docs(security): add mirror quarantine contract [skip ci]
This commit is contained in:
@@ -34,6 +34,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `security_mirror_event_v1` | AwoooP mirror-only event envelope | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 每筆 event 必須 `execution_authorized=false`、`action_buttons_allowed=false` |
|
||||
| `security_mirror_route_v1` | AwoooP 鏡像路由矩陣 | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 只決定目的地、channel policy 與 review lane,不作 execution router |
|
||||
| `security_mirror_acceptance_v1` | AwoooP 鏡像驗收契約 | Operator Console、Runtime State、Audit | mirror-only | 只驗收 contract count、event envelope、route coverage、redaction;不作 runtime blocker |
|
||||
| `security_mirror_quarantine_v1` | AwoooP 鏡像隔離契約 | Operator Console、Audit | mirror-only | 只隔離驗收失敗 payload、顯示 recovery request 與 retry gate;不作 runtime blocker |
|
||||
| `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge |
|
||||
| `source_control_migration_event_v1` | Gitea/GitHub branch/tag/SHA diff | Supply-chain evidence、Approval candidate | mirror-only | 不觸發 deploy、不切換 primary |
|
||||
| `gitea_repo_inventory_v1` | Gitea org/user repo list 或管理匯出 | Supply-chain evidence、migration matrix | mirror-only | 不保存 token value、不刪除或停用 Gitea repo |
|
||||
@@ -84,11 +85,12 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| `kali_integration_status_v1.status=partial_runtime_health_integrated` | `observe` | 顯示 Kali 112 health、更新紀錄、缺口與 approval gates;不得直接掃描 |
|
||||
| `kali_scan_scope_approval_v1.status=draft_waiting_approval` | `approve_required` | 顯示 Kali 112、111/168、核心主機、公開網站 scope 與 gate;不得執行 scan |
|
||||
| `security_approval_queue_v1.status=draft` | `approve_required` | 顯示 8 個 queue items、review order 與 blocked reason;不得執行 item |
|
||||
| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 24 個 contracts 的 readiness;不得把 readiness 當 execution authorization |
|
||||
| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 25 個 contracts 的 readiness;不得把 readiness 當 execution authorization |
|
||||
| `security_mirror_intake_plan_v1.status=draft` | `observe` | 顯示 5 個 intake waves 與 4 個 acceptance gates;不得執行 wave |
|
||||
| `security_mirror_event_v1.execution_authorized=false` | `observe` | 只包裝鏡像 payload,明確不授權執行、不顯示執行按鈕 |
|
||||
| `security_mirror_route_v1.status=draft` | `observe` | 顯示 5 個 route groups、channel policy 與 review lane;不得轉成 execution router |
|
||||
| `security_mirror_acceptance_v1.status=draft` | `observe` | 顯示 7 個 acceptance checks;只可驗收鏡像資料,不得阻擋 runtime |
|
||||
| `security_mirror_quarantine_v1.status=draft` | `observe` | 顯示 5 個 quarantine lanes、recovery request 與 retry gate;不得自動重試失敗 payload |
|
||||
| `coding_task_v1.risk=LOW|MEDIUM` | `warn` | 可排入 Codex patch-only backlog |
|
||||
| `coding_task_v1.risk=HIGH|CRITICAL` | `approve_required` | 必須指定 `critic`、`vuln-verifier` |
|
||||
| `source_control_migration_event_v1.status=blocked` | `observe` | 顯示 blocking reason,不允許切 primary |
|
||||
@@ -158,6 +160,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得
|
||||
| 資安鏡像事件契約 | `docs/security/security-mirror-event-sample.snapshot.json` / `docs/security/SECURITY-MIRROR-EVENT-CONTRACT.md` |
|
||||
| 資安鏡像路由矩陣 | `docs/security/security-mirror-route.snapshot.json` / `docs/security/SECURITY-MIRROR-ROUTE.md` |
|
||||
| 資安鏡像驗收契約 | `docs/security/security-mirror-acceptance.snapshot.json` / `docs/security/SECURITY-MIRROR-ACCEPTANCE.md` |
|
||||
| 資安鏡像隔離契約 | `docs/security/security-mirror-quarantine.snapshot.json` / `docs/security/SECURITY-MIRROR-QUARANTINE.md` |
|
||||
| 本機 repo canonical lineage snapshot | `docs/security/local-repo-canonical-ewoooc-momo.snapshot.json` / `docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md` |
|
||||
| Internal 110 refs snapshot | `docs/security/git-remote-refs-bitan-tsenyang.snapshot.json` / `docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md` |
|
||||
| wooo-infra-config refs snapshot | `docs/security/git-remote-refs-wooo-infra-config.snapshot.json` / `docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md` |
|
||||
|
||||
@@ -73,7 +73,7 @@
|
||||
```text
|
||||
Kali / Code Review / GitHub / Gitea / Codex
|
||||
-> security_supply_chain_contract_manifest_v1
|
||||
-> security_mirror_readiness_v1 / security_mirror_intake_plan_v1 / security_mirror_event_v1 / security_mirror_route_v1 / security_mirror_acceptance_v1 / security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
|
||||
