLab 類 remote 的專案。
@@ -819,6 +821,8 @@ Console 初期不提供高風險執行按鈕。
2026-05-13 S4.6 Gitea 認證清冊匯入驗收追加:已新增 `docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json``docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json``docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md`。本輪只定義 owner / 管理者提供脫敏 payload 後的驗收、拒收與隔離規則;目前收到 payload 0 筆、接受 0 筆、拒收 0 筆;不得保存 token value、不得匯入 DB dump 或 git object、不得寫 Gitea、不得 sync refs、不得切 GitHub primary。
2026-05-17 S4.7 Gitea 清冊覆蓋 owner attestation 追加:已新增 `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json``docs/security/gitea-inventory-coverage-attestation.snapshot.json``docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md`。本輪只定義 5 個 owner scope decision itemspublic-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition目前收到 attestation 0 筆、接受 0 筆;不得保存 token value、不得寫 Gitea、不得建立 GitHub repo、不得 sync refs、不得切 GitHub primary。
2026-05-13 Kali 112 live 整合狀態追加:已在授權下登入 `192.168.0.112` 做 read-only 盤點與低風險更新,並新增 `docs/schemas/kali_integration_status_v1.schema.json``docs/security/kali-integration-status.snapshot.json``docs/security/KALI-INTEGRATION-STATUS.md`。Kali Scanner API `/health` healthy、`kali-scanner.service` active/enabled、node-exporter 與 wg-easy container up已 targeted update `nmap``nikto``nuclei``curl``openssl`、CA 套件,安裝 `jq`,時區改為 `Asia/Taipei`,更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence但不得直接啟動 scan、credentialed scan 或 `/execute`
本波仍不做:
@@ -855,6 +859,8 @@ Console 初期不提供高風險執行按鈕。
- [gitea_authenticated_inventory_export_request_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-authenticated-inventory-export-request.snapshot.json)
- [Gitea 認證清冊匯入驗收契約](/Users/ogt/awoooi/docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md)
- [gitea_authenticated_inventory_import_acceptance_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json)
- [Gitea 清冊覆蓋 owner attestation](/Users/ogt/awoooi/docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md)
- [gitea_inventory_coverage_attestation_v1 snapshot](/Users/ogt/awoooi/docs/security/gitea-inventory-coverage-attestation.snapshot.json)
- [Gitea admin export redaction checklist](/Users/ogt/awoooi/docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md)
- [Gitea public repo search snapshot](/Users/ogt/awoooi/docs/security/GITEA-PUBLIC-REPO-SEARCH-SNAPSHOT.md)
- [gitea public repo search JSON](/Users/ogt/awoooi/docs/security/gitea-public-repo-search.snapshot.json)
@@ -912,6 +918,7 @@ Console 初期不提供高風險執行按鈕。
- [gitea_repo_inventory_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_repo_inventory_v1.schema.json)
- [gitea_authenticated_inventory_export_request_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json)
- [gitea_authenticated_inventory_import_acceptance_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json)
- [gitea_inventory_coverage_attestation_v1 schema](/Users/ogt/awoooi/docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json)
- [local_git_remote_inventory_v1 schema](/Users/ogt/awoooi/docs/schemas/local_git_remote_inventory_v1.schema.json)
- [github_target_probe_v1 schema](/Users/ogt/awoooi/docs/schemas/github_target_probe_v1.schema.json)
- [github_target_decision_v1 schema](/Users/ogt/awoooi/docs/schemas/github_target_decision_v1.schema.json)

View File

@@ -2,12 +2,13 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-12 |
| 日期 | 2026-05-17 |
| 狀態 | 第一版,給 `gitea_repo_inventory_v1` 管理匯入使用 |
| 搭配文件 | `docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md` |
| Approval | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
## 0. 允許保留的欄位
@@ -65,6 +66,7 @@
| repo 欄位完整 | 檢查 `full_name``owner.login + name` | 每個 repo 可識別 |
| visibility 可判斷 | 檢查 `private` | 每個 repo 有布林值 |
| S4.6 驗收 | 依 `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` 檢查 payload | 不完整或含敏感值時必須拒收或隔離 |
| S4.7 owner attestation | 依 `GITEA-INVENTORY-COVERAGE-ATTESTATION.md` 補 scope decision | public-only / local remote gap、org/user endpoint、110 adjacent source 都有 owner 判定 |
## 4. 匯入指令
@@ -87,3 +89,4 @@ python3 scripts/security/gitea-repo-inventory.py \
5. 下一步仍只更新 migration matrix不同步 refs、不建 repo、不切 primary。
6. 必須能解釋 public-only API 看到 2 個 repos、本機 Gitea remote 看到 4 個 unique Gitea repos 的 coverage gap。
7. 必須通過 S4.6 import acceptancepayload 驗收通過仍不代表 GitHub primary 已批准。
8. 必須補 S4.7 owner coverage attestationattestation 只更新 evidence / matrix / gate不執行 repo 遷移。

View File

@@ -2,11 +2,12 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 草案,等待 owner 匯出 / 只讀批准 |
| 資料契約 | `docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json` |
| 快照 | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
| 後續驗收 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| 覆蓋 Attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| 來源契約 | `gitea_repo_inventory_v1` |
| 模式 | `redacted_export_request_only` |
| 執行面授權 | `false` |
@@ -21,6 +22,8 @@ S4.5 把 Gitea 私有 / 內部全量 repo 清冊的下一步匯出請求正式
S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload也必須先通過 schema、脫敏、coverage gap 與隔離規則,才能成為 `gitea_repo_inventory_v1.status=ok` 的候選 evidence。
S4.7 已補 owner coverage attestation在補全量清冊前owner 仍需判定 public-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent sources 的 scope。S4.7 不授權 token 收集、repo 寫入、refs sync 或 primary cutover。
## 1. 摘要
| 指標 | 數量 |
