diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json
index 7e3a16ea5..e75a98d76 100644
--- a/apps/web/messages/en.json
+++ b/apps/web/messages/en.json
@@ -4307,6 +4307,57 @@
"detail": "Finally confirm workflow, runner, deploy key, branch protection, CODEOWNERS, and secret names. Collect names only, never values."
}
}
+ },
+ "ownerResponseValidationBoundary": {
+ "title": "Owner Response Validation Read-only Review Boundary",
+ "subtitle": "The approval queue mirrors the S4.13 validation rollup and the S4.9-S4.12 source intake packets. This is not received response, accepted response, an approval record, repo action, refs action, workflow / secret action, or runtime authorization.",
+ "badge": "Read-only validation boundary",
+ "reviewRefsTitle": "Validation and source intake refs",
+ "boundaryLabel": "Non-approvable boundary",
+ "boundaryTitle": "No approval record can be created here",
+ "boundaryDetail": "This panel only displays four packets, 22 response templates, received / accepted / rejected all still 0, and 8 display sections. It does not create approval records, create repos, mutate refs, change workflows / secrets, collect secret values, switch primary, or open runtime gates.",
+ "openIwooos": "Open IwoooS",
+ "metrics": {
+ "packets": "Response packets",
+ "packetsDetail": "S4.9-S4.12 all still wait for owner response.",
+ "templates": "Response templates",
+ "templatesDetail": "The 22 templates are future intake formats only, not sent, received, or accepted responses.",
+ "received": "Received",
+ "receivedDetail": "Still 0. Approval queue visibility must not rewrite intake state.",
+ "accepted": "Accepted",
+ "acceptedDetail": "Still 0. Only validated redacted evidence can change this.",
+ "rejected": "Rejected",
+ "rejectedDetail": "Still 0. Rejection outcomes cannot exist before human validation.",
+ "displaySections": "Display sections",
+ "displaySectionsDetail": "The 8 display sections explain validation flow, evidence routing, and boundaries only."
+ },
+ "reviewRefs": {
+ "validationRollup": {
+ "title": "S4.13 validation rollup",
+ "detail": "Locks packet separation, cross-packet validation, evidence routing, reviewer checklist, and outcome lanes without creating approval records.",
+ "contract": "source_control_owner_response_validation_rollup_v1"
+ },
+ "giteaAttestation": {
+ "title": "S4.9 Gitea inventory owner attestation",
+ "detail": "Five templates still wait for owner response; this can only display the next intake focus.",
+ "contract": "gitea_inventory_owner_attestation_response_v1"
+ },
+ "githubTarget": {
+ "title": "S4.10 GitHub target owner decision",
+ "detail": "Seven target owner / visibility / canonical responses are not accepted and must not create repos automatically.",
+ "contract": "github_target_owner_decision_response_v1"
+ },
+ "refsTruth": {
+ "title": "S4.11 refs truth owner response",
+ "detail": "Five truth lanes still wait for redacted response and must not sync, delete, or force-push refs.",
+ "contract": "source_control_ref_truth_owner_response_v1"
+ },
+ "workflowSecret": {
+ "title": "S4.12 workflow / secret-name owner response",
+ "detail": "Five name and redacted-evidence lanes still wait for response. Names only, never secret values.",
+ "contract": "source_control_workflow_secret_name_owner_response_v1"
+ }
+ }
}
},
"workItems": {
diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json
index 05035b2f9..3c31b7282 100644
--- a/apps/web/messages/zh-TW.json
+++ b/apps/web/messages/zh-TW.json
@@ -4233,79 +4233,130 @@
"approvals": {
"securityOwnerResponseGate": {
"title": "IwoooS 負責人回覆只讀審查焦點",