-> security_mirror_readiness_v1 / security_mirror_intake_plan_v1 / security_mirror_event_v1 / security_mirror_route_v1 / security_mirror_acceptance_v1 / security_mirror_quarantine_v1 / security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
|
||||
-> AWOOOI ingestion / asset_inventory / AIOps KPI / AOL
|
||||
-> mirror 到 AwoooP Runtime State / Channel Event / Audit
|
||||
-> AwoooP Policy / Approval / Exception / Operator Console
|
||||
@@ -143,7 +143,7 @@ Schema:`docs/schemas/security_mirror_readiness_v1.schema.json`
|
||||
|
||||
Snapshot:`docs/security/security-mirror-readiness.snapshot.json`
|
||||
|
||||
目前 readiness:24 個 contracts,21 個 ready for mirror,2 個 partial ready,1 個 contract-only,0 個 blocked。所有 contract 都是 `execution_allowed=false`。
|
||||
目前 readiness:25 個 contracts,22 個 ready for mirror,2 個 partial ready,1 個 contract-only,0 個 blocked。所有 contract 都是 `execution_allowed=false`。
|
||||
|
||||
AwoooP 初期處理方式:先 mirror readiness index,再依 readiness 分批 mirror 其他 snapshots;不得把 readiness 當 execution authorization。
|
||||
|
||||
@@ -179,7 +179,7 @@ Schema:`docs/schemas/security_mirror_route_v1.schema.json`
|
||||
|
||||
Snapshot:`docs/security/security-mirror-route.snapshot.json`
|
||||
|
||||
目前 route:5 個 route groups,涵蓋 24 個 contracts;所有 route 都是 `runtime_execution_authorized=false`。
|
||||
目前 route:5 個 route groups,涵蓋 25 個 contracts;所有 route 都是 `runtime_execution_authorized=false`。
|
||||
|
||||
AwoooP 初期處理方式:只依 route group 顯示 Operator Console / Runtime State / Channel Event / Audit / Approval Queue,不把 route 轉成 execution router。
|
||||
|
||||
@@ -195,6 +195,18 @@ Snapshot:`docs/security/security-mirror-acceptance.snapshot.json`
|
||||
|
||||
AwoooP 初期處理方式:顯示驗收結果與失敗原因;不得把 acceptance contract 轉成 runtime blocker 或 execution queue。
|
||||
|
||||
### `security_mirror_quarantine_v1`
|
||||
|
||||
用途:定義 AwoooP mirror-only 資安資料驗收失敗時的隔離 lane、recovery request 與 retry gate。
|
||||
|
||||
Schema:`docs/schemas/security_mirror_quarantine_v1.schema.json`
|
||||
|
||||
Snapshot:`docs/security/security-mirror-quarantine.snapshot.json`
|
||||
|
||||
目前 quarantine:5 個 lanes;同一份失敗 payload 不自動 retry,必須等新的 snapshot commit 後重新驗收。
|
||||
|
||||
AwoooP 初期處理方式:只隔離壞的 mirror payload、顯示原因與修復要求;不得轉成 runtime blocker 或 execution queue。
|
||||
|
||||
### `security_rollout_policy_v1`
|
||||
|
||||
用途:定義 Security Supply Chain 初期的低摩擦 rollout policy,避免把 observation 全部變成 blocking controls。
|
||||
@@ -227,7 +239,7 @@ Schema:`docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`
|
||||
"schema_version": "security_supply_chain_contract_manifest_v1",
|
||||
"status": "draft",
|
||||
"default_enforcement_level": "mirror_only",
|
||||
"contract_count": 24
|
||||
"contract_count": 25
|
||||
}
|
||||
```
|
||||
|
||||
@@ -641,10 +653,12 @@ Console 初期不提供高風險執行按鈕。
|
||||
|
||||
2026-05-12 contract manifest 追加:已新增 `docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`、`docs/security/security-supply-chain-contract-manifest.snapshot.json` 與 `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md`。AwoooP 應先讀 manifest 作為 mirror-only contract registry,不把 manifest 當 execution router。
|
||||
|
||||
2026-05-13 mirror route 追加:已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 24 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue;route 只決定目的地、channel policy 與 review lane,不是 execution router。
|
||||
2026-05-13 mirror route 追加:已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 25 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue;route 只決定目的地、channel policy 與 review lane,不是 execution router。
|
||||
|
||||
2026-05-13 mirror acceptance 追加:已新增 `docs/schemas/security_mirror_acceptance_v1.schema.json`、`docs/security/security-mirror-acceptance.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ACCEPTANCE.md`。AwoooP 可用 7 個 acceptance checks 驗收 mirror ingestion;blocking checks 只針對 contract count mismatch、缺 event envelope、route coverage 不完整或未脫敏 evidence,不得阻擋 runtime 流程。
|
||||
|
||||
2026-05-13 mirror quarantine 追加:已新增 `docs/schemas/security_mirror_quarantine_v1.schema.json`、`docs/security/security-mirror-quarantine.snapshot.json` 與 `docs/security/SECURITY-MIRROR-QUARANTINE.md`。AwoooP 可用 5 個 quarantine lanes 隔離驗收失敗 payload,顯示 owner、recovery request 與 retry gate;不得自動重試、不得猜測缺漏 contract、不得阻擋 runtime 流程。
|
||||
|
||||
2026-05-13 Kali 112 live 整合狀態追加:已在授權下登入 `192.168.0.112` 做 read-only 盤點與低風險更新,並新增 `docs/schemas/kali_integration_status_v1.schema.json`、`docs/security/kali-integration-status.snapshot.json` 與 `docs/security/KALI-INTEGRATION-STATUS.md`。Kali Scanner API `/health` healthy、`kali-scanner.service` active/enabled、node-exporter 與 wg-easy container up;已 targeted update `nmap`、`nikto`、`nuclei`、`curl`、`openssl`、CA 套件,安裝 `jq`,時區改為 `Asia/Taipei`,更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence,但不得直接啟動 scan、credentialed scan 或 `/execute`。
