docs(security): 補 VibeWork 納管 handoff [skip ci]

This commit is contained in:
Your Name
2026-06-04 20:51:35 +08:00
parent 5fcf4f8e61
commit a89a48d1e0
6 changed files with 690 additions and 4 deletions

View File

@@ -1,3 +1,42 @@
## 2026-06-04IwoooS P1-9 VibeWork Onboarding Handoff
**背景**P1-8 已補 111 / 168 開發主機 scope handoff本段接續 P1-9將 VibeWork 納入 IwoooS 的 repo、product、surface、owner、evidence refs、資料分級、部署邊界與獨立產品邊界整理成 owner / reviewer 可審的只讀 handoff。這不是產品合併、不是部署批准、不是 repo / refs 同步、不是 workflow / secret 修改,也不是掃描或修復授權。
**本輪完成**
- 新增 `docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md`:整理 VibeWork 產品定位、repo / refs truth、surface、owner response 欄位、資料分級、部署邊界與獨立產品邊界。
- 新增 `docs/security/vibework-iwooos-onboarding-handoff.snapshot.json`:固定 `onboarding_handoff_completion_percent=100`,並維持 `product_boundary_merged_into_awoooi=false``production_deploy_authorized=false``repo_creation_authorized=false``refs_sync_authorized=false``workflow_modification_authorized=false``secret_value_collection_authorized=false``shared_database_authorized=false``shared_session_authorized=false``shared_rbac_authorized=false`
- 新增 `docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json`:讓 VibeWork onboarding handoff 有可驗契約。
- 更新 `IWOOOS-POSTURE-PROJECTION.md`:把 `vibework_iwooos_onboarding_handoff_v1` 加入 IwoooS 可讀來源。
- 更新 IwoooS P0/P1 主控總帳P1-9 onboarding handoff 標記 `100%`VibeWork runtime / deploy / repo mutation 仍 `0 / false`IwoooS headline 仍 `64%`
**完成度更新**
- P1-9 VibeWork onboarding handoff`100%`
- VibeWork runtime / deploy / repo mutation`0 / false`
- owner response received / accepted`false / false`
- repo refs truth accepted`false`
- data classification accepted`false`
- deployment boundary accepted`false`
- active runtime gate`0`
- IwoooS headline維持 `64%`,不因文件草案假性調高。
**驗證**
- `python3 -m json.tool docs/security/vibework-iwooos-onboarding-handoff.snapshot.json`:通過。
- `python3 -m json.tool docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json`:通過。
- 本段自訂結構檢查:`VIBEWORK_IWOOOS_ONBOARDING_HANDOFF_STRUCTURE_OK`
- `git diff --check`:通過。
- `python3 scripts/security/source-control-owner-response-guard.py --root .``SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`
- `python3 scripts/security/security-mirror-progress-guard.py --root .``SECURITY_MIRROR_PROGRESS_GUARD_OK`
- 新增 diff 行 credential pattern 檢查:`NO_ADDED_URL_CREDENTIAL_PATTERNS`
- staged 授權旗標檢查:`NO_UNEXPECTED_AUTHORIZATION_OR_COUNTER_INCREASE`
- Schema validator 限制:本地沒有 Python `jsonschema` / Node AJV 驗證器時,以 JSON parse、自訂結構檢查與既有 guard 補位。
- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK未改 IwoooS 前端與 production 文案,不宣稱新的 production 狀態;沿用既有 VibeWork 前端只讀納管卡與 P0 `/zh-TW/iwooos` live sanity 基準。
**目前邊界**
- VibeWork 是獨立產品;不得與 AWOOOI 共用 DB、Session、RBAC 或核心流程 runtime。
- `/Users/ogt/Documents/VibeWork` 是 dirty active workspace`/Users/ogt/Documents/VibeWork-current-main` 是 reference worktreerefs truth 需 owner 決定,不自動 commit / rebase / push / sync refs。
- VibeWork production URL、Docker Compose、health endpoint 或 drift guard 可見,不代表本段做了 production verification 或部署批准。
- `.env`、DB URL、auth secret、job secret、webhook token、API key、cookie、session、private key、使用者原始需求、完整 PRD、媒合個資與通知原文全部拒收或隔離。
## 2026-06-04IwoooS P1-8 111 / 168 Dev Host Scope Handoff
**背景**P1-7 已把 Kali `192.168.0.112` 維護窗口草案推到 owner / reviewer 可審;本段接續 P1-8`192.168.0.111``192.168.0.168` 的開發主機 scope、credential handling、rollback owner 與 validation metrics。這是 observe-only handoff不登入主機、不 SSH、不 credentialed scan、不 active scan、不讀未授權目錄、不改 Ollama fallback route、不改 CORS / firewall / service。

View File

@@ -0,0 +1,215 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:vibework-iwooos-onboarding-handoff-v1",
"title": "VibeWork IwoooS Onboarding Handoff v1",
"description": "定義 VibeWork 納入 IwoooS 只讀視野時的 repo、product、surface、owner、evidence refs、資料分級、部署邊界與獨立產品邊界。此契約不授權 repo / refs / workflow 變更、secret 收集、production deploy、掃描、修復或 runtime execution。",
"type": "object",
"required": [
"schema_version",
"status",
"date",
"mode",
"source_evidence_refs",
"summary",
"product_identity",
"repo_scope",
"product_surfaces",
"owner_response_handoff",
"independent_product_boundary",
"data_classification_intake",
