From a89a48d1e0a118d36c302c99670b6a1af420f1af Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 4 Jun 2026 20:51:35 +0800 Subject: [PATCH] =?UTF-8?q?docs(security):=20=E8=A3=9C=20VibeWork=20?= =?UTF-8?q?=E7=B4=8D=E7=AE=A1=20handoff=20[skip=20ci]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/LOGBOOK.md | 39 +++ ...k_iwooos_onboarding_handoff_v1.schema.json | 215 +++++++++++++ docs/security/IWOOOS-POSTURE-PROJECTION.md | 1 + .../VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md | 139 +++++++++ ...rk-iwooos-onboarding-handoff.snapshot.json | 283 ++++++++++++++++++ ...026-06-04-iwooos-security-governance-p0.md | 17 +- 6 files changed, 690 insertions(+), 4 deletions(-) create mode 100644 docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json create mode 100644 docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md create mode 100644 docs/security/vibework-iwooos-onboarding-handoff.snapshot.json diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 2507a627..1421dd65 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,42 @@ +## 2026-06-04|IwoooS P1-9 VibeWork Onboarding Handoff + +**背景**:P1-8 已補 111 / 168 開發主機 scope handoff;本段接續 P1-9,將 VibeWork 納入 IwoooS 的 repo、product、surface、owner、evidence refs、資料分級、部署邊界與獨立產品邊界整理成 owner / reviewer 可審的只讀 handoff。這不是產品合併、不是部署批准、不是 repo / refs 同步、不是 workflow / secret 修改,也不是掃描或修復授權。 + +**本輪完成**: +- 新增 `docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md`:整理 VibeWork 產品定位、repo / refs truth、surface、owner response 欄位、資料分級、部署邊界與獨立產品邊界。 +- 新增 `docs/security/vibework-iwooos-onboarding-handoff.snapshot.json`:固定 `onboarding_handoff_completion_percent=100`,並維持 `product_boundary_merged_into_awoooi=false`、`production_deploy_authorized=false`、`repo_creation_authorized=false`、`refs_sync_authorized=false`、`workflow_modification_authorized=false`、`secret_value_collection_authorized=false`、`shared_database_authorized=false`、`shared_session_authorized=false`、`shared_rbac_authorized=false`。 +- 新增 `docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json`:讓 VibeWork onboarding handoff 有可驗契約。 +- 更新 `IWOOOS-POSTURE-PROJECTION.md`:把 `vibework_iwooos_onboarding_handoff_v1` 加入 IwoooS 可讀來源。 +- 更新 IwoooS P0/P1 主控總帳:P1-9 onboarding handoff 標記 `100%`;VibeWork runtime / deploy / repo mutation 仍 `0 / false`;IwoooS headline 仍 `64%`。 + +**完成度更新**: +- P1-9 VibeWork onboarding handoff:`100%`。 +- VibeWork runtime / deploy / repo mutation:`0 / false`。 +- owner response received / accepted:`false / false`。 +- repo refs truth accepted:`false`。 +- data classification accepted:`false`。 +- deployment boundary accepted:`false`。 +- active runtime gate:`0`。 +- IwoooS headline:維持 `64%`,不因文件草案假性調高。 + +**驗證**: +- `python3 -m json.tool docs/security/vibework-iwooos-onboarding-handoff.snapshot.json`:通過。 +- `python3 -m json.tool docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json`:通過。 +- 本段自訂結構檢查:`VIBEWORK_IWOOOS_ONBOARDING_HANDOFF_STRUCTURE_OK`。 +- `git diff --check`:通過。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .`:`SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .`:`SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- 新增 diff 行 credential pattern 檢查:`NO_ADDED_URL_CREDENTIAL_PATTERNS`。 +- staged 授權旗標檢查:`NO_UNEXPECTED_AUTHORIZATION_OR_COUNTER_INCREASE`。 +- Schema validator 限制:本地沒有 Python `jsonschema` / Node AJV 驗證器時,以 JSON parse、自訂結構檢查與既有 guard 補位。 +- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK,未改 IwoooS 前端與 production 文案,不宣稱新的 production 狀態;沿用既有 VibeWork 前端只讀納管卡與 P0 `/zh-TW/iwooos` live sanity 基準。 + +**目前邊界**: +- VibeWork 是獨立產品;不得與 AWOOOI 共用 DB、Session、RBAC 或核心流程 runtime。 +- `/Users/ogt/Documents/VibeWork` 是 dirty active workspace;`/Users/ogt/Documents/VibeWork-current-main` 是 reference worktree;refs truth 需 owner 決定,不自動 commit / rebase / push / sync refs。 +- VibeWork production URL、Docker Compose、health endpoint 或 drift guard 可見,不代表本段做了 production verification 或部署批准。 +- `.env`、DB URL、auth secret、job secret、webhook token、API key、cookie、session、private key、使用者原始需求、完整 PRD、媒合個資與通知原文全部拒收或隔離。 + ## 2026-06-04|IwoooS P1-8 111 / 168 Dev Host Scope Handoff **背景**:P1-7 已把 Kali `192.168.0.112` 維護窗口草案推到 owner / reviewer 可審;本段接續 P1-8,補 `192.168.0.111` 與 `192.168.0.168` 的開發主機 scope、credential handling、rollback owner 與 validation metrics。這是 observe-only handoff,不登入主機、不 SSH、不 credentialed scan、不 active scan、不讀未授權目錄、不改 Ollama fallback route、不改 CORS / firewall / service。 