docs(security): add owner response audit retention rules
This commit is contained in:
@@ -126,7 +126,7 @@ Ref truth classification 已建立,將 `awoooi`、`clawbot-v5`、`wooo-aiops`
|
||||
|
||||
Workflow / secret name owner response 已建立,S4.12 補 1 個 request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 templates,對應 webhook、runner、deploy key、branch protection / CODEOWNERS 與 repository secret name parity;received / accepted response 皆為 0、audit events emitted 仍為 0。不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification、GitHub hosted runner enablement 或 primary approval。
|
||||
|
||||
Owner response validation rollup 已建立,S4.13 彙整 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets,22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples,received / accepted response 皆為 0,reviewer audit emitted 仍為 0。不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks 或 reviewer audit redaction examples 當成 approval、runtime gate、production ingestion 或 execution authorization。
|
||||
Owner response validation rollup 已建立,S4.13 彙整 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets,22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules,received / accepted response 皆為 0,reviewer audit emitted 仍為 0。不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples 或 reviewer audit retention rules 當成 approval、runtime gate、production ingestion 或 execution authorization。
|
||||
|
||||
## 3. 必要驗收 gate
|
||||
|
||||
@@ -159,7 +159,7 @@ Ref truth classification 補充:完整 review lane 見 `docs/security/SOURCE-C
|
||||
2. 依 GitHub target repo-by-repo approval package 處理 7 個 approval-required target。
|
||||
3. 依 S4.11 ref truth owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / 收件包與 classification 釐清 `wooo/awoooi`、`wooo/clawbot-v5`、`wooo/wooo-aiops` 的雙端分歧來源;仍不得 push/delete refs。
|
||||
4. 依 S4.12 workflow / secret name owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / 收件包補 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 的 redacted disposition;仍不得收 secret value、改 workflow 或啟用 hosted runner。
|
||||
5. 依 S4.13 owner response validation rollup 集中檢查 S4.9-S4.12 四包 response validation、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks 與 reviewer audit redaction examples;仍不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks 或 reviewer audit redaction examples 當 approval、production ingestion 或 execution authorization。
|
||||
5. 依 S4.13 owner response validation rollup 集中檢查 S4.9-S4.12 四包 response validation、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples 與 reviewer audit retention rules;仍不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples 或 reviewer audit retention rules 當 approval、production ingestion 或 execution authorization。
|
||||
6. 釐清 `wooo/ewoooc`、`root/momo-pro-system`、`momo-pro-system`、`momo_pro_system` 的 canonical 關係。
|
||||
7. 釐清 `bitan-pharmacy`、`tsenyang-website` 是否仍 active,並決定 GitHub owner / visibility。
|
||||
8. 產出 GitHub primary ADR 前,不做主控切換。
|
||||
|
||||
Reference in New Issue
Block a user