"deployment_boundary",
"acceptance_rules",
"forbidden_actions"
],
"properties": {
"schema_version": {"const": "vibework_iwooos_onboarding_handoff_v1"},
"status": {"type": "string", "enum": ["draft_waiting_owner_review"]},
"date": {"type": "string"},
"mode": {"type": "string", "enum": ["product_scope_handoff_only"]},
"source_evidence_refs": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"summary": {
"type": "object",
"required": [
"product_name",
"onboarding_handoff_package_ready",
"onboarding_handoff_completion_percent",
"product_boundary_merged_into_awoooi",
"owner_response_received",
"owner_response_accepted",
"repo_refs_truth_accepted",
"data_classification_accepted",
"deployment_boundary_accepted",
"runtime_gate_open",
"runtime_execution_authorized",
"production_deploy_authorized",
"repo_creation_authorized",
"refs_sync_authorized",
"workflow_modification_authorized",
"secret_value_collection_authorized",
"shared_database_authorized",
"shared_session_authorized",
"shared_rbac_authorized",
"action_buttons_allowed"
],
"properties": {
"product_name": {"type": "string"},
"onboarding_handoff_package_ready": {"type": "boolean"},
"onboarding_handoff_completion_percent": {"type": "integer", "minimum": 0, "maximum": 100},
"product_boundary_merged_into_awoooi": {"type": "boolean", "const": false},
"owner_response_received": {"type": "boolean", "const": false},
"owner_response_accepted": {"type": "boolean", "const": false},
"repo_refs_truth_accepted": {"type": "boolean", "const": false},
"data_classification_accepted": {"type": "boolean", "const": false},
"deployment_boundary_accepted": {"type": "boolean", "const": false},
"runtime_gate_open": {"type": "boolean", "const": false},
"runtime_execution_authorized": {"type": "boolean", "const": false},
"production_deploy_authorized": {"type": "boolean", "const": false},
"repo_creation_authorized": {"type": "boolean", "const": false},
"refs_sync_authorized": {"type": "boolean", "const": false},
"workflow_modification_authorized": {"type": "boolean", "const": false},
"secret_value_collection_authorized": {"type": "boolean", "const": false},
"shared_database_authorized": {"type": "boolean", "const": false},
"shared_session_authorized": {"type": "boolean", "const": false},
"shared_rbac_authorized": {"type": "boolean", "const": false},
"action_buttons_allowed": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"product_identity": {
"type": "object",
"required": ["product_type", "current_focus", "technical_stack", "language_policy"],
"properties": {
"product_type": {"type": "string"},
"current_focus": {"type": "string"},
"technical_stack": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"language_policy": {"type": "string"}
},
"additionalProperties": false
},
"repo_scope": {
"type": "object",
"required": ["active_workspace", "reference_worktree", "required_owner_answers"],
"properties": {
"active_workspace": {
"type": "object",
"required": ["path", "status_summary", "canonical_for_iwooos", "forbidden_actions"],
"properties": {
"path": {"type": "string"},
"status_summary": {"type": "string"},
"canonical_for_iwooos": {"type": "boolean", "const": false},
"forbidden_actions": {"type": "array", "items": {"type": "string"}, "minItems": 1}
},
"additionalProperties": false
},
"reference_worktree": {
"type": "object",
"required": ["path", "head_sha", "origin_main_sha", "main_sha", "remote", "refs_truth_status"],
"properties": {
"path": {"type": "string"},
"head_sha": {"type": "string"},
"origin_main_sha": {"type": "string"},
"main_sha": {"type": "string"},
"remote": {"type": "string"},
"refs_truth_status": {"type": "string"}
},
"additionalProperties": false
},
"required_owner_answers": {"type": "array", "items": {"type": "string"}, "minItems": 1}
},
"additionalProperties": false
},
"product_surfaces": {
"type": "array",
"items": {
"type": "object",
"required": ["surface_id", "routes", "boundary"],
"properties": {
"surface_id": {"type": "string"},
"routes": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"boundary": {"type": "string"}
},
"additionalProperties": false
},
"minItems": 1
},
"owner_response_handoff": {
"type": "object",