diff --git a/docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json b/docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json new file mode 100644 index 00000000..03625b8c --- /dev/null +++ b/docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json @@ -0,0 +1,215 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "urn:awoooi:vibework-iwooos-onboarding-handoff-v1", + "title": "VibeWork IwoooS Onboarding Handoff v1", + "description": "定義 VibeWork 納入 IwoooS 只讀視野時的 repo、product、surface、owner、evidence refs、資料分級、部署邊界與獨立產品邊界。此契約不授權 repo / refs / workflow 變更、secret 收集、production deploy、掃描、修復或 runtime execution。", + "type": "object", + "required": [ + "schema_version", + "status", + "date", + "mode", + "source_evidence_refs", + "summary", + "product_identity", + "repo_scope", + "product_surfaces", + "owner_response_handoff", + "independent_product_boundary", + "data_classification_intake", + "deployment_boundary", + "acceptance_rules", + "forbidden_actions" + ], + "properties": { + "schema_version": {"const": "vibework_iwooos_onboarding_handoff_v1"}, + "status": {"type": "string", "enum": ["draft_waiting_owner_review"]}, + "date": {"type": "string"}, + "mode": {"type": "string", "enum": ["product_scope_handoff_only"]}, + "source_evidence_refs": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "summary": { + "type": "object", + "required": [ + "product_name", + "onboarding_handoff_package_ready", + "onboarding_handoff_completion_percent", + "product_boundary_merged_into_awoooi", + "owner_response_received", + "owner_response_accepted", + "repo_refs_truth_accepted", + "data_classification_accepted", + "deployment_boundary_accepted", + "runtime_gate_open", + "runtime_execution_authorized", + "production_deploy_authorized", + "repo_creation_authorized", + "refs_sync_authorized", + "workflow_modification_authorized", + "secret_value_collection_authorized", + "shared_database_authorized", + "shared_session_authorized", + "shared_rbac_authorized", + "action_buttons_allowed" + ], + "properties": { + "product_name": {"type": "string"}, + "onboarding_handoff_package_ready": {"type": "boolean"}, + "onboarding_handoff_completion_percent": {"type": "integer", "minimum": 0, "maximum": 100}, + "product_boundary_merged_into_awoooi": {"type": "boolean", "const": false}, + "owner_response_received": {"type": "boolean", "const": false}, + "owner_response_accepted": {"type": "boolean", "const": false}, + "repo_refs_truth_accepted": {"type": "boolean", "const": false}, + "data_classification_accepted": {"type": "boolean", "const": false}, + "deployment_boundary_accepted": {"type": "boolean", "const": false}, + "runtime_gate_open": {"type": "boolean", "const": false}, + "runtime_execution_authorized": {"type": "boolean", "const": false}, + "production_deploy_authorized": {"type": "boolean", "const": false}, + "repo_creation_authorized": {"type": "boolean", "const": false}, + "refs_sync_authorized": {"type": "boolean", "const": false}, + "workflow_modification_authorized": {"type": "boolean", "const": false}, + "secret_value_collection_authorized": {"type": "boolean", "const": false}, + "shared_database_authorized": {"type": "boolean", "const": false}, + "shared_session_authorized": {"type": "boolean", "const": false}, + "shared_rbac_authorized": {"type": "boolean", "const": false}, + "action_buttons_allowed": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "product_identity": { + "type": "object", + "required": ["product_type", "current_focus", "technical_stack", "language_policy"], + "properties": { + "product_type": {"type": "string"}, + "current_focus": {"type": "string"}, + "technical_stack": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "language_policy": {"type": "string"} + }, + "additionalProperties": false + }, + "repo_scope": { + "type": "object", + "required": ["active_workspace", "reference_worktree", "required_owner_answers"], + "properties": { + "active_workspace": { + "type": "object", + "required": ["path", "status_summary", "canonical_for_iwooos", "forbidden_actions"], + "properties": { + "path": {"type": "string"}, + "status_summary": {"type": "string"}, + "canonical_for_iwooos": {"type": "boolean", "const": false}, + "forbidden_actions": {"type": "array", "items": {"type": "string"}, "minItems": 1} + }, + "additionalProperties": false + }, + "reference_worktree": { + "type": "object", + "required": ["path", "head_sha", "origin_main_sha", "main_sha", "remote", "refs_truth_status"], + "properties": { + "path": {"type": "string"}, + "head_sha": {"type": "string"}, + "origin_main_sha": {"type": "string"}, + "main_sha": {"type": "string"}, + "remote": {"type": "string"}, + "refs_truth_status": {"type": "string"} + }, + "additionalProperties": false + }, + "required_owner_answers": {"type": "array", "items": {"type": "string"}, "minItems": 1} + }, + "additionalProperties": false + }, + "product_surfaces": { + "type": "array", + "items": { + "type": "object", + "required": ["surface_id", "routes", "boundary"], + "properties": { + "surface_id": {"type": "string"}, + "routes": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "boundary": {"type": "string"} + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "owner_response_handoff": { + "type": "object", + "required": [ + "status", + "request_dispatch_authorized", + "required_response_fields", + "allowed_decisions", + "forbidden_inputs", + "response_received", + "response_accepted" + ], + "properties": { + "status": {"type": "string", "enum": ["ready_not_dispatched"]}, + "request_dispatch_authorized": {"type": "boolean", "const": false}, + "required_response_fields": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "allowed_decisions": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "forbidden_inputs": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "response_received": {"type": "boolean", "const": false}, + "response_accepted": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "independent_product_boundary": { + "type": "object", + "required": ["must_remain_independent", "forbidden_couplings", "allowed_future_integrations"], + "properties": { + "must_remain_independent": {"type": "boolean"}, + "forbidden_couplings": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "allowed_future_integrations": {"type": "array", "items": {"type": "string"}, "minItems": 1} + }, + "additionalProperties": false + }, + "data_classification_intake": { + "type": "array", + "items": { + "type": "object", + "required": ["data_type", "status", "collection_rule"], + "properties": { + "data_type": {"type": "string"}, + "status": {"type": "string", "enum": ["waiting_owner_classification"]}, + "collection_rule": {"type": "string"} + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "deployment_boundary": { + "type": "object", + "required": [ + "public_host", + "production_mode", + "compose_host", + "compose_directory", + "internal_web", + "database_boundary", + "k3s_namespace_reference", + "production_verification_in_this_awoooi_stage", + "deployment_authorized" + ], + "properties": { + "public_host": {"type": "string"}, + "production_mode": {"type": "string"}, + "compose_host": {"type": "string"}, + "compose_directory": {"type": "string"}, + "internal_web": {"type": "string"}, + "database_boundary": {"type": "string"}, + "k3s_namespace_reference": {"type": "string"}, + "production_verification_in_this_awoooi_stage": {"type": "boolean", "const": false}, + "deployment_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "acceptance_rules": {"type": "array", "items": {"type": "string"}, "minItems": 1}, + "forbidden_actions": {"type": "array", "items": {"type": "string"}, "minItems": 1} + }, + "additionalProperties": false +} diff --git a/docs/security/IWOOOS-POSTURE-PROJECTION.md b/docs/security/IWOOOS-POSTURE-PROJECTION.md index 4b8bb622..f526d824 100644 --- a/docs/security/IWOOOS-POSTURE-PROJECTION.md +++ b/docs/security/IWOOOS-POSTURE-PROJECTION.md @@ -28,6 +28,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence: | `source_control_owner_response_validation_rollup_v1` | owner response 仍為 0、S4.9 下一個收件候選 | | `source_control_primary_readiness_gate_v1` | GitHub primary readiness 仍為 0、候選 repo 與切換前置缺口 | | `kali_integration_status_v1` | Kali 112 observe-only 整合態勢 | +| `vibework_iwooos_onboarding_handoff_v1` | VibeWork repo / product / surface / owner / evidence refs / 獨立產品邊界只讀 handoff | | `2026-06-04-iwooos-security-governance-p0.md` | IwoooS P0 完成度、優先順序、跨 Session 同步與驗證節點 | | `/iwooos` 前端路由 | 顯示入口,不提供執行按鈕 | | 既有前端資安頁面 | 只讀索引,不搬移原頁責任邊界、不新增執行控制 | diff --git a/docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md b/docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md new file mode 100644 index 00000000..abc63fef --- /dev/null +++ b/docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md @@ -0,0 +1,139 @@ +# VibeWork 納入 IwoooS 只讀 Handoff + +| 項目 | 內容 | +|------|------| +| 日期 | 2026-06-04 | +| 狀態 | 草案,等待 owner review | +| 產品 | `VibeWork` | +| Schema | `docs/schemas/vibework_iwooos_onboarding_handoff_v1.schema.json` | +| Snapshot | `docs/security/vibework-iwooos-onboarding-handoff.snapshot.json` | +| 上游證據 | `docs/security/iwooos-posture-projection.snapshot.json`、`apps/web/src/app/[locale]/iwooos/page.tsx`、`/Users/ogt/Documents/VibeWork-current-main/README.md` | +| 模式 | `product_scope_handoff_only` | +| 執行面授權 | `false` | + +## 0. 核心結論 + +P1-9 補的是 VibeWork 納入 IwoooS 後的 repo / product / surface / owner / evidence refs / 獨立產品邊界 handoff。它不是產品合併、不是部署批准、不是 repo / refs 同步、不是 workflow / secret 修改,也不是掃描或修復授權。 + +VibeWork 目前在 IwoooS 前端已是只讀納管範圍;本階段要補的是後台治理契約,讓 owner / reviewer 能逐項收件,而不是只靠前端卡片理解。 + +## 1. 已讀到的只讀 evidence + +| 類別 | evidence | 判讀 | +|------|----------|------| +| 產品定位 | `/Users/ogt/Documents/VibeWork-current-main/README.md` | VibeWork 是獨立 AI Vibe Coding 接案媒合平台 | +| 技術棧 | `package.json` | Next.js 14、TypeScript、Prisma、PostgreSQL、Tailwind、Zod、Zustand | +| 產品邊界 | `docs/PROJECT_BOUNDARIES.md` | 第一階段不得共用既有產品資料庫、Session、RBAC 或核心流程 runtime | +| 部署策略 | `docs/DEPLOYMENT_STRATEGY.md` | 正式主線為獨立 Docker Compose;public host `https://vibework.wooo.work` | +| 推版流程 | `docs/RELEASE_PROCESS.md` | 正式 image 必須可追溯 Gitea commit,部署後跑 smoke check | +| IwoooS 前端 | `apps/web/src/app/[locale]/iwooos/page.tsx` | 已有 VibeWork 六項收件卡,runtime gate count 仍為 `0` | + +## 2. Scope 摘要 + +| 指標 | 值 | +|------|----| +| onboarding handoff package | `ready` | +| package completion | `100%` | +| VibeWork product boundary merged into AWOOOI | `false` | +| owner response received / accepted | `false / false` | +| repo refs truth accepted | `false` | +| data classification accepted | `false` | +| deployment boundary accepted | `false` | +| runtime gate open | `false` | +| production deploy authorized | `false` | +| repo creation / refs sync / workflow modification authorized | `false / false / false` | + +## 3. Repo / Refs Handoff + +目前只讀觀察到兩個本機路徑與一個 Gitea remote: + +| 類型 | 路徑 / remote | 只讀判讀 | 不可誤讀 | +|------|---------------|----------|----------| +| active workspace | `/Users/ogt/Documents/VibeWork` | 工作目錄存在大量本地修改與未追蹤檔;不適合作為 AWOOOI 直接引用的 canonical evidence | 不可自動 commit、rebase、push、刪檔或同步 refs | +| reference worktree | `/Users/ogt/Documents/VibeWork-current-main` | HEAD `1a902530141004d958cda639bea9a837282c867f`;`origin/main=421c834756b7f41ef554c0348274f3762c3fc2de`;`main=48275cc52be79107e887147d3fe10310a887afe9` | refs truth 需 owner 決定;不可自動把 worktree 當正式 main | +| Gitea remote | `ssh://git@192.168.0.110:2222/wooo/vibework.git` | VibeWork 正式版本來源候選 | 不收 SSH key、不改 remote、不 push、不建 GitHub mirror | + +後續 owner response 必須回答: + +1. canonical repo path / remote 以哪個為準。 +2. `VibeWork` / `VibeWork-current-main` / `origin/main` / `main` 的 refs truth 如何處理。 +3. 哪些 dirty workspace 檔案只是本機 WIP,哪些是待整合 release candidate。 +4. 是否需要 GitHub target;若需要,也只收 target metadata,不建立 repo。 +5. workflow、runner、secret name parity 是否要納入後續 source-control owner response;不收 secret value。 + +## 4. Product / Surface Handoff + +| Surface | 類型 | 本階段 evidence | 邊界 | +|---------|------|----------------|------| +| `/`、`/en` | public marketing | 官網首頁與英文入口存在 | 不代表 production smoke 已在本段執行 | +| `/client/projects/new`、`/client/projects/*` | client workspace | 需求者 intake、PRD、媒合流程 | 不接 AWOOOI DB、不共用 Session | +| `/coder/matches`、`/coder/profile` | coder workspace | 接案者履歷、媒合機會與回應 | 不共用 AWOOOI RBAC | +| `/admin`、`/api/v1/admin/*` | admin / reviewer | 管理後台、審核、內容管理 | 需 VibeWork 自身角色邊界 | +| `/notifications` | logged-in user | 站內通知 | 不導入 AWOOOI Telegram approval 語義 | +| `/api/v1/health` | health | 正式 smoke 目標之一 | 只作 health evidence,不代表 runtime gate | +| `/api/ai/*` | AI assistance | intake / milestone / support agent 路徑 | AI evidence 必須保留 VibeWork 內部稽核與授權邊界 | + +## 5. Owner Response Handoff + +此 handoff 只讓 AwoooP 或 reviewer 請 owner 補 VibeWork metadata。它不是 request sent、不是 approval queue,也不是可執行動作。 + +### 5.1 必填欄位 + +| 欄位 | 說明 | +|------|------| +| `product_owner_role_or_team` | VibeWork 產品 owner 或 team | +| `security_owner_role_or_team` | VibeWork 資安 / 資料保護 owner | +| `source_control_owner_role_or_team` | repo / refs / workflow / secret name owner | +| `deployment_owner_role_or_team` | Docker Compose / K3s / domain / smoke owner | +| `data_classification_owner_role_or_team` | 需求、PRD、個資、媒合、稽核與通知資料分級 owner | +| `surface_scope` | 本次納入 IwoooS 的 route、API、admin、worker、job 範圍 | +| `decision` | 允許值:`confirm_observe_only`、`defer`、`reject`、`request_more_evidence` | +| `decision_reason` | 決策理由摘要,不得貼 raw secret、token、cookie 或未脫敏截圖 | +| `redacted_evidence_refs` | 只填文件、snapshot、ticket、commit、hash 或脫敏 metadata pointer | +| `followup_owner` | 補件、拒收或下一階段 owner | + +### 5.2 禁止輸入 + +| 類型 | 規則 | +|------|------| +| credential | 不貼 `.env`、DB URL、auth secret、job secret、webhook token、API key、cookie、session、private key | +| raw data | 不貼需求者原始需求、PRD 原文、媒合個資、會員資料、通知內容、稽核原文 | +| source-control action | 不要求建立 repo、同步 refs、rebase、push、改 workflow、改 runner、改 secret | +| production action | 不要求 deploy、restart、compose up/down、DB migration、drift guard apply | +| runtime coupling | 不要求共用 AWOOOI DB、Session、RBAC、Telegram approval 或 AwoooP execution router | + +## 6. 獨立產品邊界 + +VibeWork 可以納入 IwoooS 的全產品資安視野,但第一階段仍必須維持獨立產品邊界: + +1. 不共用 AWOOOI 或其他產品資料庫。 +2. 不共用 AWOOOI 會員 Session。 +3. 不把 VibeWork RBAC 綁到 AWOOOI 權限模型。 +4. 不讓 VibeWork 核心流程依賴 AWOOOI runtime 可用性。 +5. 不把 AwoooP approval 當 VibeWork 資安批准或部署批准。 +6. 後續整合只能走版本化 API、Webhook、outbox、匯入匯出配接器、SSO / OAuth 或 Anti-Corruption Layer。 +7. 即使未來做 SSO / OAuth,也不得取代 VibeWork 自己的 RBAC 與稽核事件。 + +## 7. 資料分級收件 + +| 資料類型 | 初期分級狀態 | 收件規則 | +|----------|--------------|----------| +| 需求者需求 / intake answer | waiting owner classification | 只收欄位類型、資料流與脫敏摘要,不收原文 | +| PRD block / source anchor | waiting owner classification | 只收資料模型與風險摘要,不收完整 PRD | +| 接案者履歷 / 作品集 | waiting owner classification | 只收欄位與公開 / 私有邊界,不收個資內容 | +| 媒合紀錄 / 分數理由 | waiting owner classification | 只收評分因子與稽核規則,不收個案資料 | +| AuditEvent / 通知 | waiting owner classification | 只收事件類型與保存策略,不收訊息原文 | +| admin / marketing content | waiting owner classification | 只收發布流程與權限邊界,不收未發布內容 | + +## 8. 驗收規則 + +1. 本 handoff 完成不代表 VibeWork owner response 已收到或 accepted。 +2. VibeWork 納入 IwoooS 只代表全產品資安視野可見,不代表掃描、部署、修復或 runtime execution。 +3. canonical repo、refs truth、workflow / secret name、GitHub target 仍需 source-control owner response。 +4. 正式 URL、Docker Compose、health endpoint 或 drift guard 可見,不等於本段已做 production verification。 +5. 任何 `.env`、secret、DB URL、token、private key、cookie、session、auth header、job secret 都必須拒收或隔離。 +6. 未來若要改 VibeWork production、deploy、compose、DB migration、worker、domain、TLS 或 smoke 帳密,必須另開 VibeWork owner approval 與 rollback / post-check。 + +## 9. 階段定位 + +P1-9 只把 VibeWork 從「前端已只讀納管」推到「owner / reviewer 可照表審 repo、product、surface、owner、data classification、deployment boundary 與 evidence refs」。它不改 VibeWork repo、不改 AWOOOI 前端、不部署、不掃描、不開 runtime gate,也不提高 IwoooS headline 64%。 diff --git a/docs/security/vibework-iwooos-onboarding-handoff.snapshot.json b/docs/security/vibework-iwooos-onboarding-handoff.snapshot.json new file mode 100644 index 00000000..0911827f --- /dev/null +++ b/docs/security/vibework-iwooos-onboarding-handoff.snapshot.json @@ -0,0 +1,283 @@ +{ + "schema_version": "vibework_iwooos_onboarding_handoff_v1", + "status": "draft_waiting_owner_review", + "date": "2026-06-04", + "mode": "product_scope_handoff_only", + "source_evidence_refs": [ + "docs/security/iwooos-posture-projection.snapshot.json", + "docs/workplans/2026-06-04-iwooos-security-governance-p0.md", + "apps/web/src/app/[locale]/iwooos/page.tsx", + "apps/web/messages/zh-TW.json", + "/Users/ogt/Documents/VibeWork-current-main/README.md", + "/Users/ogt/Documents/VibeWork-current-main/docs/PROJECT_BOUNDARIES.md", + "/Users/ogt/Documents/VibeWork-current-main/docs/DEPLOYMENT_STRATEGY.md", + "/Users/ogt/Documents/VibeWork-current-main/docs/RELEASE_PROCESS.md", + "/Users/ogt/Documents/VibeWork-current-main/package.json" + ], + "summary": { + "product_name": "VibeWork", + "onboarding_handoff_package_ready": true, + "onboarding_handoff_completion_percent": 100, + "product_boundary_merged_into_awoooi": false, + "owner_response_received": false, + "owner_response_accepted": false, + "repo_refs_truth_accepted": false, + "data_classification_accepted": false, + "deployment_boundary_accepted": false, + "runtime_gate_open": false, + "runtime_execution_authorized": false, + "production_deploy_authorized": false, + "repo_creation_authorized": false, + "refs_sync_authorized": false, + "workflow_modification_authorized": false, + "secret_value_collection_authorized": false, + "shared_database_authorized": false, + "shared_session_authorized": false, + "shared_rbac_authorized": false, + "action_buttons_allowed": false + }, + "product_identity": { + "product_type": "獨立 AI Vibe Coding 接案媒合平台", + "current_focus": "需求者引導式需求收集、區塊式 PRD、可解釋媒合、接案者回應、合作確認、站內通知、管理後台監控", + "technical_stack": [ + "Next.js 14 App Router", + "TypeScript", + "Tailwind CSS", + "React Hook Form", + "Zod", + "Zustand", + "Prisma", + "PostgreSQL" + ], + "language_policy": "所有文件、產品文案、註解與說明文字皆使用繁體中文;技術名詞與識別字可保留英文。" + }, + "repo_scope": { + "active_workspace": { + "path": "/Users/ogt/Documents/VibeWork", + "status_summary": "read_only_observed_dirty_workspace_ahead_3_behind_92_with_many_modified_and_untracked_files", + "canonical_for_iwooos": false, + "forbidden_actions": [ + "commit", + "rebase", + "push", + "delete_files", + "sync_refs" + ] + }, + "reference_worktree": { + "path": "/Users/ogt/Documents/VibeWork-current-main", + "head_sha": "1a902530141004d958cda639bea9a837282c867f", + "origin_main_sha": "421c834756b7f41ef554c0348274f3762c3fc2de", + "main_sha": "48275cc52be79107e887147d3fe10310a887afe9", + "remote": "ssh://git@192.168.0.110:2222/wooo/vibework.git", + "refs_truth_status": "waiting_owner_decision" + }, + "required_owner_answers": [ + "canonical repo path / remote", + "refs truth between active workspace, reference worktree, origin/main and