@@ -37,6 +40,7 @@ S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload
| 允許 repo 寫入 | `false` |
| 允許 refs sync | `false` |
| 授權切換 GitHub primary | `false` |
| S4.7 owner attestation items | 5 |
## 2. 匯出來源選項
@@ -98,4 +102,4 @@ S4.6 已補後續的匯入驗收契約:即使 owner 或管理者提供 payload
S4.5 只是把 Gitea 認證清冊的下一步請求、欄位、拒收規則與驗收 gate 定清楚。
這補的是「完整轉移 Gitea 目前所有專案版本到 GitHub」前的第一個資料缺口;仍然停在框架期,不進入執行、同步或主控切換。
S4.7 會在此基礎上要求 owner 說明 coverage gap 與 scope decision。這補的是「完整轉移 Gitea 目前所有專案版本到 GitHub」前的資料缺口仍然停在框架期不進入執行、同步或主控切換。

View File

@@ -2,12 +2,13 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 草案,等待脫敏清冊 payload |
| 資料契約 | `docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json` |
| 快照 | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` |
| 來源契約 | `gitea_repo_inventory_v1` |
| 上游請求 | `gitea_authenticated_inventory_export_request_v1` |
| 覆蓋 Attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| 模式 | `redacted_payload_acceptance_only` |
| 執行面授權 | `false` |
@@ -17,6 +18,8 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
這不是實際匯入,也不是宣告 Gitea inventory 完成。它只把未來可接受的 payload 形狀、必要欄位、拒收規則、隔離 lane 與允許輸出先固定下來,避免 owner 提供資料時把 token、DB dump、git object 或 repo 操作要求混進來。
S4.7 已補 owner coverage attestation即使 payload 通過 S4.6,也仍需 owner 對 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition 作 scope decision才可把 blocker 往 primary readiness 下一關推進。
## 1. 驗收摘要
| 指標 | 值 |
@@ -37,6 +40,7 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
| 允許 DB dump / git object | `false` |
| 允許 repo write / refs sync | `false` |
| 授權切換 GitHub primary | `false` |
| S4.7 owner attestation items | 5 |
## 2. 可接受 Payload 形狀
@@ -117,4 +121,4 @@ S4.6 定義「收到 owner 或 Gitea 管理者提供的脫敏清冊後,怎麼
S4.6 補的是 S4.5 後面的「安全收件規格」。它讓下一個 owner export / admin export 有清楚門檻,但仍然停在框架期。
真正讓 `gitea_repo_inventory_v1.status=ok`,必須等到脫敏 payload 實際產生、通過驗收、經人工 review 後,再另行提交 snapshot。此文件本身不代表 inventory 已完成。
真正讓 `gitea_repo_inventory_v1.status=ok`,必須等到脫敏 payload 實際產生、通過驗收、經人工 review,並完成 S4.7 owner coverage attestation 後,再另行提交 snapshot。此文件本身不代表 inventory 已完成。

View File

@@ -0,0 +1,83 @@
# Gitea 清冊覆蓋 Owner Attestation
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-17 |
| 狀態 | 草案,等待 owner attestation |
| 資料契約 | `docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json` |
| 快照 | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` |
| 來源契約 | `gitea_repo_inventory_v1` |
| 上游請求 | `gitea_authenticated_inventory_export_request_v1` / `gitea_authenticated_inventory_import_acceptance_v1` |
| 模式 | `coverage_attestation_only` |
| 執行面授權 | `false` |
## 0. 核心結論
S4.7 補的是「owner 怎麼說明 Gitea 清冊覆蓋缺口」。
目前 `gitea_repo_inventory_v1` 仍是 public-only / partial未認證公開範圍只看到 2 個 repos本機 remote evidence 看到 4 個 Gitea unique repos另有 4 個 110 internal adjacent sources 需要判定是否屬本輪 GitHub migration scope。
此文件不要求使用者貼 token不匯入 payload不寫 Gitea不建立 GitHub repo不 sync refs也不切 GitHub primary。它只把 owner 需要表態的 5 個 coverage items 固定下來,讓 AwoooP 可以 mirror 成 review lane。
## 1. Attestation 摘要
| 指標 | 值 |
|------|----|
| owner attestation 狀態 | `waiting_owner_attestation` |
| 必要 attestation items | 5 |
| 已收到 attestation | 0 |
| 已接受 attestation | 0 |
| 已拒收 attestation | 0 |
| 未認證公開範圍 repos | 2 |
| 本機可見 Gitea unique repos | 4 |
| 本機 Gitea 覆蓋缺口 | 2 |
| 110 internal adjacent sources | 4 |
| 需要 owner scope decision | `true` |
| 允許收集 token value | `false` |
| 允許 repo write / refs sync | `false` |
| 授權切換 GitHub primary | `false` |
## 2. 必要 Attestation Items
| Item | 需要 owner 判定 | 目前缺口 |
|------|----------------|----------|
| `public_only_vs_local_gitea_gap` | `wooo/clawbot-v5``wooo/wooo-aiops` 是否仍屬本輪 scope | public-only 2 repos本機 Gitea unique 4 repos |
| `org_user_endpoint_identity` | `wooo` 應以 user、org 或兩者盤點 | org endpoint blocked / 404 不等於沒有 private repos |
| `internal_110_adjacent_scope` | `bitan-pharmacy``root/momo-pro-system``tsenyang-website``wooo/wooo-infra-config` 是否納入 | 110 adjacent sources 未正式 scope decision |
| `repo_owner_canonical_scope` | 每個 in-scope repo 的 owner、canonical source、GitHub target、visibility 責任人 | GitHub target / canonical / owner 尚未全量確認 |
| `legacy_or_inaccessible_repo_disposition` | legacy、archived、external 或 inaccessible repo 的處置 | 未出現在 payload 的 repo 不能自動視為完成 |
## 3. 可接受決策值
| 決策值 | 意義 |
|--------|------|
| `in_scope` | 納入本輪 inventory / GitHub migration scope |
| `out_of_scope` | 排除本輪 scope但必須留下 owner 理由 |
| `legacy_archived` | 歷史或封存來源,只保留 evidence 與後續 review |
| `external_system` | 由外部系統或非本輪 source-control 管線管理 |
| `inaccessible_requires_followup` | 目前不可讀,需要 owner / 管理者補 evidence |
| `unknown_requires_more_evidence` | evidence 不足,維持 blocker |
## 4. AwoooP 可做
1. 顯示 S4.7 owner attestation request 與 5 個 coverage items。
2. 將每個 item mirror 成 review lane 或 approval candidate。
3. 顯示目前 `received_attestation_count=0``accepted_attestation_count=0`
4. 在 owner 提供決策後,只更新 read-only matrix、decision table、readiness gate 與 status rollup。
5. 維持 `gitea_repo_inventory_v1.status=partial`,直到 S4.6 payload 通過且 attestation 被接受。
## 5. AwoooP 不可做
1. 不要求使用者貼 token value。
2. 不保存 token、secret、cookie、session、private key。
3. 不用 write-capable token。
4. 不寫入 Gitea不建立、刪除、封存或修改 repo。
5. 不建立 GitHub repo不修改 visibility不 sync refs不 delete refs不 force push。
6. 不把 owner attestation 當成 GitHub primary approval。
7. 不新增 scan / execute / repo / refs action button。