"required": [
"status",
"request_dispatch_authorized",
"required_response_fields",
"allowed_decisions",
"forbidden_inputs",
"response_received",
"response_accepted"
],
"properties": {
"status": {"type": "string", "enum": ["ready_not_dispatched"]},
"request_dispatch_authorized": {"type": "boolean", "const": false},
"required_response_fields": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"allowed_decisions": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"forbidden_inputs": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"response_received": {"type": "boolean", "const": false},
"response_accepted": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"independent_product_boundary": {
"type": "object",
"required": ["must_remain_independent", "forbidden_couplings", "allowed_future_integrations"],
"properties": {
"must_remain_independent": {"type": "boolean"},
"forbidden_couplings": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"allowed_future_integrations": {"type": "array", "items": {"type": "string"}, "minItems": 1}
},
"additionalProperties": false
},
"data_classification_intake": {
"type": "array",
"items": {
"type": "object",
"required": ["data_type", "status", "collection_rule"],
"properties": {
"data_type": {"type": "string"},
"status": {"type": "string", "enum": ["waiting_owner_classification"]},
"collection_rule": {"type": "string"}
},
"additionalProperties": false
},
"minItems": 1
},
"deployment_boundary": {
"type": "object",
"required": [
"public_host",
"production_mode",
"compose_host",
"compose_directory",
"internal_web",
"database_boundary",
"k3s_namespace_reference",
"production_verification_in_this_awoooi_stage",
"deployment_authorized"
],
"properties": {
"public_host": {"type": "string"},
"production_mode": {"type": "string"},
"compose_host": {"type": "string"},
"compose_directory": {"type": "string"},
"internal_web": {"type": "string"},
"database_boundary": {"type": "string"},
"k3s_namespace_reference": {"type": "string"},
"production_verification_in_this_awoooi_stage": {"type": "boolean", "const": false},
"deployment_authorized": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"acceptance_rules": {"type": "array", "items": {"type": "string"}, "minItems": 1},
"forbidden_actions": {"type": "array", "items": {"type": "string"}, "minItems": 1}
},
"additionalProperties": false
}

View File

@@ -28,6 +28,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence
| `source_control_owner_response_validation_rollup_v1` | owner response 仍為 0、S4.9 下一個收件候選 |
| `source_control_primary_readiness_gate_v1` | GitHub primary readiness 仍為 0、候選 repo 與切換前置缺口 |
| `kali_integration_status_v1` | Kali 112 observe-only 整合態勢 |
| `vibework_iwooos_onboarding_handoff_v1` | VibeWork repo / product / surface / owner / evidence refs / 獨立產品邊界只讀 handoff |
| `2026-06-04-iwooos-security-governance-p0.md` | IwoooS P0 完成度、優先順序、跨 Session 同步與驗證節點 |
| `/iwooos` 前端路由 | 顯示入口,不提供執行按鈕 |
| 既有前端資安頁面 | 只讀索引,不搬移原頁責任邊界、不新增執行控制 |

View File

@@ -0,0 +1,139 @@
# VibeWork 納入 IwoooS 只讀 Handoff
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-04 |
| 狀態 | 草案,等待 owner review |
| 產品 | `VibeWork` |
| Schema | `docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json` |
| Snapshot | `docs/security/vibework-iwooos-onboarding-handoff.snapshot.json` |
| 上游證據 | `docs/security/iwooos-posture-projection.snapshot.json``apps/web/src/app/[locale]/iwooos/page.tsx``/Users/ogt/Documents/VibeWork-current-main/README.md` |
| 模式 | `product_scope_handoff_only` |
| 執行面授權 | `false` |
## 0. 核心結論
P1-9 補的是 VibeWork 納入 IwoooS 後的 repo / product / surface / owner / evidence refs / 獨立產品邊界 handoff。它不是產品合併、不是部署批准、不是 repo / refs 同步、不是 workflow / secret 修改,也不是掃描或修復授權。
VibeWork 目前在 IwoooS 前端已是只讀納管範圍;本階段要補的是後台治理契約,讓 owner / reviewer 能逐項收件,而不是只靠前端卡片理解。
## 1. 已讀到的只讀 evidence
| 類別 | evidence | 判讀 |
|------|----------|------|
| 產品定位 | `/Users/ogt/Documents/VibeWork-current-main/README.md` | VibeWork 是獨立 AI Vibe Coding 接案媒合平台 |
| 技術棧 | `package.json` | Next.js 14、TypeScript、Prisma、PostgreSQL、Tailwind、Zod、Zustand |
| 產品邊界 | `docs/PROJECT_BOUNDARIES.md` | 第一階段不得共用既有產品資料庫、Session、RBAC 或核心流程 runtime |