main", + "dirty workspace WIP vs release candidate disposition", + "GitHub target metadata if needed", + "workflow / runner / secret name parity owner" + ] + }, + "product_surfaces": [ + { + "surface_id": "public-marketing", + "routes": [ + "/", + "/en", + "/services", + "/industries", + "/resources", + "/case-studies", + "/pricing" + ], + "boundary": "public content surface only; not production smoke in this AWOOOI handoff" + }, + { + "surface_id": "client-workspace", + "routes": [ + "/client/projects/new", + "/client/projects", + "/client/projects/[projectId]/intake/[sessionId]", + "/client/projects/[projectId]/prd", + "/client/projects/[projectId]/matches", + "/client/projects/[projectId]/workspace" + ], + "boundary": "client Session and data ownership stay inside VibeWork" + }, + { + "surface_id": "coder-workspace", + "routes": [ + "/coder/profile", + "/coder/matches", + "/coder/projects/[projectId]/workspace" + ], + "boundary": "coder profile, portfolio and match data require VibeWork data classification" + }, + { + "surface_id": "admin-review", + "routes": [ + "/admin", + "/admin/growth-analytics", + "/admin/growth-launch", + "/admin/growth-leads", + "/admin/marketing-preview", + "/api/v1/admin/*" + ], + "boundary": "admin / reviewer RBAC remains VibeWork-owned" + }, + { + "surface_id": "health-and-jobs", + "routes": [ + "/api/v1/health", + "/api/v1/jobs/*" + ], + "boundary": "health and job routes need VibeWork job-secret handling; no secret value collection" + }, + { + "surface_id": "ai-assistance", + "routes": [ + "/api/ai/intake-assistant", + "/api/ai/milestone-assistant", + "/api/ai/support" + ], + "boundary": "AI evidence must remain within VibeWork audit and authorization boundary" + } + ], + "owner_response_handoff": { + "status": "ready_not_dispatched", + "request_dispatch_authorized": false, + "required_response_fields": [ + "product_owner_role_or_team", + "security_owner_role_or_team", + "source_control_owner_role_or_team", + "deployment_owner_role_or_team", + "data_classification_owner_role_or_team", + "surface_scope", + "decision", + "decision_reason", + "redacted_evidence_refs", + "followup_owner" + ], + "allowed_decisions": [ + "confirm_observe_only", + "defer", + "reject", + "request_more_evidence" + ], + "forbidden_inputs": [ + ".env content", + "database URL value", + "auth secret value", + "job secret value", + "webhook token value", + "API key value", + "cookie", + "session", + "private key", + "client raw requirement", + "PRD raw content", + "match personal data", + "notification raw content", + "audit raw payload", + "deploy command request", + "compose restart request", + "DB migration request", + "repo push request", + "refs sync request" + ], + "response_received": false, + "response_accepted": false + }, + "independent_product_boundary": { + "must_remain_independent": true, + "forbidden_couplings": [ + "share_awoooi_database", + "share_awoooi_session", + "bind_vibework_rbac_to_awoooi_rbac", + "depend_on_awoooi_runtime_for_core_flow", + "treat_awooop_approval_as_vibework_security_approval", + "direct_cross_database_join" + ], + "allowed_future_integrations": [ + "versioned API", + "Webhook event", + "outbox pattern", + "import / export adapter", + "SSO / OAuth with VibeWork RBAC preserved", + "Anti-Corruption Layer" + ] + }, + "data_classification_intake": [ + { + "data_type": "client requirement / intake answer", + "status": "waiting_owner_classification", + "collection_rule": "metadata and field type only; no raw answer content" + }, + { + "data_type": "PRD block / source anchor", + "status": "waiting_owner_classification", + "collection_rule": "model and risk summary only; no full PRD" + }, + { + "data_type": "coder profile / portfolio", + "status": "waiting_owner_classification", + "collection_rule": "field and public / private boundary only; no personal data content" + }, + { + "data_type": "match record / score reason", + "status": "waiting_owner_classification", + "collection_rule": "scoring factor and audit rule only; no case data" + }, + { + "data_type": "AuditEvent / notification", + "status": "waiting_owner_classification", + "collection_rule": "event type and retention policy only; no message body" + }, + { + "data_type": "admin / marketing content", + "status": "waiting_owner_classification", + "collection_rule": "publication workflow and permission boundary only; no unpublished content" + } + ], + "deployment_boundary": { + "public_host": "https://vibework.wooo.work", + "production_mode": "Docker Compose on independent product boundary", + "compose_host": "192.168.0.188", + "compose_directory": "/home/ollama/vibework-production", + "internal_web": "http://192.168.0.188:32336", + "database_boundary": "Compose