## 6. 階段定位
S4.7 是 S4.5 匯出請求與 S4.6 匯入驗收之後的 owner scope decision gate。
它解決的是「哪些缺口需要 owner 說清楚」,不是「開始搬 repo」。完成 S4.7 後,仍需 authenticated/admin export payload、refs truth、workflow / secret name parity、rollback ADR owner approval 與逐 repo runtime gate才能談 GitHub primary cutover。

View File

@@ -2,13 +2,14 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-12 |
| 日期 | 2026-05-17 |
| 狀態 | 草案,等待人工批准 |
| 來源事件 | `gitea_repo_inventory_v1` |
| Approval event | `docs/security/gitea-readonly-inventory-approval.snapshot.json` |
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| 目的 | 補齊 Gitea private/internal server-side repo list |
| 原則 | 低摩擦、只讀、只盤 metadata、不保存 token value、不做同步或主控切換 |
@@ -31,6 +32,8 @@ S4.5 已補 `gitea_authenticated_inventory_export_request_v1`,把 read-only to
S4.6 已補 `gitea_authenticated_inventory_import_acceptance_v1`,把 owner / 管理者提供脫敏 payload 後的 schema 檢查、敏感值拒收、coverage gap 驗收與 mirror quarantine lane 正式文件化。payload 驗收通過仍不等於 GitHub primary cutover 被批准。
S4.7 已補 `gitea_inventory_coverage_attestation_v1`,把 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition 的 owner decision 正式文件化。attestation 只做 scope 判定,不等於 repo migration 或 primary cutover approval。
## 1. 申請批准的動作
| 動作 | 風險 | 批准後允許 | 仍然禁止 |
@@ -83,6 +86,7 @@ python3 scripts/security/gitea-repo-inventory.py \
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` 已通過 |
| Coverage gap | public-only 2 repos 與 local Gitea 4 repos 的差異已解釋 |
| Import acceptance | S4.6 驗收檢查通過;敏感 payload 必須進隔離 |
| Owner attestation | S4.7 五個 coverage items 已有 owner scope decision |
| 後續動作 | 只更新 matrix / decision table不同步 refs |
## 5. 批准前不得做

View File

@@ -15,6 +15,7 @@
| 阻塞原因 | 未提供 token結果只代表公開可見 repoprivate/internal repos 仍需只讀 token 或管理匯出 |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
## Repo 清單
@@ -28,3 +29,5 @@
S4.5 已將 authenticated inventory / redacted admin export 的欄位、拒收規則與 coverage gap 驗收文件化;本 snapshot 仍是 `partial`,不得視為 server-side 全量。
S4.6 已將後續脫敏 payload 的驗收、拒收與隔離規則文件化;目前尚未收到 payload`gitea_repo_inventory_v1.status` 仍不得標記為 `ok`。
S4.7 已將 owner coverage attestation 文件化;目前尚未收到 owner attestationpublic-only 2 repos、本機 Gitea unique 4 repos、org/user endpoint 與 110 internal adjacent source 的 scope 仍不得視為已完成。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-12 |
| 日期 | 2026-05-17 |
| 狀態 | 第一版read-only / export-only |
| 工具 | `scripts/security/gitea-repo-inventory.py` |
| 事件 | `gitea_repo_inventory_v1` |
@@ -10,6 +10,7 @@
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| S4.6 import acceptance | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| S4.7 coverage attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo |
## 0. 核心結論
@@ -33,6 +34,8 @@ S4.5 已補 `gitea_authenticated_inventory_export_request_v1`:正式要求 aut
S4.6 已補 `gitea_authenticated_inventory_import_acceptance_v1`:收到 owner / 管理者提供的脫敏 payload 後,必須先依 S4.6 檢查 schema、URL 脫敏、coverage gap、redaction attestation 與敏感值隔離。此驗收仍不授權 repo 建立、refs sync 或 GitHub primary cutover。
S4.7 已補 `gitea_inventory_coverage_attestation_v1`owner 必須先對 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition 作 scope decision。此 attestation 仍不授權 token 收集、repo 寫入、refs sync 或 primary cutover。
## 1. Public-only 快照指令
```bash
@@ -142,4 +145,4 @@ python3 scripts/security/gitea-repo-inventory.py \
4. 每個 repo 建立 mirror / archive / keep-local 判定。
5. 產出 GitHub primary ADR 與 rollback plan。
S4.6 驗收通過只代表「脫敏清冊 payload 可以變成 evidence」任何 GitHub repo 建立、visibility 修改、refs sync、primary cutover 或 Gitea 停用仍需後續人工批准與 runtime gate。
S4.6 驗收通過只代表「脫敏清冊 payload 可以變成 evidence」S4.7 owner attestation 通過只代表「coverage gap 有 scope decision」。任何 GitHub repo 建立、visibility 修改、refs sync、primary cutover 或 Gitea 停用仍需後續人工批准與 runtime gate。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 草案 |
| Schema | `docs/schemas/security_mirror_readiness_v1.schema.json` |
| Snapshot | `docs/security/security-mirror-readiness.snapshot.json` |
@@ -35,7 +35,7 @@
| Contract | 狀態 | 原因 | 下一步 |
|----------|------|------|--------|
| `security_finding_v1` | `partial_ready` | 目前只有 Kali sample snapshotruntime ingestion 尚未啟用 | 先 review `kali-finding-runtime-ingestion-approval-20260513` |
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidenceS4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約;未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個 | 依 S4.5 請求取得脫敏清冊後,先用 S4.6 驗收 / 拒收 / 隔離;不保存 token value |
| `gitea_repo_inventory_v1` | `partial_ready` | 目前只有 public-only / blocked endpoint evidenceS4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約S4.7 已補 owner coverage attestation;未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個 | 先取得 S4.7 owner scope decision依 S4.5 請求取得脫敏清冊用 S4.6 驗收 / 拒收 / 隔離;不保存 token value |
| `coding_task_v1` | `contract_only` | 已有 schema 與 handoff prompt尚無正式 coding task snapshot | 等 code review 產生實際 task 後再 mirror |
## 2. AwoooP 鏡像目的地
@@ -82,7 +82,7 @@ AwoooP 可以將 ready / partial contracts mirror 到:
14. 再 mirror `security_followup_runtime_gate_v1`,只顯示 runtime gate 準備模板、preflight checks 與 rollback / disable requirement。
15. 再 mirror `source_control_primary_readiness_gate_v1`,只顯示 GitHub primary parity、owner、rollback 與人工批准缺口。
16. 再 mirror `source_control_primary_rollback_adr_v1`,只顯示 7 個 in-scope repo 的 rollback ADR 草案、validation window 與 owner review不執行 rollback、不切 primary。