| 部署策略 | `docs/DEPLOYMENT_STRATEGY.md` | 正式主線為獨立 Docker Composepublic host `https://vibework.wooo.work` |
| 推版流程 | `docs/RELEASE_PROCESS.md` | 正式 image 必須可追溯 Gitea commit部署後跑 smoke check |
| IwoooS 前端 | `apps/web/src/app/[locale]/iwooos/page.tsx` | 已有 VibeWork 六項收件卡runtime gate count 仍為 `0` |
## 2. Scope 摘要
| 指標 | 值 |
|------|----|
| onboarding handoff package | `ready` |
| package completion | `100%` |
| VibeWork product boundary merged into AWOOOI | `false` |
| owner response received / accepted | `false / false` |
| repo refs truth accepted | `false` |
| data classification accepted | `false` |
| deployment boundary accepted | `false` |
| runtime gate open | `false` |
| production deploy authorized | `false` |
| repo creation / refs sync / workflow modification authorized | `false / false / false` |
## 3. Repo / Refs Handoff
目前只讀觀察到兩個本機路徑與一個 Gitea remote
| 類型 | 路徑 / remote | 只讀判讀 | 不可誤讀 |
|------|---------------|----------|----------|
| active workspace | `/Users/ogt/Documents/VibeWork` | 工作目錄存在大量本地修改與未追蹤檔;不適合作為 AWOOOI 直接引用的 canonical evidence | 不可自動 commit、rebase、push、刪檔或同步 refs |
| reference worktree | `/Users/ogt/Documents/VibeWork-current-main` | HEAD `1a902530141004d958cda639bea9a837282c867f``origin/main=421c834756b7f41ef554c0348274f3762c3fc2de``main=48275cc52be79107e887147d3fe10310a887afe9` | refs truth 需 owner 決定;不可自動把 worktree 當正式 main |
| Gitea remote | `ssh://git@192.168.0.110:2222/wooo/vibework.git` | VibeWork 正式版本來源候選 | 不收 SSH key、不改 remote、不 push、不建 GitHub mirror |
後續 owner response 必須回答:
1. canonical repo path / remote 以哪個為準。
2. `VibeWork` / `VibeWork-current-main` / `origin/main` / `main` 的 refs truth 如何處理。
3. 哪些 dirty workspace 檔案只是本機 WIP哪些是待整合 release candidate。
4. 是否需要 GitHub target若需要也只收 target metadata不建立 repo。
5. workflow、runner、secret name parity 是否要納入後續 source-control owner response不收 secret value。
## 4. Product / Surface Handoff
| Surface | 類型 | 本階段 evidence | 邊界 |
|---------|------|----------------|------|
| `/``/en` | public marketing | 官網首頁與英文入口存在 | 不代表 production smoke 已在本段執行 |
| `/client/projects/new``/client/projects/*` | client workspace | 需求者 intake、PRD、媒合流程 | 不接 AWOOOI DB、不共用 Session |
| `/coder/matches``/coder/profile` | coder workspace | 接案者履歷、媒合機會與回應 | 不共用 AWOOOI RBAC |
| `/admin``/api/v1/admin/*` | admin / reviewer | 管理後台、審核、內容管理 | 需 VibeWork 自身角色邊界 |
| `/notifications` | logged-in user | 站內通知 | 不導入 AWOOOI Telegram approval 語義 |
| `/api/v1/health` | health | 正式 smoke 目標之一 | 只作 health evidence不代表 runtime gate |
| `/api/ai/*` | AI assistance | intake / milestone / support agent 路徑 | AI evidence 必須保留 VibeWork 內部稽核與授權邊界 |
## 5. Owner Response Handoff
此 handoff 只讓 AwoooP 或 reviewer 請 owner 補 VibeWork metadata。它不是 request sent、不是 approval queue也不是可執行動作。
### 5.1 必填欄位
| 欄位 | 說明 |
|------|------|
| `product_owner_role_or_team` | VibeWork 產品 owner 或 team |
| `security_owner_role_or_team` | VibeWork 資安 / 資料保護 owner |
| `source_control_owner_role_or_team` | repo / refs / workflow / secret name owner |
| `deployment_owner_role_or_team` | Docker Compose / K3s / domain / smoke owner |
| `data_classification_owner_role_or_team` | 需求、PRD、個資、媒合、稽核與通知資料分級 owner |
| `surface_scope` | 本次納入 IwoooS 的 route、API、admin、worker、job 範圍 |
| `decision` | 允許值:`confirm_observe_only``defer``reject``request_more_evidence` |
| `decision_reason` | 決策理由摘要,不得貼 raw secret、token、cookie 或未脫敏截圖 |
| `redacted_evidence_refs` | 只填文件、snapshot、ticket、commit、hash 或脫敏 metadata pointer |
| `followup_owner` | 補件、拒收或下一階段 owner |
### 5.2 禁止輸入
| 類型 | 規則 |
|------|------|
| credential | 不貼 `.env`、DB URL、auth secret、job secret、webhook token、API key、cookie、session、private key |
| raw data | 不貼需求者原始需求、PRD 原文、媒合個資、會員資料、通知內容、稽核原文 |
| source-control action | 不要求建立 repo、同步 refs、rebase、push、改 workflow、改 runner、改 secret |
| production action | 不要求 deploy、restart、compose up/down、DB migration、drift guard apply |
| runtime coupling | 不要求共用 AWOOOI DB、Session、RBAC、Telegram approval 或 AwoooP execution router |
## 6. 獨立產品邊界
VibeWork 可以納入 IwoooS 的全產品資安視野,但第一階段仍必須維持獨立產品邊界:
1. 不共用 AWOOOI 或其他產品資料庫。
2. 不共用 AWOOOI 會員 Session。
3. 不把 VibeWork RBAC 綁到 AWOOOI 權限模型。
4. 不讓 VibeWork 核心流程依賴 AWOOOI runtime 可用性。
5. 不把 AwoooP approval 當 VibeWork 資安批准或部署批准。