- "subtitle": "AwoooP 審批佇列只顯示 S4.9-S4.12 負責人回覆的下一個人工收件焦點;這不是 approval record,也不會開 runtime gate。",
+ "subtitle": "AwoooP 審批佇列只顯示 S4.9-S4.12 負責人回覆的下一個人工收件焦點;這不是審批紀錄,也不會開執行期閘門。",
"badge": "只讀焦點",
"ownerChecksTitle": "負責人回覆收件順序",
"boundaryLabel": "審批邊界",
"boundaryTitle": "目前仍沒有可核准項目",
- "boundaryDetail": "這個面板不送出 request、不標記 received / accepted、不建立 approval record、不呼叫 GitHub / Gitea / Kali,也不新增批准、執行、部署、主要來源切換或 refs 動作。",
+ "boundaryDetail": "這個面板不送出請求、不標記已收到 / 已接受、不建立審批紀錄、不呼叫 GitHub / Gitea / Kali,也不新增批准、執行、部署、主要來源切換或分支 / 標籤參照動作。",
"openIwooos": "開啟 IwoooS",
"metrics": {
"received": "已收到",
- "receivedDetail": "S4.9-S4.12 負責人回覆 received 仍為 0。",
+ "receivedDetail": "S4.9-S4.12 負責人回覆已收到仍為 0。",
"accepted": "已接受",
- "acceptedDetail": "尚未有可接受的脫敏負責人 evidence。",
+ "acceptedDetail": "尚未有可接受的脫敏負責人證據。",
"activeRuntimeGates": "主動執行閘門",
- "activeRuntimeGatesDetail": "任何 runtime gate 仍需獨立批准與 rollback / post-check evidence。",
+ "activeRuntimeGatesDetail": "任何執行期閘門仍需獨立批准、回復方案與事後檢查證據。",
"headline": "整體資安網",
- "headlineDetail": "58% 只在負責人回覆、runtime gate、GitHub 主要來源或 production landing 有 evidence 時重估。"
+ "headlineDetail": "58% 只在負責人回覆、執行期閘門、GitHub 主要來源或正式落地有證據時重估。"
},
"checks": {
"s49OwnerAttestation": {
"title": "S4.9 Gitea 負責人證明",
- "detail": "下一個建議先收;需要回覆 public-only / local gap、org / user endpoint、110 adjacent source、canonical owner 與 legacy disposition。"
+ "detail": "下一個建議先收;需要回覆公開來源限定 / 本地差異、組織 / 使用者端點、110 鄰近來源、標準負責人與舊版處置。"
},
"s410GithubTarget": {
"title": "S4.10 GitHub 目標負責人",
- "detail": "等待 S4.9 之後收斂 7 個 GitHub target 的負責人 / 可見性 / canonical decision。"
+ "detail": "等待 S4.9 之後收斂 7 個 GitHub 目標的負責人 / 可見性 / 標準判定。"
},
"s411RefsTruth": {
- "title": "S4.11 refs 真相負責人回覆",
- "detail": "等待負責人對 main / dev truth、deprecated drift、release tags 與 GitHub-only refs 做脫敏判定。"
+ "title": "S4.11 分支 / 標籤真相負責人回覆",
+ "detail": "等待負責人對主要 / 開發分支真相、棄用漂移、發布標籤與僅存在於 GitHub 的參照做脫敏判定。"
},
"s412WorkflowSecret": {
- "title": "S4.12 workflow / secret 名稱",
- "detail": "等待負責人對 webhook、runner、deploy key、branch protection / CODEOWNERS、secret name parity 做脫敏判定。"
+ "title": "S4.12 工作流程 / 機密名稱",
+ "detail": "等待負責人對網路鉤子、執行器、部署金鑰、分支保護 / CODEOWNERS 與機密名稱一致性做脫敏判定。"
}
}
},
"githubPrimaryReadinessGate": {
"title": "GitHub 主要來源就緒度審批邊界",
- "subtitle": "審批佇列只顯示 GitHub 主要來源前置負責人回覆缺口;這不是 GitHub 主要來源批准,也不會建立 repo、改 refs、收 secret value 或停用 Gitea。",
+ "subtitle": "審批佇列只顯示 GitHub 主要來源前置負責人回覆缺口;這不是 GitHub 主要來源批准,也不會建立專案庫、改分支 / 標籤參照、收機密明文值或停用 Gitea。",
"badge": "只讀審批邊界",
"responseLanesTitle": "負責人回覆路線",
"boundaryLabel": "GitHub 主要來源邊界",
"boundaryTitle": "目前沒有可批准的主要來源切換",
- "boundaryDetail": "這個面板只把 S4.9-S4.12 的收件順序放到審批視野;所有回覆仍為 received=0 / accepted=0,不建立 approval record、不切 GitHub 主要來源、不改 Gitea 主要來源,也不觸發 runtime gate。",
+ "boundaryDetail": "這個面板只把 S4.9-S4.12 的收件順序放到審批視野;所有回覆仍為已收到=0 / 已接受=0,不建立審批紀錄、不切 GitHub 主要來源、不改 Gitea 主要來源,也不觸發執行期閘門。",
"openIwooos": "開啟 IwoooS",
"metrics": {
"giteaOwner": "Gitea 負責人",
- "giteaOwnerDetail": "S4.9 的 5 個負責人證明項目仍未 received / accepted。",
+ "giteaOwnerDetail": "S4.9 的 5 個負責人證明項目仍未收到 / 接受。",
"githubTargetOwner": "GitHub 目標負責人",
- "githubTargetOwnerDetail": "S4.10 的 7 個目標負責人 / 可見性 / canonical 回覆仍未 accepted。",
- "refsTruth": "Refs 真相",
- "refsTruthDetail": "S4.11 的 5 類 refs 真相負責人回覆仍未 accepted。",
- "workflowSecretNames": "工作流程 / secret 名稱",
- "workflowSecretNamesDetail": "S4.12 的 5 類 workflow / secret 名稱負責人回覆仍未 accepted。",
+ "githubTargetOwnerDetail": "S4.10 的 7 個目標負責人 / 可見性 / 標準回覆仍未接受。",
+ "refsTruth": "分支 / 標籤真相",
+ "refsTruthDetail": "S4.11 的 5 類分支 / 標籤真相負責人回覆仍未接受。",
+ "workflowSecretNames": "工作流程 / 機密名稱",
+ "workflowSecretNamesDetail": "S4.12 的 5 類工作流程 / 機密名稱負責人回覆仍未接受。",
"primaryReady": "主要來源就緒數",