PostgreSQL service; host binding documented as 127.0.0.1:54329", + "k3s_namespace_reference": "vibework namespace manifests retained as optional reference; runtime deployment scaled to 0 in source evidence", + "production_verification_in_this_awoooi_stage": false, + "deployment_authorized": false + }, + "acceptance_rules": [ + "本 handoff 完成不代表 VibeWork owner response 已收到或 accepted。", + "VibeWork 納入 IwoooS 只代表全產品資安視野可見,不代表掃描、部署、修復或 runtime execution。", + "canonical repo、refs truth、workflow / secret name、GitHub target 仍需 source-control owner response。", + "正式 URL、Docker Compose、health endpoint 或 drift guard 可見,不等於本段已做 production verification。", + "任何 .env、secret、DB URL、token、private key、cookie、session、auth header、job secret 都必須拒收或隔離。", + "未來若要改 VibeWork production、deploy、compose、DB migration、worker、domain、TLS 或 smoke 帳密,必須另開 VibeWork owner approval 與 rollback / post-check。" + ], + "forbidden_actions": [ + "modify_vibework_repo", + "commit_vibework_changes", + "push_vibework_refs", + "sync_refs", + "create_github_repo", + "change_workflow", + "collect_secret_value", + "read_env_file", + "deploy_production", + "restart_compose", + "run_db_migration", + "run_active_scan", + "run_credentialed_scan", + "share_database", + "share_session", + "bind_rbac", + "enable_runtime_gate", + "add_awooop_action_button" + ] +} diff --git a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md index c0138b45..ad382cdc 100644 --- a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md +++ b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md @@ -9,7 +9,7 @@ | 工作視窗 | IwoooS / AWOOOI 資安治理 P0 | | 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` | | 本次分支 | `codex/iwooos-governance-p0-20260604` | -| 最新觀察到的 `gitea/main` | `65bdfd1d chore(cd): deploy 29a67ec [skip ci]` | +| 最新觀察到的 `gitea/main` | `5fcf4f8e docs(logbook): record source link canary repair [skip ci]` | | 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` | | 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` | | 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 | @@ -26,7 +26,7 @@ | GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 70%,不代表可切 primary | | Kali 112 維護準備 | P1-7 maintenance window draft `100%`;維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan | | 111 / 168 開發主機納管 | P1-8 scope handoff package `100%`;主機執行 `0%` | 否 | 仍不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service、不自動修復 | -| VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 | +| VibeWork 納入 IwoooS | P1-9 onboarding handoff package `100%`;產品 / repo / surface / owner / evidence 邊界已可交接 | 否 | 保留 VibeWork 獨立產品邊界;不部署、不掃描、不改 repo / refs / workflow、不收 secrets | ## 2. P0 工作拆解與優先順序 @@ -131,7 +131,7 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count | P1 | GitHub primary readiness 只讀重盤 | repo visibility、refs、tags、workflow、secret name、runner、rollback ADR | 只讀 inventory;不建立 repo、不同步 refs | | P1 | Kali 112 維護窗口草案 | 1994 pending updates、`networking.service` failed、服務硬化 0/4、rollback、post-check | P1-7 草案已完成;不 `apt upgrade`、不 restart | | P1 | 111 / 168 主機 scope 補強 | P1-8 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、snapshot 與 schema;scope、maintenance window、credential handling、rollback owner、validation 指標已可交接 | observe-only;不 credentialed scan、不改 route / CORS / firewall / service | -| P1 | VibeWork 納入 IwoooS | repo、product、surface、owner、evidence refs、獨立產品邊界 | 繁中 docs/specs;不合併產品責任 | +| P1 | VibeWork 納入 IwoooS | P1-9 已補 `VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md`、snapshot 與 schema;repo、product、surface、owner、evidence refs、資料分級、部署邊界與獨立產品邊界已可交接 | 繁中 docs/specs;不合併產品責任、不部署、不改 refs | | P1 | Code Review 候選分類 | 前端體驗、測試補洞、文件同步、低風險重構;人工批准後才 Codex | 候選不自動改 code、不自動 deploy | | P2 | IwoooS UX 精簡 | 首屏摘要、圖、矩陣、Gate;長證據改展開式 | desktop/mobile 開頁、overflow | | P2 | 資安圖表專業化 | 主拓樸圖、攻擊路徑圖、主機 / 產品 / 版本來源關聯圖、Gate flow | local + production browser | @@ -178,6 +178,9 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory / | 需要新增規範 | 111 / 168 開發主機 scope handoff | 原本只有 observe-only mapping,缺 owner 可審的 scope boundary、credential refusal、rollback owner、validation metrics 與維護窗口欄位 | 已新增 P1-8 handoff、snapshot 與 schema;host execution 仍 `0%` | | 需要調整規範 | 111 Ollama fallback wording | 111 是 ADR-110 local fallback evidence 範圍,不可被誤讀成可直接改 route、重啟 Ollama 或停止模型 | 已在 P1-8 固定 `fallback_route_change_authorized=false` 與 route truth observe-only | | 需要調整規範 | 168 dev origin / repo hygiene wording | repo hygiene 與 local service exposure 容易被誤讀成可掃個人資料、讀未授權目錄或改 CORS / firewall | 已在 P1-8 固定未授權目錄、個人資料、secret derivative、CORS / firewall / service change 全部拒收 / 禁止 | +| 