6. 後續整合只能走版本化 API、Webhook、outbox、匯入匯出配接器、SSO / OAuth 或 Anti-Corruption Layer。
7. 即使未來做 SSO / OAuth也不得取代 VibeWork 自己的 RBAC 與稽核事件。
## 7. 資料分級收件
| 資料類型 | 初期分級狀態 | 收件規則 |
|----------|--------------|----------|
| 需求者需求 / intake answer | waiting owner classification | 只收欄位類型、資料流與脫敏摘要,不收原文 |
| PRD block / source anchor | waiting owner classification | 只收資料模型與風險摘要,不收完整 PRD |
| 接案者履歷 / 作品集 | waiting owner classification | 只收欄位與公開 / 私有邊界,不收個資內容 |
| 媒合紀錄 / 分數理由 | waiting owner classification | 只收評分因子與稽核規則,不收個案資料 |
| AuditEvent / 通知 | waiting owner classification | 只收事件類型與保存策略,不收訊息原文 |
| admin / marketing content | waiting owner classification | 只收發布流程與權限邊界,不收未發布內容 |
## 8. 驗收規則
1. 本 handoff 完成不代表 VibeWork owner response 已收到或 accepted。
2. VibeWork 納入 IwoooS 只代表全產品資安視野可見,不代表掃描、部署、修復或 runtime execution。
3. canonical repo、refs truth、workflow / secret name、GitHub target 仍需 source-control owner response。
4. 正式 URL、Docker Compose、health endpoint 或 drift guard 可見,不等於本段已做 production verification。
5. 任何 `.env`、secret、DB URL、token、private key、cookie、session、auth header、job secret 都必須拒收或隔離。
6. 未來若要改 VibeWork production、deploy、compose、DB migration、worker、domain、TLS 或 smoke 帳密,必須另開 VibeWork owner approval 與 rollback / post-check。
## 9. 階段定位
P1-9 只把 VibeWork 從「前端已只讀納管」推到「owner / reviewer 可照表審 repo、product、surface、owner、data classification、deployment boundary 與 evidence refs」。它不改 VibeWork repo、不改 AWOOOI 前端、不部署、不掃描、不開 runtime gate也不提高 IwoooS headline 64%。

View File

@@ -0,0 +1,283 @@
{
"schema_version": "vibework_iwooos_onboarding_handoff_v1",
"status": "draft_waiting_owner_review",
"date": "2026-06-04",
"mode": "product_scope_handoff_only",
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/VibeWork-current-main/README.md",
"/Users/ogt/Documents/VibeWork-current-main/docs/PROJECT_BOUNDARIES.md",
"/Users/ogt/Documents/VibeWork-current-main/docs/DEPLOYMENT_STRATEGY.md",
"/Users/ogt/Documents/VibeWork-current-main/docs/RELEASE_PROCESS.md",
"/Users/ogt/Documents/VibeWork-current-main/package.json"
],
"summary": {
"product_name": "VibeWork",
"onboarding_handoff_package_ready": true,
"onboarding_handoff_completion_percent": 100,
"product_boundary_merged_into_awoooi": false,
"owner_response_received": false,
"owner_response_accepted": false,
"repo_refs_truth_accepted": false,
"data_classification_accepted": false,
"deployment_boundary_accepted": false,
"runtime_gate_open": false,
"runtime_execution_authorized": false,
"production_deploy_authorized": false,
"repo_creation_authorized": false,
"refs_sync_authorized": false,
"workflow_modification_authorized": false,
"secret_value_collection_authorized": false,
"shared_database_authorized": false,
"shared_session_authorized": false,
"shared_rbac_authorized": false,
"action_buttons_allowed": false
},
"product_identity": {
"product_type": "獨立 AI Vibe Coding 接案媒合平台",
"current_focus": "需求者引導式需求收集、區塊式 PRD、可解釋媒合、接案者回應、合作確認、站內通知、管理後台監控",
"technical_stack": [
"Next.js 14 App Router",
"TypeScript",
"Tailwind CSS",
"React Hook Form",
"Zod",
"Zustand",
"Prisma",
"PostgreSQL"
],
"language_policy": "所有文件、產品文案、註解與說明文字皆使用繁體中文;技術名詞與識別字可保留英文。"
},
"repo_scope": {
"active_workspace": {
"path": "/Users/ogt/Documents/VibeWork",
"status_summary": "read_only_observed_dirty_workspace_ahead_3_behind_92_with_many_modified_and_untracked_files",
"canonical_for_iwooos": false,
"forbidden_actions": [
"commit",
"rebase",
"push",
"delete_files",
"sync_refs"
]
},
"reference_worktree": {
"path": "/Users/ogt/Documents/VibeWork-current-main",
"head_sha": "1a902530141004d958cda639bea9a837282c867f",
"origin_main_sha": "421c834756b7f41ef554c0348274f3762c3fc2de",
"main_sha": "48275cc52be79107e887147d3fe10310a887afe9",
"remote": "ssh://git@192.168.0.110:2222/wooo/vibework.git",
"refs_truth_status": "waiting_owner_decision"
},
"required_owner_answers": [
"canonical repo path / remote",
"refs truth between active workspace, reference worktree, origin/main and main",
"dirty workspace WIP vs release candidate disposition",
"GitHub target metadata if needed",
"workflow / runner / secret name parity owner"
]
},
"product_surfaces": [
{
"surface_id": "public-marketing",
"routes": [
"/",
"/en",