"primaryReadyDetail": "仍為 0;審批可見不等於可切主要來源。"
},
"responseLanes": {
"giteaOwnerAttestation": {
"title": "Gitea 清冊負責人證明",
- "detail": "先確認 public-only / local gap、org / user endpoint、110 adjacent source、canonical owner 與 legacy disposition。"
+ "detail": "先確認公開來源限定 / 本地差異、組織 / 使用者端點、110 鄰近來源、標準負責人與舊版處置。"
},
"githubTargetOwner": {
"title": "GitHub 目標負責人決策",
- "detail": "再確認 7 個範圍內目標的負責人、可見性與 canonical target,不自動建立 repo。"
+ "detail": "再確認 7 個範圍內目標的負責人、可見性與標準目標,不自動建立專案庫。"
},
"refsTruthOwner": {
- "title": "Refs 真相負責人回覆",
- "detail": "接著確認 main / dev truth、deprecated drift、release tags 與 GitHub-only refs,不 sync / delete / force push。"
+ "title": "分支 / 標籤真相負責人回覆",
+ "detail": "接著確認主要 / 開發分支真相、棄用漂移、發布標籤與僅存在於 GitHub 的參照,不同步、刪除或強制推送。"
},
"workflowSecretOwner": {
- "title": "工作流程 / secret 名稱負責人回覆",
- "detail": "最後確認 workflow、runner、deploy key、branch protection、CODEOWNERS 與 secret 名稱;只收名稱,不收 value。"
+ "title": "工作流程 / 機密名稱負責人回覆",
+ "detail": "最後確認工作流程、執行器、部署金鑰、分支保護、CODEOWNERS 與機密名稱;只收名稱,不收明文值。"
+ }
+ }
+ },
+ "ownerResponseValidationBoundary": {
+ "title": "負責人回覆驗收只讀審查邊界",
+ "subtitle": "審批佇列同步顯示 S4.13 驗收彙整與 S4.9-S4.12 四個來源收件包;這不是已收到、已接受、審批紀錄、專案庫動作、分支 / 標籤參照動作、工作流程 / 機密設定動作或執行期授權。",
+ "badge": "只讀驗收邊界",
+ "reviewRefsTitle": "驗收與來源收件參照",
+ "boundaryLabel": "不可批准邊界",
+ "boundaryTitle": "目前沒有可建立的審批紀錄",
+ "boundaryDetail": "這個面板只顯示四包、22 個回覆範本、已收到 / 已接受 / 已拒收都仍為 0,以及 8 個可顯示區塊;不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不收機密明文值、不切主要來源,也不開執行期閘門。",
+ "openIwooos": "開啟 IwoooS",
+ "metrics": {
+ "packets": "回覆包",
+ "packetsDetail": "S4.9-S4.12 四包仍等待負責人回覆。",
+ "templates": "回覆範本",
+ "templatesDetail": "22 個範本只代表未來可收件格式,不代表已送出、已收到或已接受。",
+ "received": "已收到",
+ "receivedDetail": "目前仍為 0;審批佇列可見不得改寫收件狀態。",
+ "accepted": "已接受",
+ "acceptedDetail": "目前仍為 0;只有脫敏證據通過驗收後才能改變。",
+ "rejected": "已拒收",
+ "rejectedDetail": "目前仍為 0;未進入人工驗收前不得產生拒收結果。",
+ "displaySections": "顯示區塊",
+ "displaySectionsDetail": "8 個顯示區塊只用於說明驗收流程、證據路由與邊界。"
+ },
+ "reviewRefs": {
+ "validationRollup": {
+ "title": "S4.13 驗收彙整",
+ "detail": "固定四包、跨包驗收、證據路由、審查清單與結果分流,但不產生審批紀錄。",
+ "contract": "source_control_owner_response_validation_rollup_v1"
+ },
+ "giteaAttestation": {
+ "title": "S4.9 Gitea 清冊負責人證明",
+ "detail": "5 個範本仍等待負責人回覆;目前只能顯示下一個收件焦點。",
+ "contract": "gitea_inventory_owner_attestation_response_v1"
+ },
+ "githubTarget": {
+ "title": "S4.10 GitHub 目標負責人決策",
+ "detail": "7 個目標負責人 / 可見性 / 標準回覆仍未接受,不得自動建立專案庫。",
+ "contract": "github_target_owner_decision_response_v1"
+ },
+ "refsTruth": {
+ "title": "S4.11 分支 / 標籤真相負責人回覆",
+ "detail": "5 類真相判定仍等待脫敏回覆,不得同步、刪除或強制推送分支 / 標籤參照。",
+ "contract": "source_control_ref_truth_owner_response_v1"
+ },
+ "workflowSecret": {
+ "title": "S4.12 工作流程 / 機密名稱負責人回覆",
+ "detail": "5 類名稱與脫敏證據仍等待回覆;只允許名稱清冊,不允許機密明文值。",
+ "contract": "source_control_workflow_secret_name_owner_response_v1"
}
}
}
diff --git a/apps/web/src/app/[locale]/awooop/approvals/page.tsx b/apps/web/src/app/[locale]/awooop/approvals/page.tsx
index cc7102074..dfb9f36eb 100644
--- a/apps/web/src/app/[locale]/awooop/approvals/page.tsx
+++ b/apps/web/src/app/[locale]/awooop/approvals/page.tsx
@@ -493,6 +493,145 @@ function GitHubPrimaryReadinessApprovalBoundaryPanel() {
);
}
+function OwnerResponseValidationApprovalBoundaryPanel() {
+ const t = useTranslations("awooop.approvals.ownerResponseValidationBoundary");
+ const metrics = [
+ {
+ label: t("metrics.packets"),
+ value: "4",
+ detail: t("metrics.packetsDetail"),
+ },
+ {
+ label: t("metrics.templates"),
+ value: "22",
+ detail: t("metrics.templatesDetail"),
+ },
+ {
+ label: t("metrics.received"),
+ value: "0",
+ detail: t("metrics.receivedDetail"),
+ },
+ {