|
||||
|
||||
本波仍不做:
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
|
||||
| Check | 目的 | 失敗時是否阻擋鏡像 |
|
||||
|-------|------|--------------------|
|
||||
| `CONTRACT_COUNT_MATCH` | 確認 manifest、readiness、route coverage 對齊 24 個 contracts | 是 |
|
||||
| `CONTRACT_COUNT_MATCH` | 確認 manifest、readiness、route coverage 對齊 25 個 contracts | 是 |
|
||||
| `EVENT_ENVELOPE_REQUIRED` | 確認每筆 payload 都不可執行、不可顯示執行按鈕 | 是 |
|
||||
| `ROUTE_GROUP_COVERAGE` | 確認 5 個 route groups 覆蓋所有 contracts | 是 |
|
||||
| `REDACTION_ONLY` | 確認不保存 raw sensitive value | 是 |
|
||||
@@ -42,6 +42,7 @@
|
||||
3. 將失敗 evidence 留在 Audit evidence。
|
||||
4. 對 blocking check 失敗時暫停鏡像該批 payload。
|
||||
5. 對非 blocking check 失敗時顯示 warn,保留低摩擦 rollout。
|
||||
6. 依 `security_mirror_quarantine_v1` 顯示隔離 lane 與 retry gate。
|
||||
|
||||
## 3. AwoooP 不可做
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
| Wave | 目的 | 主要 contracts | Exit gate |
|
||||
|------|------|----------------|-----------|
|
||||
| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣與驗收契約 | readiness / manifest / rollout policy / mirror event / mirror route / acceptance | 顯示 24 個 contract 且 `execution_allowed=false` |
|
||||
| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣、驗收契約與隔離契約 | readiness / manifest / rollout policy / mirror event / mirror route / acceptance / quarantine | 顯示 25 個 contract 且 `execution_allowed=false` |
|
||||
| `M1_kali_visibility` | 顯示 Kali 112、scan scope、approval queue | Kali status / scan scope / approval queue / finding sample | 顯示 5 個 scope groups 與 8 個 queue items,沒有執行按鈕 |
|
||||
| `M2_source_control_visibility` | 顯示 Gitea/GitHub source-control evidence | migration / inventory / refs / approval board | 顯示 blocking reasons,repo/refs actions 全 disabled |
|
||||
| `M3_approval_candidates` | 顯示 approval candidates 與人工決策留痕 | approval events / approval queue / source-control board | 可留痕,不可自動批准或執行 |
|
||||
@@ -31,10 +31,11 @@
|
||||
2. 使用 `security_mirror_event_v1` 包裝每一筆 mirror payload。
|
||||
3. 使用 `security_mirror_route_v1` 決定目的地、channel policy 與 review lane。
|
||||
4. 使用 `security_mirror_acceptance_v1` 驗收 contract count、event envelope、route coverage 與 redaction。
|
||||
5. 將 ready / partial contracts mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence。
|
||||
6. 將 approval-only contracts mirror 到 Approval Queue。
|
||||
7. 顯示 required reviewers、blocked reason、evidence refs、review order。
|
||||
8. 記錄人工決策結果,但不自動執行後續動作。
|
||||
5. 使用 `security_mirror_quarantine_v1` 隔離驗收失敗 payload 並顯示 retry gate。
|
||||
6. 將 ready / partial contracts mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence。
|
||||
7. 將 approval-only contracts mirror 到 Approval Queue。
|
||||
8. 顯示 required reviewers、blocked reason、evidence refs、review order。
|
||||
9. 記錄人工決策結果,但不自動執行後續動作。
|
||||
|
||||
## 3. AwoooP 不可做
|
||||
|
||||
|
||||
49
docs/security/SECURITY-MIRROR-QUARANTINE.md
Normal file
49
docs/security/SECURITY-MIRROR-QUARANTINE.md
Normal file
@@ -0,0 +1,49 @@
|
||||
# 資安鏡像隔離契約
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 狀態 | 草案 |
|
||||
| Schema | `docs/schemas/security_mirror_quarantine_v1.schema.json` |
|
||||
| Snapshot | `docs/security/security-mirror-quarantine.snapshot.json` |
|
||||
| 模式 | `mirror_only` |
|
||||
| runtime 執行授權 | `false` |
|
||||
|
||||
## 0. 核心結論
|
||||
|
||||
`security_mirror_quarantine_v1` 定義 AwoooP 在 mirror-only 資安資料驗收失敗時的隔離與回報方式。
|
||||
|
||||
它只處理「鏡像資料本身」的品質問題,不阻擋產品、不阻擋部署、不啟動修復動作。
|
||||
|
||||
## 1. 隔離 Lanes
|
||||
|
||||
| Lane | 觸發來源 | 初期處理 |
|
||||
|------|----------|----------|
|
||||
| `contract_count_mismatch` | `CONTRACT_COUNT_MATCH` | 隔離該批 payload,要求重新產生一致 snapshot |
|
||||
| `missing_event_envelope` | `EVENT_ENVELOPE_REQUIRED` | 拒收未帶不可執行信封的 payload |
|
||||
| `route_coverage_gap` | `ROUTE_GROUP_COVERAGE` | 隔離未知或未路由 contract,要求補 route |
|
||||
| `redaction_failed` | `REDACTION_ONLY` | 拒收含 raw sensitive value 的 payload |
|
||||
| `schema_or_json_invalid` | `SCHEMA_JSON_PARSE` | 隔離無法 parse 或 schema 不合格的 snapshot |
|
||||
|
||||
## 2. AwoooP 可做
|
||||
|
||||
1. 顯示隔離原因。
|
||||
2. 顯示 owner、recovery request 與 retry gate。
|
||||
3. 將隔離 metadata 寫入 Audit evidence。
|
||||
4. 等新的 snapshot commit 後重新驗收。
|
||||
5. 對非 runtime 風險保留 observe / warn。
|
||||
|
||||
## 3. AwoooP 不可做
|
||||
|
||||
1. 不自動重試同一份失敗 payload。