"/services",
"/industries",
"/resources",
"/case-studies",
"/pricing"
],
"boundary": "public content surface only; not production smoke in this AWOOOI handoff"
},
{
"surface_id": "client-workspace",
"routes": [
"/client/projects/new",
"/client/projects",
"/client/projects/[projectId]/intake/[sessionId]",
"/client/projects/[projectId]/prd",
"/client/projects/[projectId]/matches",
"/client/projects/[projectId]/workspace"
],
"boundary": "client Session and data ownership stay inside VibeWork"
},
{
"surface_id": "coder-workspace",
"routes": [
"/coder/profile",
"/coder/matches",
"/coder/projects/[projectId]/workspace"
],
"boundary": "coder profile, portfolio and match data require VibeWork data classification"
},
{
"surface_id": "admin-review",
"routes": [
"/admin",
"/admin/growth-analytics",
"/admin/growth-launch",
"/admin/growth-leads",
"/admin/marketing-preview",
"/api/v1/admin/*"
],
"boundary": "admin / reviewer RBAC remains VibeWork-owned"
},
{
"surface_id": "health-and-jobs",
"routes": [
"/api/v1/health",
"/api/v1/jobs/*"
],
"boundary": "health and job routes need VibeWork job-secret handling; no secret value collection"
},
{
"surface_id": "ai-assistance",
"routes": [
"/api/ai/intake-assistant",
"/api/ai/milestone-assistant",
"/api/ai/support"
],
"boundary": "AI evidence must remain within VibeWork audit and authorization boundary"
}
],
"owner_response_handoff": {
"status": "ready_not_dispatched",
"request_dispatch_authorized": false,
"required_response_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"allowed_decisions": [
"confirm_observe_only",
"defer",
"reject",
"request_more_evidence"
],
"forbidden_inputs": [
".env content",
"database URL value",
"auth secret value",
"job secret value",
"webhook token value",
"API key value",
"cookie",
"session",
"private key",
"client raw requirement",
"PRD raw content",
"match personal data",
"notification raw content",
"audit raw payload",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"response_received": false,
"response_accepted": false
},
"independent_product_boundary": {
"must_remain_independent": true,
"forbidden_couplings": [
"share_awoooi_database",
"share_awoooi_session",
"bind_vibework_rbac_to_awoooi_rbac",
"depend_on_awoooi_runtime_for_core_flow",
"treat_awooop_approval_as_vibework_security_approval",
"direct_cross_database_join"
],
"allowed_future_integrations": [
"versioned API",
"Webhook event",
"outbox pattern",
"import / export adapter",
"SSO / OAuth with VibeWork RBAC preserved",
"Anti-Corruption Layer"
]
},
"data_classification_intake": [
{
"data_type": "client requirement / intake answer",
"status": "waiting_owner_classification",
"collection_rule": "metadata and field type only; no raw answer content"
},
{
"data_type": "PRD block / source anchor",
"status": "waiting_owner_classification",
"collection_rule": "model and risk summary only; no full PRD"
},
{
"data_type": "coder profile / portfolio",
"status": "waiting_owner_classification",
"collection_rule": "field and public / private boundary only; no personal data content"
},
{
"data_type": "match record / score reason",
"status": "waiting_owner_classification",
"collection_rule": "scoring factor and audit rule only; no case data"
},
{
"data_type": "AuditEvent / notification",
"status": "waiting_owner_classification",
"collection_rule": "event type and retention policy only; no message body"
},
{
"data_type": "admin / marketing content",
"status": "waiting_owner_classification",
"collection_rule": "publication workflow and permission boundary only; no unpublished content"
}
],
"deployment_boundary": {
"public_host": "https://vibework.wooo.work",
"production_mode": "Docker Compose on independent product boundary",
"compose_host": "192.168.0.188",
"compose_directory": "/home/ollama/vibework-production",
"internal_web": "http://192.168.0.188:32336",
"database_boundary": "Compose PostgreSQL service; host binding documented as 127.0.0.1:54329",
"k3s_namespace_reference": "vibework namespace manifests retained as optional reference; runtime deployment scaled to 0 in source evidence",
"production_verification_in_this_awoooi_stage": false,
"deployment_authorized": false