+ label: t("metrics.accepted"),
+ value: "0",
+ detail: t("metrics.acceptedDetail"),
+ },
+ {
+ label: t("metrics.rejected"),
+ value: "0",
+ detail: t("metrics.rejectedDetail"),
+ },
+ {
+ label: t("metrics.displaySections"),
+ value: "8",
+ detail: t("metrics.displaySectionsDetail"),
+ },
+ ];
+ const reviewRefs = [
+ {
+ phase: "S4.13",
+ key: "validationRollup",
+ contract: "source_control_owner_response_validation_rollup_v1",
+ },
+ {
+ phase: "S4.9",
+ key: "giteaAttestation",
+ contract: "gitea_inventory_owner_attestation_response_v1",
+ },
+ {
+ phase: "S4.10",
+ key: "githubTarget",
+ contract: "github_target_owner_decision_response_v1",
+ },
+ {
+ phase: "S4.11",
+ key: "refsTruth",
+ contract: "source_control_ref_truth_owner_response_v1",
+ },
+ {
+ phase: "S4.12",
+ key: "workflowSecret",
+ contract: "source_control_workflow_secret_name_owner_response_v1",
+ },
+ ];
+
+ return (
+
+
+
+
+
+
{t("title")}
+
{t("subtitle")}
+
+
+
+ {t("badge")}
+
+
+
+ {metrics.map((item) => (
+
+
{item.label}
+
{item.value}
+
{item.detail}
+
+ ))}
+
+
+
+
+ {t("reviewRefsTitle")}
+
+
+ {reviewRefs.map((item) => (
+
+
{item.phase}
+
+
+ {t(`reviewRefs.${item.key}.title`)}
+
+
+ {t(`reviewRefs.${item.key}.detail`)}
+
+
+ {item.contract}
+
+
+
+ ))}
+
+
+
+
{t("boundaryLabel")}
+
{t("boundaryTitle")}
+
{t("boundaryDetail")}
+
+ owner_response_validation_received_count=0
+ owner_response_validation_accepted_count=0
+ owner_response_validation_rejected_count=0
+ approval_record_created=false
+ repo_creation_authorized=false
+ refs_sync_authorized=false
+ workflow_modification_authorized=false
+ secret_value_collection_allowed=false
+ github_primary_switch_authorized=false
+ runtime_execution_authorized=false
+ action_buttons_allowed=false
+
+
+ {t("openIwooos")}
+
+
+
+
+
+ );
+}
+
// =============================================================================
// Main Component
// =============================================================================
@@ -559,7 +698,7 @@ export default function ApprovalsPage() {
{
label: "待人工決策",
value: approvals.length,
- detail: "等待 approve / reject 的唯一佇列",
+ detail: "等待批准 / 駁回的唯一佇列",
icon: ShieldCheck,
className: "border-[#d9b36f] bg-[#fff7e8] text-[#8a5a08]",
},
@@ -573,7 +712,7 @@ export default function ApprovalsPage() {
{
label: "已逾時",
value: expiredCount,
- detail: "不得再自動 resume",
+ detail: "不得再自動恢復",
icon: TriangleAlert,
className: "border-[#e2a29b] bg-[#fff0ef] text-[#9f2f25]",
},
@@ -662,6 +801,7 @@ export default function ApprovalsPage() {
+
@@ -700,7 +840,7 @@ export default function ApprovalsPage() {
審批佇列為空
-
目前沒有待審批的 Run
+
目前沒有待審批的執行項目
)}
@@ -712,16 +852,16 @@ export default function ApprovalsPage() {
|
- Run ID
+ 執行 ID
|
- Project ID
+ 專案 ID
|
- Agent
+ AI 代理
|
- 處置 Lane
+ 處置路線
|
{tEvidence("column")}
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index f917cd05e..92b4fe568 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -1,3 +1,17 @@
+## 2026-05-21 | 資安供應鏈 S2.75:AwoooP 審批佇列負責人回覆驗收只讀審查邊界
+
+**背景**:S2.72 已把負責人回覆驗收放進 AwoooP 首頁,S2.73 已同步到工作鏈路,S2.74 已同步到合約儀表板;審批佇列仍需要同一個驗收邊界,避免使用者把「審批頁可見」誤認成負責人回覆已收到、已接受或可以建立審批紀錄。
+
+**完成**:
+- `/awooop/approvals` 新增「負責人回覆驗收只讀審查邊界」,顯示 S4.13 驗收彙整、S4.9 Gitea 清冊負責人證明、S4.10 GitHub 目標負責人決策、S4.11 分支 / 標籤真相負責人回覆與 S4.12 工作流程 / 機密名稱負責人回覆五個參照。
+- 審批邊界顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0 與 8 個顯示區塊,並連回 `/iwooos`。
+- `security_mirror_status_rollup_v1` 新增 `s2_75_awooop_approvals_owner_response_validation_boundary` 與 `show_awooop_approvals_owner_response_validation_boundary`。
+- `security-mirror-progress-guard.py` 已驗證審批邊界元件、i18n 鍵、五個來源參照、繁體中文 scoped guard 與 `false` 邊界。