需要新增規範 | VibeWork owner / repo / surface handoff | 既有前端已有 VibeWork 收件卡,但缺可交接的 repo、product、surface、owner、evidence refs、資料分級與獨立產品邊界契約 | 已新增 P1-9 handoff、snapshot 與 schema;product runtime / deploy / repo mutation 仍 `0 / false` | +| 需要調整規範 | VibeWork refs truth wording | 本機同時存在 active workspace 與 reference worktree,且 refs 有差異;不能把 dirty workspace 或 worktree HEAD 當正式 main | 已在 P1-9 固定 `refs_truth_status=waiting_owner_decision`,不自動 commit / rebase / push / sync refs | +| 需要調整規範 | VibeWork 獨立產品邊界 | VibeWork 可納入 IwoooS 視野,但不得與 AWOOOI 共用 DB、Session、RBAC 或核心流程 runtime | 已在 P1-9 固定獨立產品邊界與未來 API / Webhook / ACL 整合方式 | ## 6.3 P1 優先順序細化 @@ -191,7 +194,7 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory / | P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count | | P1-7 | Kali 112 maintenance window 草案 | 已補 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、snapshot 與 schema;packages、`networking.service` failed、hardening 0/4、rollback、post-check 已進 owner handoff | 文件草案,不執行 `apt upgrade` / restart / hardening / scan | | P1-8 | 111 / 168 開發主機 scope | 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、`dev-hosts-111-168-scope-handoff.snapshot.json`、`dev_host_scope_handoff_v1.schema.json`;111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已拆成 handoff | scope handoff `100%`;主機執行 `0%`;不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service | -| P1-9 | VibeWork 納入 IwoooS | repo / product / surface / owner / evidence refs / 獨立產品邊界 | docs/specs 繁中,產品責任不合併 | +| P1-9 | VibeWork 納入 IwoooS | 已補 `VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md`、`vibework-iwooos-onboarding-handoff.snapshot.json`、`vibework_iwooos_onboarding_handoff_v1.schema.json`;repo / product / surface / owner / evidence refs / 資料分級 / 部署邊界 / 獨立產品邊界已拆成 handoff | onboarding handoff `100%`;runtime / deploy / repo mutation `0 / false`;docs/specs 繁中,產品責任不合併 | ## 7. 2026-06-04 本輪驗證紀錄 @@ -223,6 +226,8 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory / | P1-7 Kali 112 maintenance window draft | 新增 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、`kali-112-maintenance-window-draft.snapshot.json`、`kali_maintenance_window_draft_v1.schema.json`;1994 pending updates、`networking.service` failed、hardening `0 / 4`、rollback owner、post-check owner 已整理成 handoff | `host_update_authorized=false`、`service_restart_authorized=false`、`hardening_authorized=false`、`reboot_authorized=false`、`active_scan_authorized=false`、`execute_endpoint_authorized=false` | | P1-8 111 / 168 dev host scope handoff | 新增 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、`dev-hosts-111-168-scope-handoff.snapshot.json`、`dev_host_scope_handoff_v1.schema.json`;111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已整理成 owner handoff | `host_change_authorized=false`、`fallback_route_change_authorized=false`、`credentialed_scan_authorized=false`、`active_scan_authorized=false`、`secret_value_collection_authorized=false`、`runtime_execution_authorized=false` | | P1-8 JSON parse / structure check | `dev-hosts-111-168-scope-handoff.snapshot.json` 與 `dev_host_scope_handoff_v1.schema.json` JSON parse 通過;本段自訂結構檢查 `DEV_HOST_SCOPE_HANDOFF_STRUCTURE_OK` | 本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 | +| P1-9 VibeWork onboarding handoff | 新增 `VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md`、`vibework-iwooos-onboarding-handoff.snapshot.json`、`vibework_iwooos_onboarding_handoff_v1.schema.json`;VibeWork repo / refs truth、產品定位、surface、owner response、資料分級、部署邊界與獨立產品邊界已整理成 owner handoff | `product_boundary_merged_into_awoooi=false`、`production_deploy_authorized=false`、`repo_creation_authorized=false`、`refs_sync_authorized=false`、`workflow_modification_authorized=false`、`shared_database_authorized=false`、`shared_session_authorized=false` | +| P1-9 JSON parse / structure check | `vibework-iwooos-onboarding-handoff.snapshot.json` 與 `vibework_iwooos_onboarding_handoff_v1.schema.json` JSON parse 通過;本段自訂結構檢查 `VIBEWORK_IWOOOS_ONBOARDING_HANDOFF_STRUCTURE_OK` | 本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 | | P1 JSON parse | `gitea-github-awoooi-inventory`、`github-target-probe`、`source-control-primary-readiness-gate`、`source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 | | P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy;不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 | @@ -240,6 +245,10 @@ host_change_authorized=false fallback_route_change_authorized=false credentialed_scan_authorized=false secret_value_collection_authorized=false +production_deploy_authorized=false +repo_creation_authorized=false +refs_sync_authorized=false +workflow_modification_authorized=false active_scan_authorized=false ```