},
"acceptance_rules": [
"本 handoff 完成不代表 VibeWork owner response 已收到或 accepted。",
"VibeWork 納入 IwoooS 只代表全產品資安視野可見,不代表掃描、部署、修復或 runtime execution。",
"canonical repo、refs truth、workflow / secret name、GitHub target 仍需 source-control owner response。",
"正式 URL、Docker Compose、health endpoint 或 drift guard 可見,不等於本段已做 production verification。",
"任何 .env、secret、DB URL、token、private key、cookie、session、auth header、job secret 都必須拒收或隔離。",
"未來若要改 VibeWork production、deploy、compose、DB migration、worker、domain、TLS 或 smoke 帳密,必須另開 VibeWork owner approval 與 rollback / post-check。"
],
"forbidden_actions": [
"modify_vibework_repo",
"commit_vibework_changes",
"push_vibework_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
]
}

View File

@@ -9,7 +9,7 @@
| 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
| 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` |
| 本次分支 | `codex/iwooos-governance-p0-20260604` |
| 最新觀察到的 `gitea/main` | `65bdfd1d chore(cd): deploy 29a67ec [skip ci]` |
| 最新觀察到的 `gitea/main` | `5fcf4f8e docs(logbook): record source link canary repair [skip ci]` |
| 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` |
| 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` |
| 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 |
@@ -26,7 +26,7 @@
| GitHub primary readiness | 0 | 否 | primary gate 仍為 0P1 只讀重盤工作本身目前約 70%,不代表可切 primary |
| Kali 112 維護準備 | P1-7 maintenance window draft `100%`;維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan |
| 111 / 168 開發主機納管 | P1-8 scope handoff package `100%`;主機執行 `0%` | 否 | 仍不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service、不自動修復 |
| VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 |
| VibeWork 納入 IwoooS | P1-9 onboarding handoff package `100%`;產品 / repo / surface / owner / evidence 邊界已可交接 | 否 | 保留 VibeWork 獨立產品邊界;不部署、不掃描、不改 repo / refs / workflow、不收 secrets |
## 2. P0 工作拆解與優先順序
@@ -131,7 +131,7 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count
| P1 | GitHub primary readiness 只讀重盤 | repo visibility、refs、tags、workflow、secret name、runner、rollback ADR | 只讀 inventory不建立 repo、不同步 refs |
| P1 | Kali 112 維護窗口草案 | 1994 pending updates、`networking.service` failed、服務硬化 0/4、rollback、post-check | P1-7 草案已完成;不 `apt upgrade`、不 restart |
| P1 | 111 / 168 主機 scope 補強 | P1-8 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、snapshot 與 schemascope、maintenance window、credential handling、rollback owner、validation 指標已可交接 | observe-only不 credentialed scan、不改 route / CORS / firewall / service |
| P1 | VibeWork 納入 IwoooS | repo、product、surface、owner、evidence refs、獨立產品邊界 | 繁中 docs/specs不合併產品責任 |
| P1 | VibeWork 納入 IwoooS | P1-9 已補 `VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md`、snapshot 與 schemarepo、product、surface、owner、evidence refs、資料分級、部署邊界與獨立產品邊界已可交接 | 繁中 docs/specs不合併產品責任、不部署、不改 refs |
| P1 | Code Review 候選分類 | 前端體驗、測試補洞、文件同步、低風險重構;人工批准後才 Codex | 候選不自動改 code、不自動 deploy |
| P2 | IwoooS UX 精簡 | 首屏摘要、圖、矩陣、Gate長證據改展開式 | desktop/mobile 開頁、overflow |
| P2 | 資安圖表專業化 | 主拓樸圖、攻擊路徑圖、主機 / 產品 / 版本來源關聯圖、Gate flow | local + production browser |
@@ -178,6 +178,9 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
| 需要新增規範 | 111 / 168 開發主機 scope handoff | 原本只有 observe-only mapping缺 owner 可審的 scope boundary、credential refusal、rollback owner、validation metrics 與維護窗口欄位 | 已新增 P1-8 handoff、snapshot 與 schemahost execution 仍 `0%` |
| 需要調整規範 | 111 Ollama fallback wording | 111 是 ADR-110 local fallback evidence 範圍,不可被誤讀成可直接改 route、重啟 Ollama 或停止模型 | 已在 P1-8 固定 `fallback_route_change_authorized=false` 與 route truth observe-only |
| 需要調整規範 | 168 dev origin / repo hygiene wording | repo hygiene 與 local service exposure 容易被誤讀成可掃個人資料、讀未授權目錄或改 CORS / firewall | 已在 P1-8 固定未授權目錄、個人資料、secret derivative、CORS / firewall / service change 全部拒收 / 禁止 |
| 需要新增規範 | VibeWork owner / repo / surface handoff | 既有前端已有 VibeWork 收件卡,但缺可交接的 repo、product、surface、owner、evidence refs、資料分級與獨立產品邊界契約 | 已新增 P1-9 handoff、snapshot 與 schemaproduct runtime / deploy / repo mutation 仍 `0 / false` |
| 需要調整規範 | VibeWork refs truth wording | 本機同時存在 active workspace 與 reference worktree且 refs 有差異;不能把 dirty workspace 或 worktree HEAD 當正式 main | 已在 P1-9 固定 `refs_truth_status=waiting_owner_decision`,不自動 commit / rebase / push / sync refs |