+
+**仍禁止**:
+- S2.75 是 AwoooP 審批佇列只讀呈現,不代表負責人回覆已收到 / 已接受、審批紀錄已建立、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、機密明文值收集、GitHub 主要來源切換、Gitea 停用、Kali `/execute`、SSH 登入、主機更新、阻擋型控制或執行期閘門。
+- 整體資安網百分比仍是 58%;框架 / 治理 / 文件 / 結構定義 / 只讀證據仍約 80-85%;真正落地執行 / 執行期匯入 / GitHub 主要來源 / AwoooP 正式入口仍約 35-40%。
+
## 2026-05-21 | 資安供應鏈 S2.74:AwoooP 合約儀表板負責人回覆驗收契約只讀候選
**背景**:S2.72 已把負責人回覆驗收放進 AwoooP 首頁,S2.73 已同步到工作鏈路;合約儀表板仍只看得到 IwoooS 資安契約與 GitHub 主要來源就緒度,尚未把 S4.13 驗收 rollup 與四個來源收件包清楚呈現。
diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
index a983d1564..f6adfcc02 100644
--- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
+++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
@@ -56,6 +56,7 @@
| AwoooP 首頁負責人回覆驗收總覽 | S2.72 已在 `/awooop` 顯示四包負責人回覆驗收總覽;S4.9/S4.10/S4.11/S4.12、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目、7 條審查結果分流;仍不標記負責人回覆已收到 / 已接受、不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不收機密明文值、不切主要來源、不開執行期閘門 |
| AwoooP 工作鏈路負責人回覆驗收只讀工作項 | S2.73 已在 `/awooop/work-items` 顯示四包負責人回覆驗收只讀工作項;22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊;仍不把工作項當成已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門 |
| AwoooP 合約儀表板負責人回覆驗收契約只讀候選 | S2.74 已在 `/awooop/contracts` 顯示負責人回覆驗收契約只讀候選;S4.13 rollup 與 S4.9-S4.12 四個來源收件包、22 個回覆範本、已收到=0、已接受=0、8 個顯示區塊;仍不把合約候選當成已收到 / 已接受、審批紀錄、合約發布、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門 |
+| AwoooP 審批佇列負責人回覆驗收只讀審查邊界 | S2.75 已在 `/awooop/approvals` 顯示負責人回覆驗收只讀審查邊界;S4.13 驗收彙整與 S4.9-S4.12 四個來源收件包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、8 個顯示區塊;仍不把審批邊界當成已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門 |
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
| Runtime actions | `false` |
| Payload ingestion | `false` |
@@ -177,6 +178,7 @@
| S2.71 AwoooP run detail Traditional Chinese wording guard | framework detail | 0 | 只把 AwoooP 執行詳情、審批決策與事件證據使用者可見英文標籤改成繁體中文,並由 `security-mirror-progress-guard.py` scoped guard 阻擋 Trace ID、Trigger、Tool、Scope、Dry-run、Tools、Incident Evidence、Run state、audit trail 等英文文案回流;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 approval record、不執行 runtime、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea |
| S2.73 AwoooP work-items owner response validation candidate | framework detail | 0 | 只在 `/awooop/work-items` 顯示四包負責人回覆驗收只讀工作項,呈現回覆包=4、範本=22、已收到=0、已接受=0、已拒收=0、跨包驗收=10、證據路由=6、顯示區塊=8;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立審批紀錄、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea |
| S2.74 AwoooP contracts owner response validation candidate | framework detail | 0 | 只在 `/awooop/contracts` 顯示負責人回覆驗收契約只讀候選,呈現四包、範本=22、已收到=0、已接受=0、顯示區塊=8、S4.13 rollup 與 S4.9-S4.12 四個來源收件包;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、approval_record_created=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不發布合約、不建立審批紀錄、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea |
+| S2.75 AwoooP approvals owner response validation boundary | framework detail | 0 | 只在 `/awooop/approvals` 顯示負責人回覆驗收只讀審查邊界,呈現四包、範本=22、已收到=0、已接受=0、已拒收=0、顯示區塊=8、S4.13 與 S4.9-S4.12 五個來源參照;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、owner_response_validation_rejected_count=0、approval_record_created=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立審批紀錄、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea |
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence:
diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
index f19025852..d9e17eaba 100644
--- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
+++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
@@ -5,7 +5,7 @@
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 |
-| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 + AwoooP 合約儀表板負責人回覆驗收契約只讀候選 |
+| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 + AwoooP 合約儀表板負責人回覆驗收契約只讀候選 + AwoooP 審批佇列負責人回覆驗收只讀審查邊界 |
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -28,7 +28,7 @@ python3 scripts/security/security-mirror-progress-guard.py
### 0.2 Headline 58% 不代表停滯
-近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.74 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
+近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.75 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。這五個 gate 目前仍全部是 0 / false,所以 headline 不應被灌水提高。
@@ -137,6 +137,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons
| S2.72 AwoooP 首頁負責人回覆驗收總覽 | 已完成草案,在 `/awooop` 顯示 S4.9/S4.10/S4.11/S4.12 四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0 與人工審查驗收檢查;仍不標記負責人回覆已收到 / 已接受、不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不開執行期閘門 | 0 |
| S2.73 AwoooP 工作鏈路負責人回覆驗收只讀工作項 | 已完成草案,在 `/awooop/work-items` 顯示四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊;仍不把工作項當成已收到 / 已接受、審批紀錄、主要來源切換或執行期閘門 | 0 |
| S2.74 AwoooP 合約儀表板負責人回覆驗收契約只讀候選 | 已完成草案,在 `/awooop/contracts` 顯示 S4.13 rollup、四個來源收件包、22 個回覆範本、已收到=0、已接受=0 與 8 個顯示區塊;仍不把合約候選當成已收到 / 已接受、審批紀錄、合約發布、主要來源切換或執行期閘門 | 0 |
+| S2.75 AwoooP 審批佇列負責人回覆驗收只讀審查邊界 | 已完成草案,在 `/awooop/approvals` 顯示 S4.13 驗收彙整、四個來源收件包、22 個回覆範本、已收到=0、已接受=0、已拒收=0 與 8 個顯示區塊;仍不把審批邊界當成已收到 / 已接受、審批紀錄、主要來源切換或執行期閘門 | 0 |
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
@@ -230,6 +231,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
| S2.72 AwoooP 首頁負責人回覆驗收總覽 | 完成草案 | `/awooop` 新增四包負責人回覆驗收總覽,顯示 22 個範本、0 已收到、0 已接受、0 已拒收、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目與 7 條審查結果分流 | 使用者能在首頁看懂 GitHub 主要來源前真正卡住的是負責人證據收件與驗收;總覽仍不是審批紀錄、負責人回覆已接受、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、GitHub 主要來源或執行期閘門 |
| S2.73 AwoooP 工作鏈路負責人回覆驗收只讀工作項 | 完成草案 | `/awooop/work-items` 新增四包負責人回覆驗收工作項,顯示 22 個範本、0 已收到、0 已接受、0 已拒收、10 個跨包驗收、6 條證據路由與 8 個顯示區塊,並連回 `/iwooos` | 使用者與另一個 AwoooP Session 能在工作鏈路理解 GitHub 主要來源真正等待負責人回覆驗收;工作項仍不是審批紀錄、已接受回覆、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 |
| S2.74 AwoooP 合約儀表板負責人回覆驗收契約只讀候選 | 完成草案 | `/awooop/contracts` 新增負責人回覆驗收契約候選,顯示 S4.13 rollup、S4.9-S4.12 四個來源收件包、22 個範本、0 已收到、0 已接受與 8 個顯示區塊 | 使用者與另一個 AwoooP Session 能在合約控制面理解負責人回覆驗收仍只是只讀契約缺口;合約候選仍不是合約發布、審批紀錄、已接受回覆、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 |
+| S2.75 AwoooP 審批佇列負責人回覆驗收只讀審查邊界 | 完成草案 | `/awooop/approvals` 新增負責人回覆驗收只讀審查邊界,顯示 S4.13 驗收彙整、S4.9-S4.12 四個來源收件包、22 個範本、0 已收到、0 已接受、0 已拒收與 8 個顯示區塊 | 使用者與另一個 AwoooP Session 能在審批佇列理解負責人回覆驗收仍只是只讀審查缺口;審批邊界仍不是審批紀錄、已接受回覆、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 |
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |
diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json
index 1c8b77416..b13b2b3fe 100644
--- a/docs/security/security-mirror-status-rollup.snapshot.json
+++ b/docs/security/security-mirror-status-rollup.snapshot.json
@@ -1358,6 +1358,18 @@
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
+ },
+ {
+ "delta_id": "s2_75_awooop_approvals_owner_response_validation_boundary",
+ "display_order": 104,
+ "completed_stage": "S2.75 AwoooP 審批佇列負責人回覆驗收只讀審查邊界",
+ "progress_axis": "framework_detail",
+ "headline_percent_delta": 0,
+ "framework_delta_visible": true,
+ "why_headline_unchanged": "AwoooP 審批佇列只新增負責人回覆驗收只讀審查邊界,顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、8 個顯示區塊與 S4.13 / S4.9-S4.12 來源收件參照;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false,不標記負責人回覆已收到 / 已接受、不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不收機密明文值、不切主要來源、不停用 Gitea。",
+ "runtime_delta": false,
+ "execution_authorized": false,
+ "not_authorization": true