|
||||
2. 不猜測缺漏 contract 或 route。
|
||||
3. 不把 quarantine lane 轉成 runtime blocker。
|
||||
4. 不把 quarantine lane 轉成 execution queue。
|
||||
5. 不保存 raw secret、token、cookie、private key 或 exploit payload。
|
||||
6. 不啟動 scan、不呼叫 Kali `/execute`、不建立 repo、不 sync refs、不切 GitHub primary。
|
||||
|
||||
## 4. Retry 原則
|
||||
|
||||
重試必須等新的 snapshot commit。
|
||||
|
||||
同一份失敗 payload 不自動 retry;這是為了避免 AwoooP 在資料不完整或未脫敏時反覆吃進錯誤 evidence,也避免把框架期驗收問題升級成 runtime 事故。
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
| 狀態 | 數量 | 說明 |
|
||||
|------|------|------|
|
||||
| `ready_for_mirror` | 21 | 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence |
|
||||
| `ready_for_mirror` | 22 | 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence |
|
||||
| `partial_ready` | 2 | 可 mirror,但 evidence 仍不完整 |
|
||||
| `contract_only` | 1 | 有 schema / handoff,尚無正式 snapshot |
|
||||
| `blocked` | 0 | 目前沒有禁止 mirror 的 contract |
|
||||
@@ -70,9 +70,10 @@ AwoooP 可以將 ready / partial contracts mirror 到:
|
||||
2. 再使用 `security_mirror_event_v1` 包裝每一筆 mirror payload。
|
||||
3. 再 mirror `security_mirror_route_v1`,決定目的地、channel policy 與 review lane。
|
||||
4. 再 mirror `security_mirror_acceptance_v1`,驗收 contract count、event envelope、route coverage 與 redaction。
|
||||
5. 再 mirror `security_mirror_intake_plan_v1`,照 wave 執行 read-only intake。
|
||||
6. 再 mirror `security_approval_queue_v1`,只顯示 review order。
|
||||
7. 再 mirror `kali_integration_status_v1` 與 `kali_scan_scope_approval_v1`。
|
||||
8. 最後再 mirror source-control 相關 contracts。
|
||||
5. 再 mirror `security_mirror_quarantine_v1`,定義驗收失敗時的隔離與 retry gate。
|
||||
6. 再 mirror `security_mirror_intake_plan_v1`,照 wave 執行 read-only intake。
|
||||
7. 再 mirror `security_approval_queue_v1`,只顯示 review order。
|
||||
8. 再 mirror `kali_integration_status_v1` 與 `kali_scan_scope_approval_v1`。
|
||||
9. 最後再 mirror source-control 相關 contracts。
|
||||
|
||||
整個 S2 不新增 execution router、不新增執行按鈕、不新增 runtime blocker。
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
|
||||
| Route group | 目的 | 初期 channel policy | review lane |
|
||||
|-------------|------|---------------------|-------------|
|
||||
| `M0_index_bootstrap` | 載入 readiness、manifest、policy、event、intake、route、acceptance | `no_channel_event` | `observe` |
|
||||
| `M0_index_bootstrap` | 載入 readiness、manifest、policy、event、intake、route、acceptance、quarantine | `no_channel_event` | `observe` |
|
||||
| `M1_kali_visibility` | 顯示 Kali 112、111 / 168 scope、approval queue 與 finding sample | `approval_required_only` | `approval_required` |
|
||||
| `M2_source_control_visibility` | 顯示 Gitea / GitHub repo、branch、tag、canonical 差異 | `low_noise_status` | `source_control_review` |
|
||||
| `M3_approval_candidates` | 顯示人工批准候選與留痕 | `approval_required_only` | `approval_required` |
|
||||
@@ -52,7 +52,7 @@
|
||||
|
||||
S2.4 後,AwoooP 主線只需要能讀到:
|
||||
|
||||
1. 24 個 contracts。
|
||||
1. 25 個 contracts。
|
||||
2. 5 個 route groups。
|
||||
3. 所有 route group 都是 `runtime_execution_authorized=false`。
|
||||
4. Channel Event 初期低噪音。
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
## 0. 核心結論
|
||||
|
||||
目前 Security Supply Chain 已有 24 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口,避免不同 Session 各自解讀。
|
||||
目前 Security Supply Chain 已有 25 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口,避免不同 Session 各自解讀。
|
||||
|
||||
初期預設仍是 `mirror_only`。Manifest 不授權 runtime enforcement、不授權 GitHub/Gitea 主控切換、不授權 repo 建立或 refs sync。
|
||||
|
||||
@@ -29,6 +29,7 @@
|
||||
| `security_mirror_event_v1` | mirror-only | AwoooP mirror event envelope | `security-mirror-event-sample.snapshot.json` |
|
||||
| `security_mirror_route_v1` | mirror-only | AwoooP 鏡像目的地、channel policy 與 review lane 路由 | `security-mirror-route.snapshot.json` |
|
||||
| `security_mirror_acceptance_v1` | mirror-only | AwoooP 只讀鏡像接入驗收 checks | `security-mirror-acceptance.snapshot.json` |
|
||||
| `security_mirror_quarantine_v1` | mirror-only | AwoooP 鏡像驗收失敗隔離與 retry gate | `security-mirror-quarantine.snapshot.json` |
|
||||
| `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot |
|
||||
| `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi`、`clawbot-v5`、`wooo-aiops` |
|
||||
| `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory | public-only / blocked endpoint snapshots |
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13 |
|
||||
| 狀態 | S0/S1 read-only evidence 建置中 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 |
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
|