17. 再 mirror `gitea_repo_inventory_v1`、S4.5 認證清冊匯出請求S4.6 匯入驗收契約,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則;不保存 token value、不寫 Gitea、不 sync refs。
17. 再 mirror `gitea_repo_inventory_v1`、S4.5 認證清冊匯出請求S4.6 匯入驗收契約與 S4.7 owner coverage attestation,只顯示未認證公開範圍 / 本機 evidence 覆蓋缺口、只讀 / 管理脫敏匯出選項、payload 驗收 / 拒收 / 隔離規則與 5 個 owner scope decision items;不保存 token value、不寫 Gitea、不 sync refs。
18. 再 mirror `source_control_workflow_secret_name_inventory_v1`、S4.2 local evidence 與 S4.3 redacted export request只顯示 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 local evidence 有 4 個 repos、31 個 workflow files、43 個 referenced secret namesexport request 有 7 個 repos、5 類 lanes不保存 secret value。
19. 再 mirror `kali_integration_status_v1``kali_scan_scope_approval_v1`
20. 最後再 mirror source-control 其他 contracts。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 草案 |
| Schema | `docs/schemas/security_mirror_status_rollup_v1.schema.json` |
| Snapshot | `docs/security/security-mirror-status-rollup.snapshot.json` |
@@ -29,7 +29,7 @@
| Follow-up runtime gate templates | S3.4 已建立8 個 templates、0 個 active runtime gates |
| GitHub primary readiness gate | S4.0 已建立8 個 candidate repos、7 個 in-scope blocked、0 個 primary ready |
| GitHub primary rollback ADR | S4.4 已建立7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed、0 個 active cutover |
| Gitea inventory | S4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
| Gitea inventory | S4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約;S4.7 已補 owner coverage attestation目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
| Workflow / secret name inventory | S4.1 已建立S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidenceS4.3 補 7 個 repos、5 類 lanes 的 redacted export request0 個 inventory complete、禁止收集 secret value、禁止 write token |
| Dry-run | `contract_defined_not_executed` |
| Runtime actions | `false` |
@@ -59,7 +59,7 @@
1. redacted finding ingestion adapter。
2. safe web crawl scope。
3. Gitea private/internal read-only inventory依 S4.5 認證匯出請求補全量清冊;收到脫敏 payload 後先依 S4.6 驗收 / 拒收 / 隔離;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個,不保存 token value。
3. Gitea private/internal read-only inventory先依 S4.7 取得 owner coverage attestation依 S4.5 認證匯出請求補全量清冊;收到脫敏 payload 後先依 S4.6 驗收 / 拒收 / 隔離;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個,不保存 token value。
4. GitHub target / owner / visibility / canonical。
5. Kali `/execute` 維持 block candidate。
6. GitHub primary readiness blockers 與 rollback ADR 缺口。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 草案 |
| JSON snapshot | `docs/security/security-supply-chain-contract-manifest.snapshot.json` |
| Schema | `docs/schemas/security_supply_chain_contract_manifest_v1.schema.json` |
@@ -39,7 +39,7 @@
| `security_mirror_status_rollup_v1` | mirror-only | AwoooP / Security Supply Chain 跨 Session 狀態總覽 | `security-mirror-status-rollup.snapshot.json` |
| `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot |
| `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi``clawbot-v5``wooo-aiops` |
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventoryS4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約 | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance snapshots |
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventoryS4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約S4.7 已補 owner coverage attestation | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance / S4.7 coverage attestation snapshots |
| `local_git_remote_inventory_v1` | mirror-only | 本機 remote coverage | `local-git-remote-inventory.snapshot.json` |
| `github_target_probe_v1` | mirror-only | GitHub target visibility | `github-target-probe.snapshot.json` |
| `github_target_decision_v1` | mirror-only | GitHub target 決策 | `github-target-decision.snapshot.json` |
@@ -60,7 +60,7 @@
1. 先讀 `security_rollout_policy_v1`,確認目前仍是 `mirror_only`
2. 再讀本 manifest取得可消費 contract 與禁止動作。
3. 將 snapshot mirror 成 Runtime State / Channel Event / Audit evidence。
4. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求、S4.6 匯入驗收契約與覆蓋缺口,不得觸發 token collection 或 Gitea write。
4. 只對 `approval_required_event_v1`、repo approval package、`security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1` 建 approval candidate / review lane / next-state display / runtime gate preparation / primary readiness display / rollback ADR display / workflow-secret name inventory gate / redacted export request display`gitea_repo_inventory_v1` 只能顯示 S4.5 認證匯出請求、S4.6 匯入驗收契約、S4.7 owner coverage attestation request 與覆蓋缺口,不得觸發 token collection 或 Gitea write。
5. 不新增執行按鈕,不做 runtime enforcement。
## 3. 永久禁止

View File

@@ -2,9 +2,9 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -45,6 +45,7 @@
| S4.4 GitHub Primary rollback ADR | 完成草案 | 已建立 rollback ADR schema / snapshot / 人讀版7 個 in-scope rollback drafts、0 owner approved、0 dry-run completed、0 active cutover | repo owner 審查 rollback owner、validation window 與 triggers仍不可切 primary 或執行 rollback |
| S4.5 Gitea 認證清冊匯出請求 | 完成草案 | 已建立匯出請求 schema / snapshot / 人讀版;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;允許收集 token value=false | repo owner 依只讀 token API 或已脫敏管理匯出補私有 / 內部全量 repo list仍不可保存 token、不可 write Gitea、不可 refs sync |