}
],
"next_safe_actions": [
@@ -1650,6 +1662,22 @@
"從 AwoooP approvals 切 GitHub primary、停用 Gitea 或把 request-ready 當 owner response accepted"
]
},
+ {
+ "action_id": "show_awooop_approvals_owner_response_validation_boundary",
+ "title": "AwoooP 審批佇列顯示負責人回覆驗收只讀審查邊界",
+ "mode": "observe",
+ "source_contract": "security_mirror_status_rollup_v1",
+ "allowed_processing": [
+ "在 /awooop/approvals 顯示 S2.75 負責人回覆驗收只讀審查邊界",
+ "顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、8 個顯示區塊與 S4.13 / S4.9-S4.12 來源收件參照",
+ "連到 /iwooos 只讀入口,不新增審批紀錄、專案庫、可見性、分支 / 標籤參照、工作流程、機密設定、主要來源或 Gitea 停用動作"
+ ],
+ "blocked_processing": [
+ "把 AwoooP 審批佇列負責人回覆驗收邊界當成負責人回覆已收到或已接受",
+ "從 AwoooP approvals 建立審批紀錄、建立專案庫、改可見性、同步 / 刪除 / 強制推送分支或標籤參照,或收機密明文值",
+ "從 AwoooP approvals 切 GitHub 主要來源、停用 Gitea 或開執行期閘門"
+ ]
+ },
{
"action_id": "show_awooop_home_github_primary_readiness_summary",
"title": "AwoooP 首頁顯示 GitHub Primary Readiness 只讀摘要",
@@ -2117,7 +2145,8 @@
"S2.71 修正 AwoooP 執行詳情、審批決策與事件證據繁體中文呈現;zh-TW 前端文案將 Trace ID、Trigger、Trigger Ref、Tool、Scope、First-class、Policy enforced、Approval executor、Legacy bridge、Dry-run、Tools、Incident Evidence、Run state、audit trail 等使用者可見英文標籤改成繁體中文,並由 security-mirror-progress-guard.py 新增 scoped guard 阻擋回流;保留 run_id、project_id、trace_id、MCP Gateway、Runtime、ADR-100 與 false flags 作為技術名詞或證據鍵值;runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不建立 approval record、不執行 runtime、不建立 repo、不改 refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea。",
"S2.72 新增 AwoooP 首頁負責人回覆驗收總覽;/awooop 顯示 S4.9/S4.10/S4.11/S4.12 四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目與 7 條審查結果分流;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把首頁驗收總覽當負責人回覆已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。",
"S2.73 新增 AwoooP 工作鏈路負責人回覆驗收只讀工作項;/awooop/work-items 顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把工作鏈路工作項當負責人回覆已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。",
- "S2.74 新增 AwoooP 合約儀表板負責人回覆驗收契約只讀候選;/awooop/contracts 顯示四包、22 個回覆範本、已收到=0、已接受=0、8 個顯示區塊、source_control_owner_response_validation_rollup_v1 與四個來源收件包參照;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、approval_record_created=false、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把合約候選當負責人回覆已收到 / 已接受、審批紀錄、合約發布、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。"
+ "S2.74 新增 AwoooP 合約儀表板負責人回覆驗收契約只讀候選;/awooop/contracts 顯示四包、22 個回覆範本、已收到=0、已接受=0、8 個顯示區塊、source_control_owner_response_validation_rollup_v1 與四個來源收件包參照;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、approval_record_created=false、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把合約候選當負責人回覆已收到 / 已接受、審批紀錄、合約發布、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。",
+ "S2.75 新增 AwoooP 審批佇列負責人回覆驗收只讀審查邊界;/awooop/approvals 顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、8 個顯示區塊、source_control_owner_response_validation_rollup_v1 與四個來源收件包參照;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、owner_response_validation_rejected_count=0、approval_record_created=false、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把審批邊界當負責人回覆已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。"
],
"forbidden_actions": [
"start_kali_scan",
diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py
index f9512bdf1..eb851e906 100755
--- a/scripts/security/security-mirror-progress-guard.py
+++ b/scripts/security/security-mirror-progress-guard.py
@@ -308,6 +308,7 @@ def validate(root: Path) -> None:
"s2_72_awooop_home_owner_response_validation_rollup",
"s2_73_awooop_work_items_owner_response_validation_candidate",
"s2_74_awooop_contracts_owner_response_validation_candidate",
+ "s2_75_awooop_approvals_owner_response_validation_boundary",