||||
## 0. 本階段完成後整體進度
|
||||
@@ -20,15 +20,16 @@
|
||||
| S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff;已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs |
|
||||
| S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類:4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs | repo owner 單 ref / 單 repo 判定 |
|
||||
| S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立 | AwoooP read-only policy 消費 |
|
||||
| S1.4 契約索引 | 完成草案 | 24 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
|
||||
| S1.4 契約索引 | 完成草案 | 25 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry |
|
||||
| S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + `/execute` high-risk gate |
|
||||
| S1.6 Kali finding / scan scope approval | 完成草案 | `security_finding_v1` sample snapshot 與 `kali_scan_scope_approval_v1` approval package 已建立;111/168 已納入 observe-only scope | 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate |
|
||||
| S1.7 Security approval queue | 完成草案 | 8 個 approval queue items 已集中:7 pending approval、1 block candidate;AwoooP 可 mirror 但不得執行 | 先 review redacted finding ingestion,再 review safe crawl / Gitea inventory |
|
||||
| S2 AwoooP mirror-only readiness | 完成草案 | `security_mirror_readiness_v1` 已整理 24 個 contracts:21 ready、2 partial、1 contract-only、0 blocked | AwoooP 主線建立只讀入口 |
|
||||
| S2 AwoooP mirror-only readiness | 完成草案 | `security_mirror_readiness_v1` 已整理 25 個 contracts:22 ready、2 partial、1 contract-only、0 blocked | AwoooP 主線建立只讀入口 |
|
||||
| S2.1 AwoooP mirror-only intake plan | 完成草案 | `security_mirror_intake_plan_v1` 已建立 5 個 intake waves 與 4 個 acceptance gates | AwoooP 主線照 wave mirror,不新增 execution router |
|
||||
| S2.2 AwoooP 鏡像事件信封 | 完成草案 | `security_mirror_event_v1` 已建立,要求每筆鏡像 payload 標示 `execution_authorized=false` 與 `action_buttons_allowed=false` | AwoooP 鏡像 payload 統一信封 |
|
||||
| S2.3 AwoooP 鏡像路由矩陣 | 完成草案 | `security_mirror_route_v1` 已建立 5 個 route groups,定義目的地、channel policy 與 review lane | AwoooP 消費時不猜路由、不新增執行入口 |
|
||||
| S2.4 AwoooP 鏡像驗收契約 | 完成草案 | `security_mirror_acceptance_v1` 已建立 7 個 acceptance checks;blocking 只針對鏡像資料不完整或未脫敏 | AwoooP 接入時可驗收,不升級成 runtime enforcement |
|
||||
| S2.5 AwoooP 鏡像隔離契約 | 完成草案 | `security_mirror_quarantine_v1` 已建立 5 個 quarantine lanes;失敗 payload 必須等新 snapshot commit 後才能 retry | AwoooP 可隔離壞資料,不阻擋 runtime |
|
||||
| S3 approval gate | 未開始 | 已定義哪些動作要進 approval | 不得繞過人工批准 |
|
||||
| S4 migration execution | 未開始 | GitHub primary 長期方向已確認,但 refs / tags / workflow / secret 名稱尚未全量驗證 | SHA/tag/workflow parity 與 rollback ADR |
|
||||
|
||||
@@ -76,6 +77,8 @@
|
||||
| 資安鏡像路由矩陣 JSON | `docs/security/security-mirror-route.snapshot.json` |
|
||||
| 資安鏡像驗收契約 | `docs/security/SECURITY-MIRROR-ACCEPTANCE.md` |
|
||||
| 資安鏡像驗收契約 JSON | `docs/security/security-mirror-acceptance.snapshot.json` |
|
||||
| 資安鏡像隔離契約 | `docs/security/SECURITY-MIRROR-QUARANTINE.md` |
|
||||
| 資安鏡像隔離契約 JSON | `docs/security/security-mirror-quarantine.snapshot.json` |
|
||||
| 低摩擦 rollout policy | `docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md` |
|
||||
| 低摩擦 rollout policy JSON | `docs/security/security-rollout-policy.snapshot.json` |
|
||||
| Security Supply Chain contract manifest | `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md` |
|
||||
@@ -105,6 +108,6 @@
|
||||
3. 依 `SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md` 對 `awoooi`、`clawbot-v5`、`wooo-aiops` 做單 repo / 單 ref owner 判定;仍不得 push refs。
|
||||
4. 對 `ewoooc` / `momo-pro-system` 完成 server-side canonical 判定。
|
||||
5. 依 `KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 取得 safe crawl、credentialed scan、runtime ingestion、full-upgrade / reboot 等 gate 的人工批准;不得直接接 `/execute`。
|
||||
6. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1` 與 `security_mirror_acceptance_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕。
|
||||
6. AwoooP 主線先讀 `security_mirror_readiness_v1`、`security_mirror_intake_plan_v1`、`security_mirror_event_v1`、`security_mirror_route_v1`、`security_mirror_acceptance_v1` 與 `security_mirror_quarantine_v1`,只建立 mirror-only / read-only policy 入口,不新增執行按鈕。
|
||||
7. AwoooP 主線消費 `security_rollout_policy_v1` 時,只做 read-only policy,不做 runtime blocking。
|
||||
8. AwoooP 主線再讀 `security_approval_queue_v1` 與 `security_supply_chain_contract_manifest_v1`,顯示 review order 與 blocked reason,不新增 execution router。
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
"docs/security/security-mirror-route.snapshot.json"
|
||||
],
|
||||
"summary": {
|
||||
"total_contracts": 24,
|
||||
"ready_for_mirror_count": 21,