| S4.6 Gitea 認證清冊匯入驗收契約 | 完成草案 | 已建立匯入驗收 schema / snapshot / 人讀版;目前 received payload 0、accepted 0、rejected 0定義 10 個驗收檢查、10 個拒收規則與 4 個 quarantine lanes | owner 提供脫敏 payload 後先驗收 / 拒收 / 隔離;仍不可把驗收當 primary approval |
| S4.7 Gitea 清冊覆蓋 Owner Attestation | 完成草案 | 已建立 coverage attestation schema / snapshot / 人讀版5 個 owner decision items、received attestation 0、accepted 0、execution authorized=false | owner 判定 public-only / local remote gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy/inaccessible disposition仍不可把 attestation 當 migration approval |
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證rollback ADR 仍待 owner approval | SHA/tag/workflow parity、rollback ADR owner approval 與 runtime gate |
## 1. 已建立的主要 evidence
@@ -61,6 +62,8 @@
| Gitea 認證清冊匯出請求 JSON | `docs/security/gitea-authenticated-inventory-export-request.snapshot.json` |
| Gitea 認證清冊匯入驗收契約 | `docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` |
| Gitea 認證清冊匯入驗收契約 JSON | `docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json` |
| Gitea 清冊覆蓋 owner attestation | `docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md` |
| Gitea 清冊覆蓋 owner attestation JSON | `docs/security/gitea-inventory-coverage-attestation.snapshot.json` |
| Gitea 管理匯出 redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| Gitea org endpoint blocked evidence | `docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md` |
| Source-control migration matrix | `docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md` |
@@ -146,11 +149,11 @@
## 3. 下一階段建議
1. 依 S4.5 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` 取得 Gitea 認證清冊;收到 payload 後依 S4.6 `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` 驗收 / 拒收 / 隔離。目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list不保存 token value。
1. 先依 S4.7 `GITEA-INVENTORY-COVERAGE-ATTESTATION.md` 取得 owner coverage attestation依 S4.5 `GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` 取得 Gitea 認證清冊;收到 payload 後依 S4.6 `GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md` 驗收 / 拒收 / 隔離。目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個;只能用只讀 token API 或已脫敏管理匯出補私有 / 內部 server-side 全量 repo list不保存 token value。
2.`SOURCE-CONTROL-APPROVAL-BOARD.md` 對 7 個 `approval_required=true` 的 GitHub target 做 owner / visibility / canonical 決策。
3.`SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md``awoooi``clawbot-v5``wooo-aiops` 做單 repo / 單 ref owner 判定;仍不得 push refs。
4.`ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
5.`KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`
6. AwoooP 主線先讀 `security_mirror_readiness_v1``security_mirror_intake_plan_v1``security_mirror_event_v1``security_mirror_route_v1``security_mirror_acceptance_v1``security_mirror_quarantine_v1``security_mirror_dry_run_v1``security_mirror_status_rollup_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求S4.6 匯入驗收契約workflow / secret inventory 需同時顯示 S4.3 redacted export requestprimary readiness 需同時顯示 S4.4 rollback ADR 草案。
6. AwoooP 主線先讀 `security_mirror_readiness_v1``security_mirror_intake_plan_v1``security_mirror_event_v1``security_mirror_route_v1``security_mirror_acceptance_v1``security_mirror_quarantine_v1``security_mirror_dry_run_v1``security_mirror_status_rollup_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕;其中 Gitea inventory 需同時顯示 S4.5 認證清冊匯出請求S4.6 匯入驗收契約與 S4.7 owner coverage attestationworkflow / secret inventory 需同時顯示 S4.3 redacted export requestprimary readiness 需同時顯示 S4.4 rollback ADR 草案。
7. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy不做 runtime blocking。
8. AwoooP 主線再讀 `security_approval_queue_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1``security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason不新增 execution router。
8. AwoooP 主線再讀 `security_approval_queue_v1``security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1``security_supply_chain_contract_manifest_v1`,顯示 review order、批准範圍、審查封包、決策紀錄、決策後狀態、後續 runtime gate 準備條件、Gitea inventory 覆蓋缺口、S4.5 認證匯出請求、S4.6 匯入驗收 / 隔離規則、S4.7 owner attestation items、GitHub primary readiness blockers、rollback ADR 草案、workflow / secret 名稱 inventory 缺口、redacted export request 與 blocked reason不新增 execution router。

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13 |
| 日期 | 2026-05-17 |
| 狀態 | 草案blocked by default |
| Schema | `docs/schemas/source_control_primary_readiness_gate_v1.schema.json` |
| Snapshot | `docs/security/source-control-primary-readiness-gate.snapshot.json` |
@@ -33,7 +33,7 @@
| Gate | 目前狀態 | 說明 |
|------|----------|------|
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成 |
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成S4.7 owner coverage attestation 仍未收到 |
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs drift |
| workflow / runner / secret name parity | missing evidence | S4.1 已建立 inventory 契約;尚未有實際 redacted workflow、webhook、runner、secret 名稱 snapshot |
| owner / visibility / canonical | pending review | 7 個 in-scope targets 仍需人工決策 |
@@ -44,7 +44,7 @@
1. 顯示每個 repo 的 readiness state、blockers 與 evidence refs。
2. 顯示 `primary_ready_count=0`
3. 將 7 個 in-scope repos 維持在 approval / review lane。
4. 顯示哪些 evidence 仍缺Gitea authenticated inventory、refs truth、workflow/runner/secret name inventory、rollback ADR。
4. 顯示哪些 evidence 仍缺Gitea authenticated inventory、S4.7 owner coverage attestation、refs truth、workflow/runner/secret name inventory、rollback ADR。