]
assert_equal(
"progress_delta_ledger.delta_ids",
@@ -422,6 +423,11 @@ def validate(root: Path) -> None:
[item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
"show_awooop_approvals_github_primary_readiness_boundary",
)
+ assert_contains(
+ "rollup.next_safe_actions.action_ids",
+ [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
+ "show_awooop_approvals_owner_response_validation_boundary",
+ )
assert_contains(
"rollup.next_safe_actions.action_ids",
[item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
@@ -566,6 +572,31 @@ def validate(root: Path) -> None:
forbidden,
)
+ zh_awooop_approvals_owner_validation_text = "\n".join(
+ collect_string_values(web_messages_zh["awooop"]["approvals"]["ownerResponseValidationBoundary"])
+ )
+ for forbidden in [
+ "secret value",
+ "workflow / secret",
+ "runtime gate",
+ "runtime enforcement",
+ "approval record",
+ "repo action",
+ "repo 建立",
+ "repo / refs",
+ "refs action",
+ "refs 動作",
+ "sync / delete / force push",
+ "received / accepted",
+ "received / accepted / rejected",
+ "waiting owner response",
+ ]:
+ assert_text_not_contains(
+ "web_messages.zh-TW.awooop_approvals_owner_validation_wording",
+ zh_awooop_approvals_owner_validation_text,
+ forbidden,
+ )
+
zh_awooop_home_security_text = json.dumps(
{
"securityMirror": web_messages_zh["awooop"]["home"]["securityMirror"],
@@ -5805,6 +5836,57 @@ def validate(root: Path) -> None:
key,
)
+ assert_text_contains(
+ "awooop_approvals_page.owner_response_validation_boundary_panel",
+ awooop_approvals_page,
+ "OwnerResponseValidationApprovalBoundaryPanel",
+ )
+ assert_text_contains("awooop_approvals_page.owner_response_validation_iwooos_link", awooop_approvals_page, 'href="/iwooos"')
+ for text in [
+ "owner_response_validation_received_count=0",
+ "owner_response_validation_accepted_count=0",
+ "owner_response_validation_rejected_count=0",
+ "approval_record_created=false",
+ "repo_creation_authorized=false",
+ "refs_sync_authorized=false",
+ "workflow_modification_authorized=false",
+ "secret_value_collection_allowed=false",
+ "github_primary_switch_authorized=false",
+ "runtime_execution_authorized=false",
+ "action_buttons_allowed=false",
+ ]:
+ assert_text_contains("awooop_approvals_page.owner_response_validation_boundary", awooop_approvals_page, text)
+ for text in [
+ "source_control_owner_response_validation_rollup_v1",
+ "gitea_inventory_owner_attestation_response_v1",
+ "github_target_owner_decision_response_v1",
+ "source_control_ref_truth_owner_response_v1",
+ "source_control_workflow_secret_name_owner_response_v1",
+ ]:
+ assert_text_contains("awooop_approvals_page.owner_response_validation_refs", awooop_approvals_page, text)
+ for key in [
+ "title",
+ "subtitle",
+ "badge",
+ "reviewRefsTitle",
+ "boundaryLabel",
+ "boundaryTitle",
+ "boundaryDetail",
+ "openIwooos",
+ "metrics",
+ "reviewRefs",
+ ]:
+ assert_contains(
+ "web_messages.zh-TW.awooop.approvals.ownerResponseValidationBoundary",
+ list(web_messages_zh["awooop"]["approvals"]["ownerResponseValidationBoundary"].keys()),
+ key,
+ )
+ assert_contains(
+ "web_messages.en.awooop.approvals.ownerResponseValidationBoundary",
+ list(web_messages_en["awooop"]["approvals"]["ownerResponseValidationBoundary"].keys()),
+ key,
+ )
+
assert_text_contains("awooop_contracts_page.security_contract_candidate_panel", awooop_contracts_page, "SecurityContractCandidatePanel")
assert_text_contains("awooop_contracts_page.iwooos_link", awooop_contracts_page, 'href="/iwooos"')
assert_text_contains("awooop_contracts_page.project_header_traditional_chinese", awooop_contracts_page, "專案 ID")
|