|
||||
"total_contracts": 25,
|
||||
"ready_for_mirror_count": 22,
|
||||
"route_group_count": 5,
|
||||
"acceptance_check_count": 7,
|
||||
"blocking_check_count": 4
|
||||
@@ -21,7 +21,7 @@
|
||||
{
|
||||
"check_id": "CONTRACT_COUNT_MATCH",
|
||||
"title": "契約數量一致",
|
||||
"expected_result": "AwoooP 讀到 24 個 contracts,且 manifest、readiness、route coverage 的 contract 集合一致。",
|
||||
"expected_result": "AwoooP 讀到 25 個 contracts,且 manifest、readiness、route coverage 的 contract 集合一致。",
|
||||
"evidence_refs": [
|
||||
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
|
||||
"docs/security/security-mirror-readiness.snapshot.json",
|
||||
@@ -60,7 +60,7 @@
|
||||
{
|
||||
"check_id": "ROUTE_GROUP_COVERAGE",
|
||||
"title": "路由群組覆蓋",
|
||||
"expected_result": "5 個 route groups 合併後涵蓋 manifest 24 個 contracts,且每個 group 都有 destinations、channel_policy 與 review_lane。",
|
||||
"expected_result": "5 個 route groups 合併後涵蓋 manifest 25 個 contracts,且每個 group 都有 destinations、channel_policy 與 review_lane。",
|
||||
"evidence_refs": [
|
||||
"docs/security/security-mirror-route.snapshot.json",
|
||||
"docs/security/SECURITY-MIRROR-ROUTE.md"
|
||||
|
||||
@@ -16,8 +16,8 @@
|
||||
"risk": "LOW",
|
||||
"summary": "AwoooP 可 mirror Security Supply Chain readiness index,但不得把 readiness 視為執行授權。",
|
||||
"payload_summary": {
|
||||
"total_contracts": 24,
|
||||
"ready_for_mirror_count": 21,
|
||||
"total_contracts": 25,
|
||||
"ready_for_mirror_count": 22,
|
||||
"partial_ready_count": 2,
|
||||
"contract_only_count": 1,
|
||||
"blocked_count": 0,
|
||||
@@ -28,7 +28,8 @@
|
||||
"docs/security/security-mirror-readiness.snapshot.json",
|
||||
"docs/security/SECURITY-MIRROR-INTAKE-PLAN.md",
|
||||
"docs/security/SECURITY-MIRROR-ROUTE.md",
|
||||
"docs/security/SECURITY-MIRROR-ACCEPTANCE.md"
|
||||
"docs/security/SECURITY-MIRROR-ACCEPTANCE.md",
|
||||
"docs/security/SECURITY-MIRROR-QUARANTINE.md"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"execute_mirror_item",
|
||||
@@ -40,7 +41,7 @@
|
||||
"store_secret_value"
|
||||
],
|
||||
"labels": {
|
||||
"phase": "S2.4",
|
||||
"phase": "S2.5",
|
||||
"redacted": "true",
|
||||
"action_surface": "none",
|
||||
"mirror_only": "true"
|
||||
|
||||
@@ -10,19 +10,21 @@
|
||||
"docs/security/security-approval-queue.snapshot.json",
|
||||
"docs/security/security-mirror-event-sample.snapshot.json",
|
||||
"docs/security/security-mirror-route.snapshot.json",
|
||||
"docs/security/security-mirror-acceptance.snapshot.json"
|
||||
"docs/security/security-mirror-acceptance.snapshot.json",
|
||||
"docs/security/security-mirror-quarantine.snapshot.json"
|
||||
],
|
||||
"intake_waves": [
|
||||
{
|
||||
"wave_id": "M0_index_bootstrap",
|
||||
"title": "載入 readiness、manifest、低摩擦 policy、鏡像路由與驗收契約",
|
||||
"title": "載入 readiness、manifest、低摩擦 policy、鏡像路由、驗收與隔離契約",
|
||||
"contracts": [
|
||||
"security_mirror_readiness_v1",
|
||||
"security_supply_chain_contract_manifest_v1",
|
||||
"security_rollout_policy_v1",
|
||||
"security_mirror_event_v1",
|
||||
"security_mirror_route_v1",
|
||||
"security_mirror_acceptance_v1"
|
||||
"security_mirror_acceptance_v1",
|
||||
"security_mirror_quarantine_v1"
|
||||
],
|
||||
"destinations": [
|
||||
"operator_console",
|
||||
@@ -35,14 +37,15 @@
|
||||
"顯示 partial_ready / contract_only 原因",
|
||||
"使用 security_mirror_event_v1 包裝 mirror payload",
|
||||
"依 security_mirror_route_v1 分流目的地與 review lane",
|
||||
"依 security_mirror_acceptance_v1 驗收鏡像資料完整性與脫敏狀態"
|
||||
"依 security_mirror_acceptance_v1 驗收鏡像資料完整性與脫敏狀態",
|
||||
"依 security_mirror_quarantine_v1 隔離驗收失敗 payload"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"runtime_enforcement",
|
||||
"execution_router",
|
||||
"blocking_gate"
|
||||
],
|
||||
"exit_gate": "Operator Console 能顯示 24 個 contract、5 個 route groups 與 7 個 acceptance checks,且 mirror event envelope action_buttons_allowed=false。"
|
||||
"exit_gate": "Operator Console 能顯示 25 個 contract、5 個 route groups、7 個 acceptance checks 與 5 個 quarantine lanes,且 mirror event envelope action_buttons_allowed=false。"
|
||||
},
|
||||
{
|
||||
"wave_id": "M1_kali_visibility",
|
||||
|
||||
128
docs/security/security-mirror-quarantine.snapshot.json
Normal file
128
docs/security/security-mirror-quarantine.snapshot.json
Normal file
@@ -0,0 +1,128 @@
|
||||
{
|
||||
"schema_version": "security_mirror_quarantine_v1",
|
||||
"status": "draft",
|
||||
"date": "2026-05-13",
|
||||
"mode": "mirror_only",
|
||||
"runtime_execution_authorized": false,
|
||||
"source_indexes": [
