docs(security): add gitea inventory export request gate [skip ci]

This commit is contained in:
Your Name
2026-05-13 20:33:24 +08:00
parent 9bcf865327
commit eecc1c2de1
19 changed files with 572 additions and 25 deletions

View File

@@ -8,6 +8,7 @@
| 事件 | `gitea_repo_inventory_v1` |
| Approval package | `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md` |
| Redaction checklist | `docs/security/GITEA-ADMIN-EXPORT-REDACTION-CHECKLIST.md` |
| S4.5 export request | `docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md` |
| 原則 | 不寫入 Gitea、不搬 secret value、不建立或刪除 repo |
## 0. 核心結論
@@ -27,6 +28,8 @@
上述兩條非 public-only 路徑都必須先走 `docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md`,不得在對話、文件或 LOGBOOK 中保存 token value。
S4.5 已補 `gitea_authenticated_inventory_export_request_v1`:正式要求 authenticated inventory 或 admin export 必須解釋 public-only 2 個 repos 與本機 Gitea remote 4 個 unique repos 的 coverage gap且輸出仍只能是 `gitea_repo_inventory_v1.status=ok` evidence。
## 1. Public-only 快照指令
```bash