5. 連到 `source_control_workflow_secret_name_inventory_v1` 顯示 8 個 candidate repos 的 inventory lane 缺口與 S4.2 local evidence只保存 secret 名稱與 owner不保存 value。
6. 連到 `source_control_primary_rollback_adr_v1` 顯示 7 個 in-scope repos 的 rollback owner、trigger 與 validation window 草案。
7. 把狀態寫入 Audit evidence 與 Operator Console。
@@ -63,6 +63,6 @@
S4.0 只是把「切換前一定要看見什麼」先定義清楚。
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。`owner_approved_count=0``dry_run_completed_count=0``active_cutover_count=0`
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。S4.7 已補上 Gitea coverage owner attestation但它只是 scope decision request不是 migration approval。`owner_approved_count=0``dry_run_completed_count=0``active_cutover_count=0`
這讓長期回到 GitHub 的方向可以繼續往前,但仍維持低摩擦:目前只 mirror、只顯示、只留痕不執行。

View File

@@ -0,0 +1,209 @@
{
"schema_version": "gitea_inventory_coverage_attestation_v1",
"status": "draft_waiting_owner_attestation",
"date": "2026-05-17",
"mode": "coverage_attestation_only",
"runtime_execution_authorized": false,
"source_contract": "gitea_repo_inventory_v1",
"source_request_contracts": [
"gitea_authenticated_inventory_export_request_v1",
"gitea_authenticated_inventory_import_acceptance_v1"
],
"source_indexes": [
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/local-git-remote-inventory.snapshot.json",
"docs/security/git-remote-refs-bitan-tsenyang.snapshot.json",
"docs/security/git-remote-refs-wooo-infra-config.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json"
],
"summary": {
"owner_attestation_status": "waiting_owner_attestation",
"required_attestation_item_count": 5,
"received_attestation_count": 0,
"accepted_attestation_count": 0,
"rejected_attestation_count": 0,
"public_only_repo_count": 2,
"local_gitea_unique_repo_count": 4,
"local_gitea_gap_count": 2,
"internal_110_adjacent_source_count": 4,
"owner_scope_decision_required": true,
"token_value_collection_allowed": false,
"repo_write_allowed": false,
"refs_sync_allowed": false,
"github_primary_switch_authorized": false,
"action_buttons_allowed": false
},
"attestation_items": [
{
"item_id": "public_only_vs_local_gitea_gap",
"title": "public-only 與本機 Gitea remote 覆蓋缺口",
"why_required": "public-only API 目前只看到 2 個 repos但本機 remote evidence 顯示至少 4 個 Gitea unique reposGitHub primary 前必須由 owner 說明差異。",
"current_evidence_gap": "未認證公開範圍看到 `wooo/awoooi`、`wooo/ewoooc`;本機 remote 另看到 `wooo/clawbot-v5`、`wooo/wooo-aiops`。",
"requested_owner_decision": "判定 `wooo/clawbot-v5` 與 `wooo/wooo-aiops` 是否仍屬本輪 Gitea inventory / GitHub migration scope或屬 legacy / archived / external / inaccessible。",
"acceptable_decisions": [
"in_scope",
"out_of_scope",
"legacy_archived",
"external_system",
"inaccessible_requires_followup",
"unknown_requires_more_evidence"
],
"minimum_evidence_refs": [
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/local-git-remote-inventory.snapshot.json"
],
"received_decision": null,
"accepted": false,
"execution_authorized": false
},
{
"item_id": "org_user_endpoint_identity",
"title": "Gitea `wooo` org/user endpoint 身分確認",
"why_required": "`orgs/wooo/repos` 未認證查詢 blocked / 404不能自動解讀為不存在 private/internal repos。",
"current_evidence_gap": "目前 public-only evidence 走 user endpointorg endpoint 仍需 owner 或管理者說明 `wooo` 是 user、org或兩者皆需盤。",
"requested_owner_decision": "確認 Gitea inventory 的 canonical endpoint 與需要盤點的 owner namespace。",
"acceptable_decisions": [
"in_scope",
"out_of_scope",
"inaccessible_requires_followup",
"unknown_requires_more_evidence"
],
"minimum_evidence_refs": [
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json"
],
"received_decision": null,
"accepted": false,
"execution_authorized": false
},
{
"item_id": "internal_110_adjacent_scope",
"title": "110 內部相鄰來源是否納入本輪 scope",
"why_required": "本機與 110 adjacent evidence 看到多個非 public-only Gitea list 的來源;若它們屬於產品或部署路徑,必須納入 GitHub primary 前的 owner 判定。",
"current_evidence_gap": "目前需 owner 判定 `bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config` 是否屬本輪 Gitea/GitHub migration scope。",
"requested_owner_decision": "逐項標示 in-scope、out-of-scope、external_system、legacy_archived 或 inaccessible_requires_followup。",
"acceptable_decisions": [
"in_scope",
"out_of_scope",
"legacy_archived",
"external_system",
"inaccessible_requires_followup",
"unknown_requires_more_evidence"
],
"minimum_evidence_refs": [
"docs/security/git-remote-refs-bitan-tsenyang.snapshot.json",
"docs/security/git-remote-refs-wooo-infra-config.snapshot.json",
"docs/security/local-git-remote-inventory.snapshot.json"
],
"received_decision": null,
"accepted": false,
"execution_authorized": false
},
{
"item_id": "repo_owner_canonical_scope",
"title": "repo owner / canonical / GitHub target scope",
"why_required": "GitHub target、canonical repo 與 repo owner 若未確認,會讓後續 refs truth、workflow-secret parity 與 rollback ADR 無法判斷。",
"current_evidence_gap": "部分 repo 仍需確認 owner、visibility、canonical target 與 GitHub target不得用 public API `not_found_or_private` 自動建立 repo。",
"requested_owner_decision": "針對每個 in-scope repo 指定 owner、canonical source、GitHub target candidate 與 visibility 判斷責任人。",
"acceptable_decisions": [
"in_scope",
"out_of_scope",
"external_system",
"unknown_requires_more_evidence"
],
"minimum_evidence_refs": [
"docs/security/github-target-decision.snapshot.json",