|
||||
"docs/security/security-mirror-acceptance.snapshot.json",
|
||||
"docs/security/security-mirror-event-sample.snapshot.json",
|
||||
"docs/security/security-mirror-route.snapshot.json",
|
||||
"docs/security/security-supply-chain-contract-manifest.snapshot.json"
|
||||
],
|
||||
"summary": {
|
||||
"total_contracts": 25,
|
||||
"quarantine_lane_count": 5,
|
||||
"auto_retry_allowed": false,
|
||||
"runtime_blocking_allowed": false
|
||||
},
|
||||
"quarantine_lanes": [
|
||||
{
|
||||
"lane_id": "contract_count_mismatch",
|
||||
"trigger_check_id": "CONTRACT_COUNT_MATCH",
|
||||
"owner": "Security Supply Chain Session",
|
||||
"severity": "HIGH",
|
||||
"allowed_processing": [
|
||||
"隔離該批 mirror payload",
|
||||
"顯示 manifest / readiness / route 的 count mismatch",
|
||||
"要求重新產生一致的 snapshot"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"猜測缺漏 contract",
|
||||
"用不完整 contract list 啟動 mirror ingestion",
|
||||
"新增任何 execution action"
|
||||
],
|
||||
"recovery_request": "重新產生 manifest、readiness、route 與 event sample,確保 contract set 完全一致。",
|
||||
"retry_gate": "新 snapshot commit 後才可重新驗收。"
|
||||
},
|
||||
{
|
||||
"lane_id": "missing_event_envelope",
|
||||
"trigger_check_id": "EVENT_ENVELOPE_REQUIRED",
|
||||
"owner": "AwoooP ingestion adapter",
|
||||
"severity": "HIGH",
|
||||
"allowed_processing": [
|
||||
"拒收未帶 security_mirror_event_v1 的 payload",
|
||||
"顯示缺少的 event envelope 欄位",
|
||||
"要求來源補齊 execution_authorized=false 與 action_buttons_allowed=false"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"自動補成可執行事件",
|
||||
"顯示執行按鈕",
|
||||
"把 mirror payload 當 approval item"
|
||||
],
|
||||
"recovery_request": "來源必須重新輸出帶完整 security_mirror_event_v1 信封的 payload。",
|
||||
"retry_gate": "event envelope 完整且不可執行欄位皆為 false。"
|
||||
},
|
||||
{
|
||||
"lane_id": "route_coverage_gap",
|
||||
"trigger_check_id": "ROUTE_GROUP_COVERAGE",
|
||||
"owner": "Security Supply Chain Session",
|
||||
"severity": "MEDIUM",
|
||||
"allowed_processing": [
|
||||
"隔離未知或未路由 contract",
|
||||
"顯示缺漏的 route group 或 destination",
|
||||
"要求補齊 security_mirror_route_v1"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"使用 fallback execution route",
|
||||
"把未知 contract 送進 Approval Queue",
|
||||
"用預設目的地吞掉缺漏"
|
||||
],
|
||||
"recovery_request": "補齊 route group、destinations、channel_policy 與 review_lane。",
|
||||
"retry_gate": "route groups 合併後完整覆蓋 manifest contract set。"
|
||||
},
|
||||
{
|
||||
"lane_id": "redaction_failed",
|
||||
"trigger_check_id": "REDACTION_ONLY",
|
||||
"owner": "Source evidence producer",
|
||||
"severity": "CRITICAL",
|
||||
"allowed_processing": [
|
||||
"拒收含 raw sensitive value 的 payload",
|
||||
"只記錄 redaction failed metadata",
|
||||
"要求來源重新輸出脫敏 snapshot"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"保存 raw secret、token、cookie、private key 或 exploit payload",
|
||||
"把敏感值寫入 Runtime State",
|
||||
"把敏感值寫入 Audit evidence"
|
||||
],
|
||||
"recovery_request": "來源必須移除 raw sensitive value,並只保留 metadata、hash 或 redacted marker。",
|
||||
"retry_gate": "敏感資訊掃描通過後才可重新驗收。"
|
||||
},
|
||||
{
|
||||
"lane_id": "schema_or_json_invalid",
|
||||
"trigger_check_id": "SCHEMA_JSON_PARSE",
|
||||
"owner": "Security Supply Chain Session",
|
||||
"severity": "MEDIUM",
|
||||
"allowed_processing": [
|
||||
"隔離無法 parse 的 snapshot",
|
||||
"顯示 schema / JSON 錯誤",
|
||||
"要求來源修正格式"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"用部分 parse 結果繼續 ingestion",
|
||||
"忽略 schema 錯誤",
|
||||
"將格式錯誤轉成 runtime alert"
|
||||
],
|
||||
"recovery_request": "修正 JSON 與 schema 後重新提交 snapshot。",
|
||||
"retry_gate": "JSON parse 與一致性 assertion 通過。"
|
||||
}
|
||||
],
|
||||
"retry_policy": {
|
||||
"auto_retry_allowed": false,
|
||||
"manual_refresh_required": true,
|
||||
"max_retry_without_new_snapshot": 0
|
||||
},
|
||||
"forbidden_actions": [
|
||||
"start_kali_scan",
|
||||
"call_kali_execute_endpoint",
|
||||
"run_credentialed_scan",
|
||||
"create_github_repo",
|
||||
"change_repo_visibility",
|
||||
"sync_git_refs",
|
||||
"switch_github_primary",
|
||||
"auto_merge",
|
||||
"production_deploy",
|
||||
"store_secret_token_cookie_private_key_or_exploit_payload"
|
||||
]
|
||||
}
|
||||
@@ -5,8 +5,8 @@
|
||||
"default_enforcement_level": "mirror_only",
|
||||
"runtime_execution_authorized": false,
|
||||
"summary": {
|
||||
"total_contracts": 24,
|
||||
"ready_for_mirror_count": 21,
|
||||
"total_contracts": 25,
|
||||
"ready_for_mirror_count": 22,
|
||||
"partial_ready_count": 2,
|
||||
"contract_only_count": 1,