| 需要調整規範 | VibeWork 獨立產品邊界 | VibeWork 可納入 IwoooS 視野,但不得與 AWOOOI 共用 DB、Session、RBAC 或核心流程 runtime | 已在 P1-9 固定獨立產品邊界與未來 API / Webhook / ACL 整合方式 |
## 6.3 P1 優先順序細化
@@ -191,7 +194,7 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
| P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count |
| P1-7 | Kali 112 maintenance window 草案 | 已補 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、snapshot 與 schemapackages、`networking.service` failed、hardening 0/4、rollback、post-check 已進 owner handoff | 文件草案,不執行 `apt upgrade` / restart / hardening / scan |
| P1-8 | 111 / 168 開發主機 scope | 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md``dev-hosts-111-168-scope-handoff.snapshot.json``dev_host_scope_handoff_v1.schema.json`111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已拆成 handoff | scope handoff `100%`;主機執行 `0%`;不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service |
| P1-9 | VibeWork 納入 IwoooS | repo / product / surface / owner / evidence refs / 獨立產品邊界 | docs/specs 繁中,產品責任不合併 |
| P1-9 | VibeWork 納入 IwoooS | 已補 `VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md``vibework-iwooos-onboarding-handoff.snapshot.json``vibework_iwooos_onboarding_handoff_v1.schema.json`repo / product / surface / owner / evidence refs / 資料分級 / 部署邊界 / 獨立產品邊界已拆成 handoff | onboarding handoff `100%`runtime / deploy / repo mutation `0 / false`docs/specs 繁中,產品責任不合併 |
## 7. 2026-06-04 本輪驗證紀錄
@@ -223,6 +226,8 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
| P1-7 Kali 112 maintenance window draft | 新增 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md``kali-112-maintenance-window-draft.snapshot.json``kali_maintenance_window_draft_v1.schema.json`1994 pending updates、`networking.service` failed、hardening `0 / 4`、rollback owner、post-check owner 已整理成 handoff | `host_update_authorized=false``service_restart_authorized=false``hardening_authorized=false``reboot_authorized=false``active_scan_authorized=false``execute_endpoint_authorized=false` |
| P1-8 111 / 168 dev host scope handoff | 新增 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md``dev-hosts-111-168-scope-handoff.snapshot.json``dev_host_scope_handoff_v1.schema.json`111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已整理成 owner handoff | `host_change_authorized=false``fallback_route_change_authorized=false``credentialed_scan_authorized=false``active_scan_authorized=false``secret_value_collection_authorized=false``runtime_execution_authorized=false` |
| P1-8 JSON parse / structure check | `dev-hosts-111-168-scope-handoff.snapshot.json``dev_host_scope_handoff_v1.schema.json` JSON parse 通過;本段自訂結構檢查 `DEV_HOST_SCOPE_HANDOFF_STRUCTURE_OK` | 本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 |
| P1-9 VibeWork onboarding handoff | 新增 `VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md``vibework-iwooos-onboarding-handoff.snapshot.json``vibework_iwooos_onboarding_handoff_v1.schema.json`VibeWork repo / refs truth、產品定位、surface、owner response、資料分級、部署邊界與獨立產品邊界已整理成 owner handoff | `product_boundary_merged_into_awoooi=false``production_deploy_authorized=false``repo_creation_authorized=false``refs_sync_authorized=false``workflow_modification_authorized=false``shared_database_authorized=false``shared_session_authorized=false` |
| P1-9 JSON parse / structure check | `vibework-iwooos-onboarding-handoff.snapshot.json``vibework_iwooos_onboarding_handoff_v1.schema.json` JSON parse 通過;本段自訂結構檢查 `VIBEWORK_IWOOOS_ONBOARDING_HANDOFF_STRUCTURE_OK` | 本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 |
| P1 JSON parse | `gitea-github-awoooi-inventory``github-target-probe``source-control-primary-readiness-gate``source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 |
| P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 |
@@ -240,6 +245,10 @@ host_change_authorized=false
fallback_route_change_authorized=false
credentialed_scan_authorized=false
secret_value_collection_authorized=false
production_deploy_authorized=false
repo_creation_authorized=false
refs_sync_authorized=false
workflow_modification_authorized=false
active_scan_authorized=false
```