"docs/security/source-control-approval-board.snapshot.json",
"docs/security/local-repo-canonical-ewoooc-momo.snapshot.json"
],
"received_decision": null,
"accepted": false,
"execution_authorized": false
},
{
"item_id": "legacy_or_inaccessible_repo_disposition",
"title": "legacy / inaccessible repo 處置",
"why_required": "若 repo 已封存、不可讀或屬歷史來源,也必須留下明確處置,避免之後把缺口誤當成已完成 inventory。",
"current_evidence_gap": "目前沒有 owner attestation 可說明未出現在 authenticated/admin export payload 的 repo 是否應留待後續、排除、封存或另案處理。",
"requested_owner_decision": "提供每個 legacy / inaccessible / external repo 的處置:保留 evidence、另案追蹤、納入後續清冊或明確排除並附理由。",
"acceptable_decisions": [
"out_of_scope",
"legacy_archived",
"external_system",
"inaccessible_requires_followup",
"unknown_requires_more_evidence"
],
"minimum_evidence_refs": [
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/source-control-primary-readiness-gate.snapshot.json"
],
"received_decision": null,
"accepted": false,
"execution_authorized": false
}
],
"decision_values": [
{
"value": "in_scope",
"meaning": "屬本輪 Gitea inventory / GitHub migration scope後續需補 refs truth、workflow-secret parity、rollback ADR 與人工批准。",
"allowed_effect": "可更新 read-only matrix / decision table不可執行 repo 建立、refs sync 或 primary switch。",
"execution_authorized": false
},
{
"value": "out_of_scope",
"meaning": "不屬本輪 scope必須留下 owner 理由與 evidence ref。",
"allowed_effect": "可在 matrix 標示 out-of-scope不可刪除、封存或停用來源 repo。",
"execution_authorized": false
},
{
"value": "legacy_archived",
"meaning": "屬歷史或封存來源,只保留 evidence 與人工處置紀錄。",
"allowed_effect": "可建立 archive review lane不可執行 archive/delete。",
"execution_authorized": false
},
{
"value": "external_system",
"meaning": "由外部系統或非本輪 source-control 管線管理。",
"allowed_effect": "可標示 external owner不可在本流程自動遷移。",
"execution_authorized": false
},
{
"value": "inaccessible_requires_followup",
"meaning": "目前不可讀或缺權限,需要 owner / 管理者補脫敏 evidence。",
"allowed_effect": "可建立 request_more_evidence lane不可假設已完成 inventory。",
"execution_authorized": false
},
{
"value": "unknown_requires_more_evidence",
"meaning": "目前 evidence 不足以判定 scope。",
"allowed_effect": "維持 blocker 與 partial status不可進 primary readiness。",
"execution_authorized": false
}
],
"allowed_outputs": [
"更新 owner attestation snapshot 與人讀文件",
"更新 source-control migration matrix、decision table、readiness gate 與 status rollup 的 read-only 欄位",
"把缺口顯示到 AwoooP approval / review lane",
"維持 `gitea_repo_inventory_v1.status=partial`,直到 authenticated/admin export payload 通過 S4.6 且 owner attestation 被接受"
],
"forbidden_actions": [
"store_token_value",
"request_raw_token_in_chat_or_docs",
"use_write_capable_token",
"write_to_gitea",
"create_gitea_repo",
"delete_or_archive_gitea_repo",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"delete_git_refs",
"force_push",
"switch_github_primary",
"disable_gitea",
"add_action_button",
"execute_scan_or_runtime_change"
]
}

View File

@@ -1,7 +1,7 @@
{
"schema_version": "security_mirror_readiness_v1",
"status": "draft",
"date": "2026-05-13",
"date": "2026-05-17",
"default_enforcement_level": "mirror_only",
"runtime_execution_authorized": false,
"summary": {
@@ -234,14 +234,16 @@
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json"
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json"
],
"human_docs": [
"docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md",
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md"
],
"notes": "目前仍是 public-only / blocked endpoint evidenceS4.5 已補 authenticated/admin export requestS4.6 已補 redacted import acceptanceprivate/internal 全量需 approval脫敏 payload 驗收。"
"notes": "目前仍是 public-only / blocked endpoint evidenceS4.5 已補 authenticated/admin export requestS4.6 已補 redacted import acceptanceS4.7 已補 owner coverage attestation requestprivate/internal 全量需 approval脫敏 payload 驗收與 owner scope decision。"
},
{
"contract": "local_git_remote_inventory_v1",

View File

@@ -1,7 +1,7 @@
{
"schema_version": "security_mirror_status_rollup_v1",
"status": "draft",
"date": "2026-05-13",
"date": "2026-05-17",
"mode": "mirror_only",
"rollup_status": "framework_ready_waiting_approval",
"runtime_execution_authorized": false,
@@ -21,6 +21,7 @@
"docs/security/security-followup-runtime-gate.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/source-control-primary-readiness-gate.snapshot.json",
"docs/security/source-control-primary-rollback-adr.snapshot.json",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
@@ -48,6 +49,10 @@
"gitea_inventory_import_acceptance_payload_count": 0,
"gitea_inventory_import_acceptance_quarantine_required": true,
"gitea_inventory_import_acceptance_execution_authorized": false,
"gitea_inventory_coverage_attestation_status": "draft_waiting_owner_attestation",
"gitea_inventory_coverage_attestation_required_count": 5,
"gitea_inventory_coverage_attestation_received_count": 0,
"gitea_inventory_coverage_attestation_execution_authorized": false,
"primary_readiness_candidate_repo_count": 8,
"github_primary_ready_count": 0,
"primary_rollback_adr_repo_plan_count": 7,
@@ -80,8 +85,8 @@
{
"phase_id": "S1_readonly_inventory",
"state": "in_progress",
"current_result": "已完成多項 read-only evidenceS4.5 已補 Gitea authenticated/admin export requestS4.6 已補 redacted import acceptance但 private/internal 全量 repo list 仍需批准後補齊。",