|
||||
"blocked_count": 0
|
||||
@@ -119,6 +119,16 @@
|
||||
"human_docs": ["docs/security/SECURITY-MIRROR-ACCEPTANCE.md"],
|
||||
"notes": "提供 AwoooP mirror-only ingestion 驗收 checks;不作 runtime blocker。"
|
||||
},
|
||||
{
|
||||
"contract": "security_mirror_quarantine_v1",
|
||||
"readiness": "ready_for_mirror",
|
||||
"consumption_mode": "mirror_only",
|
||||
"mirror_allowed": true,
|
||||
"execution_allowed": false,
|
||||
"snapshot_paths": ["docs/security/security-mirror-quarantine.snapshot.json"],
|
||||
"human_docs": ["docs/security/SECURITY-MIRROR-QUARANTINE.md"],
|
||||
"notes": "提供 AwoooP mirror-only 驗收失敗隔離與 retry gate;不授權執行。"
|
||||
},
|
||||
{
|
||||
"contract": "coding_task_v1",
|
||||
"readiness": "contract_only",
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
"docs/security/security-mirror-event-sample.snapshot.json"
|
||||
],
|
||||
"summary": {
|
||||
"total_contracts": 24,
|
||||
"total_contracts": 25,
|
||||
"route_group_count": 5,
|
||||
"channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件;LOW / MEDIUM observation 不發阻擋事件。",
|
||||
"approval_queue_policy": "只有 approval-only、suggest-only 或 blocked-until-approved 項目可進 approval queue;approval queue 不代表可執行。"
|
||||
@@ -26,7 +26,8 @@
|
||||
"security_mirror_event_v1",
|
||||
"security_mirror_intake_plan_v1",
|
||||
"security_mirror_route_v1",
|
||||
"security_mirror_acceptance_v1"
|
||||
"security_mirror_acceptance_v1",
|
||||
"security_mirror_quarantine_v1"
|
||||
],
|
||||
"destinations": [
|
||||
"operator_console",
|
||||
@@ -40,7 +41,8 @@
|
||||
"顯示 mirror-only policy",
|
||||
"顯示每個 wave 的目的地與 blocked processing",
|
||||
"要求所有鏡像 payload 使用 security_mirror_event_v1 信封",
|
||||
"顯示 security_mirror_acceptance_v1 驗收結果"
|
||||
"顯示 security_mirror_acceptance_v1 驗收結果",
|
||||
"顯示 security_mirror_quarantine_v1 隔離 lane 與 retry gate"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"新增執行按鈕",
|
||||
@@ -48,7 +50,7 @@
|
||||
"runtime blocking",
|
||||
"自動批准任何 queue item"
|
||||
],
|
||||
"exit_gate": "AwoooP 可顯示 24 個 contract、5 個 route groups、7 個 acceptance checks,且所有 route 都維持 runtime_execution_authorized=false。"
|
||||
"exit_gate": "AwoooP 可顯示 25 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes,且所有 route 都維持 runtime_execution_authorized=false。"
|
||||
},
|
||||
{
|
||||
"wave_id": "M1_kali_visibility",
|
||||
@@ -185,7 +187,7 @@
|
||||
"acceptance_gates": [
|
||||
{
|
||||
"gate_id": "ROUTE_COVERS_ALL_CONTRACTS",
|
||||
"requirement": "route_groups 合併後必須涵蓋 manifest 的 24 個 contracts。"
|
||||
"requirement": "route_groups 合併後必須涵蓋 manifest 的 25 個 contracts。"
|
||||
},
|
||||
{
|
||||
"gate_id": "NO_EXECUTION_SURFACE",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"schema_version": "security_supply_chain_contract_manifest_v1",
|
||||
"status": "draft",
|
||||
"default_enforcement_level": "mirror_only",
|
||||
"contract_count": 24,
|
||||
"contract_count": 25,
|
||||
"contracts": [
|
||||
{
|
||||
"contract": "security_rollout_policy_v1",
|
||||
@@ -101,7 +101,7 @@
|
||||
"switch_github_primary",
|
||||
"store_secret_value"
|
||||
],
|
||||
"notes": "整理 24 個 Security Supply Chain contracts 的 mirror readiness,供 AwoooP 安全消費。"
|
||||
"notes": "整理 25 個 Security Supply Chain contracts 的 mirror readiness,供 AwoooP 安全消費。"
|
||||
},
|
||||
{
|
||||
"contract": "security_mirror_intake_plan_v1",
|
||||
@@ -180,6 +180,26 @@
|
||||
],
|
||||
"notes": "定義 AwoooP mirror-only ingestion 驗收 checks;只阻擋不完整或未脫敏的鏡像資料,不作 runtime blocker。"
|
||||
},
|
||||
{
|
||||
"contract": "security_mirror_quarantine_v1",
|
||||
"schema_path": "docs/schemas/security_mirror_quarantine_v1.schema.json",
|
||||
"snapshot_paths": ["docs/security/security-mirror-quarantine.snapshot.json"],
|
||||
"human_docs": ["docs/security/SECURITY-MIRROR-QUARANTINE.md"],
|
||||
"consumer": "AwoooP Operator Console / Audit",
|
||||
"consumption_mode": "mirror_only",
|
||||
"allowed_actions": ["mirror_quarantine_lane", "display_recovery_request", "display_retry_gate"],
|
||||
"forbidden_actions": [
|
||||
"auto_retry_failed_payload",
|
||||
"runtime_block_product_flow",
|
||||
"add_action_button",
|
||||
"start_scan",
|
||||
"call_execute_endpoint",
|
||||
"create_repo",
|
||||
"sync_refs",
|
||||
"store_secret_value"
|
||||
],
|
||||
"notes": "定義 AwoooP mirror-only 驗收失敗隔離、修復回報與 retry gate;不作 runtime blocker。"
|
||||
},
|
||||
{
|
||||
"contract": "coding_task_v1",
|
||||
"schema_path": "docs/schemas/coding_task_v1.schema.json",
|
||||
|
||||
Reference in New Issue
Block a user