"next_gate": "只讀 token 或 redacted admin export owner approval收到 payload 後先依 S4.6 驗收與隔離規則檢查,仍不得保存 token value。"
"current_result": "已完成多項 read-only evidenceS4.5 已補 Gitea authenticated/admin export requestS4.6 已補 redacted import acceptanceS4.7 已補 owner coverage attestation request但 private/internal 全量 repo list 仍需批准後補齊。",
"next_gate": "先取得 owner scope decision / coverage attestation再等待只讀 token 或 redacted admin export owner approval收到 payload 後先依 S4.6 驗收與隔離規則檢查,仍不得保存 token value。"
},
{
"phase_id": "S2_mirror_only_consumption",
@@ -98,8 +103,8 @@
{
"phase_id": "S4_migration_execution",
"state": "not_started",
"current_result": "GitHub primary 是長期方向source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary readyS4.1 已定義 workflow / secret 名稱 inventory 契約S4.2 已補 local evidenceS4.3 已補 redacted export requestS4.4 已補 rollback ADR 草案S4.5 已補 Gitea authenticated inventory export requestS4.6 已補 redacted import acceptance但 inventory status 仍 partial。",
"next_gate": "Gitea authenticated inventory payload 通過 S4.6 驗收、refs truth、webhook / runner / deploy key / branch protection / repository secret parity redacted evidence、rollback ADR owner approval 與逐 repo 人工批准。"
"current_result": "GitHub primary 是長期方向source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary readyS4.1 已定義 workflow / secret 名稱 inventory 契約S4.2 已補 local evidenceS4.3 已補 redacted export requestS4.4 已補 rollback ADR 草案S4.5 已補 Gitea authenticated inventory export requestS4.6 已補 redacted import acceptanceS4.7 已補 owner coverage attestation request,但 inventory status 仍 partial。",
"next_gate": "Gitea coverage attestation 被 owner 接受、authenticated inventory payload 通過 S4.6 驗收、refs truth、webhook / runner / deploy key / branch protection / repository secret parity redacted evidence、rollback ADR owner approval 與逐 repo 人工批准。"
}
],
"next_safe_actions": [
@@ -190,7 +195,8 @@
"mode": "approval_required",
"source_contract": "gitea_repo_inventory_v1",
"allowed_processing": [
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance 與 coverage gap",
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation request 與 coverage gap",
"顯示 5 個 owner attestation items、received_attestation_count=0 與 accepted_attestation_count=0",
"使用 read-only token 或 redacted admin export 補齊 repo list",
"收到 payload 後只做 schema / redaction / coverage gap 驗收與隔離",
"只保存 token_present=true/false",
@@ -199,6 +205,7 @@
"blocked_processing": [
"保存 token value",
"使用 write-capable token",
"把 S4.7 owner attestation request 當成 repo migration approval",
"把 S4.6 payload 驗收當成 primary approval",
"建立 GitHub repo 或 sync refs"
]

View File

@@ -379,19 +379,27 @@
"docs/security/gitea-public-repo-search.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json"
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json"
],
"human_docs": [
"docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md",
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md",
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md"
],
"consumer": "AwoooP migration matrix evidence",
"consumption_mode": "mirror_only",
"allowed_actions": ["mirror_public_only_inventory", "create_readonly_inventory_approval_candidate", "display_authenticated_inventory_export_request", "display_redacted_inventory_import_acceptance"],
"allowed_actions": [
"mirror_public_only_inventory",
"create_readonly_inventory_approval_candidate",
"display_authenticated_inventory_export_request",
"display_redacted_inventory_import_acceptance",
"display_coverage_attestation_request"
],
"forbidden_actions": ["store_token_value", "write_to_gitea", "delete_or_archive_repo"],
"notes": "目前是 partial/public_onlyS4.5 已補 authenticated/admin export requestS4.6 已補 redacted import acceptanceprivate/internal 全量仍需批准後補齊。"
"notes": "目前是 partial/public_onlyS4.5 已補 authenticated/admin export requestS4.6 已補 redacted import acceptanceS4.7 已補 owner coverage attestation requestprivate/internal 全量仍需批准後補齊。"
},
{
"contract": "local_git_remote_inventory_v1",

View File

@@ -1,7 +1,7 @@
{
"schema_version": "source_control_primary_readiness_gate_v1",
"status": "draft_blocked",
"date": "2026-05-13",
"date": "2026-05-17",
"mode": "primary_readiness_gate_only",
"runtime_execution_authorized": false,
"source_indexes": [
@@ -15,6 +15,7 @@
"docs/security/gitea-repo-inventory.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/gitea-org-repo-inventory-blocked.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json"
],
@@ -44,6 +45,7 @@
"目前只有 public-only / blocked endpoint evidence",
"S4.5 已建立 authenticated/admin export request但尚未取得 `gitea_repo_inventory_v1.status=ok` evidence",
"S4.6 已建立 redacted import acceptance但目前 received_payload_count=0、accepted_payload_count=0",
"S4.7 已建立 owner coverage attestation request但目前 received_attestation_count=0、accepted_attestation_count=0",
"public-only API 只看到 2 個 repos本機 remote inventory 看到 4 個 unique Gitea reposgap 仍待 owner 解釋",
"GITEA_READONLY_TOKEN 未提供",
"不得使用 write-capable credential 當 read-only token"
@@ -52,6 +54,7 @@
"顯示 blocked reason",
"mirror S4.5 authenticated inventory export request",
"mirror S4.6 redacted inventory import acceptance",
"mirror S4.7 owner coverage attestation request",
"等待 read-only token 或 redacted admin export",
"更新 approval board 與 decision table"
],