diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 95d37061b..554418df3 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,20 @@ +## 2026-05-18 | 資安供應鏈 S2.6:Dry-run 納入 Owner Response Guard + +**背景**:S4.13 已新增 owner response guard;本輪把它接進 AwoooP mirror dry-run,避免 AwoooP dry-run 只檢查 58% 進度估算,卻漏掉真正會推動 GitHub primary / refs / workflow-secret readiness 的 owner response 缺口。 + +**完成**: +- `security_mirror_dry_run_v1` snapshot 新增 `CHECK_OWNER_RESPONSE_GUARD` dry-run step,dry-run steps 從 7 增至 8。 +- dry-run source indexes 新增 `source-control-owner-response-validation-rollup.snapshot.json`。 +- `latest_local_validation` 指令改為同時跑 `security-mirror-progress-guard.py` 與 `source-control-owner-response-guard.py`,結果記錄為 `SECURITY_MIRROR_PROGRESS_GUARD_OK; SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `security-mirror-progress-guard.py` 增加 dry-run step 與 latest local validation 斷言,要求 dry-run 必須包含 `CHECK_OWNER_RESPONSE_GUARD`。 +- 更新 AwoooP checklist、handoff、route / intake exit gate、status rollup 與 progress 文件,對齊 8 個 dry-run steps 與 8 個 acceptance checks。 + +**仍禁止**: +- 不把 owner response guard pass 當成 owner response 已收到。 +- 不把 dry-run pass 當成 production ingestion。 +- 不建立 GitHub repo、不修改 visibility、不 sync refs、不切 GitHub primary、不修改 workflow / secret / runner。 +- 不新增 action button。 + ## 2026-05-18 | 資安供應鏈 S4.13:Owner Response Guard **背景**:目前整體進度要往上推,關鍵不是再新增 enforcement,而是收斂 S4.9 / S4.10 / S4.11 / S4.12 四包 owner response。為了避免 AwoooP 或平行 Session 把「guard pass」誤讀成 owner response 已收到,本輪新增可重跑的只讀 guard。 diff --git a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md index 8a4925fad..c668bdfff 100644 --- a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md +++ b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md @@ -40,7 +40,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 | `security_mirror_route_v1` | AwoooP 鏡像路由矩陣 | Operator Console、Runtime State、Channel Event、Audit、Approval Queue | mirror-only | 只決定目的地、channel policy 與 review lane,不作 execution router | | `security_mirror_acceptance_v1` | AwoooP 鏡像驗收契約 | Operator Console、Runtime State、Audit | mirror-only | 只驗收 contract count、event envelope、route coverage、redaction、progress estimate guard;不作 runtime blocker | | `security_mirror_quarantine_v1` | AwoooP 鏡像隔離契約 | Operator Console、Audit | mirror-only | 只隔離驗收失敗 payload、顯示 recovery request 與 retry gate;不作 runtime blocker | -| `security_mirror_dry_run_v1` | AwoooP 鏡像 dry-run 報告契約 | Operator Console、Audit | mirror-only | 只回報接入演練結果,且必須包含 progress guard 與 latest local validation;不得轉成 production ingestion | +| `security_mirror_dry_run_v1` | AwoooP 鏡像 dry-run 報告契約 | Operator Console、Audit | mirror-only | 只回報接入演練結果,且必須包含 progress guard、owner response guard 與 latest local validation;不得轉成 production ingestion | | `security_mirror_status_rollup_v1` | AwoooP 鏡像狀態彙整契約 | Operator Console、Runtime State、Audit | mirror-only | 只顯示階段狀態、58% 進度估算、下一個 gate 與禁止事項;不得視為 runtime authorization | | `source_control_owner_response_validation_rollup_v1` | S4.9 / S4.10 / S4.11 / S4.12 owner response validation rollup | Operator Console、Source-control review、Audit | mirror-only | 只顯示四包 response packets、22 個 templates、10 個 cross-packet checks、quarantine rules 與 latest local validation;不得視為 approval 或 runtime gate | | `coding_task_v1` | Code Review / Codex Security / manual review | Approval candidate、Channel Event、Audit | suggest-only | 不自動開 patch runner、不自動 merge | @@ -110,7 +110,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 | `security_mirror_route_v1.status=draft` | `observe` | 顯示 5 個 route groups、channel policy 與 review lane;不得轉成 execution router | | `security_mirror_acceptance_v1.status=draft` | `observe` | 顯示 8 個 acceptance checks,其中 progress estimate guard 必須確認 58% 不是執行授權;只可驗收鏡像資料,不得阻擋 runtime | | `security_mirror_quarantine_v1.status=draft` | `observe` | 顯示 5 個 quarantine lanes、recovery request 與 retry gate;不得自動重試失敗 payload | -| `security_mirror_dry_run_v1.dry_run_status=contract_defined_not_executed` | `observe` | 顯示 7 個 dry-run steps 與 `latest_local_validation.status=repo_snapshot_guard_pass`;`CHECK_PROGRESS_GUARD` 必須維持 58% 不是執行授權,不得視為 production ingestion 已啟用 | +| `security_mirror_dry_run_v1.dry_run_status=contract_defined_not_executed` | `observe` | 顯示 8 個 dry-run steps 與 `latest_local_validation.status=repo_snapshot_guard_pass`;`CHECK_PROGRESS_GUARD` 必須維持 58% 不是執行授權,`CHECK_OWNER_RESPONSE_GUARD` 必須維持 owner response received / accepted 皆為 0,不得視為 production ingestion 已啟用 | | `security_mirror_status_rollup_v1.rollup_status=framework_ready_waiting_approval` | `observe` | 顯示 S0-S4 階段、58% 進度估算、approval queue summary 與下一個 gate;不得新增 execution action | | `source_control_owner_response_validation_rollup_v1.status=draft_waiting_owner_responses` | `observe` | 顯示四包 owner response packets、22 個 templates、received / accepted / rejected 皆為 0,且 `latest_local_validation.result=SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`;不得當成 approval 或 execution authorization | | `coding_task_v1.risk=LOW|MEDIUM` | `warn` | 可排入 Codex patch-only backlog | diff --git a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md index 1cdc57fbc..18c4b5328 100644 --- a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md +++ b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md @@ -357,9 +357,9 @@ Schema:`docs/schemas/security_mirror_dry_run_v1.schema.json` Snapshot:`docs/security/security-mirror-dry-run.snapshot.json` -目前 dry-run:6 個 steps;`dry_run_status=contract_defined_not_executed`,尚未代表 AwoooP 已實際執行 dry-run。 +目前 dry-run:8 個 steps,已包含 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`;`dry_run_status=contract_defined_not_executed`,尚未代表 AwoooP 已實際執行 dry-run或 production ingestion。 -AwoooP 初期處理方式:只顯示 dry-run 報告與各 step 狀態;不得轉成 production ingestion 或任何 runtime action。 +AwoooP 初期處理方式:只顯示 dry-run 報告與各 step 狀態;不得把 guard pass 當成 owner response 已收到,也不得轉成 production ingestion 或任何 runtime action。 ### `security_mirror_status_rollup_v1` @@ -858,11 +858,11 @@ Console 初期不提供高風險執行按鈕。 2026-05-13 mirror route 追加:已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 35 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue;route 只決定目的地、channel policy 與 review lane,不是 execution router。 -2026-05-13 mirror acceptance 追加:已新增 `docs/schemas/security_mirror_acceptance_v1.schema.json`、`docs/security/security-mirror-acceptance.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ACCEPTANCE.md`。AwoooP 可用 7 個 acceptance checks 驗收 mirror ingestion;blocking checks 只針對 contract count mismatch、缺 event envelope、route coverage 不完整或未脫敏 evidence,不得阻擋 runtime 流程。 +2026-05-13 mirror acceptance 追加,2026-05-18 已對齊 progress guard:已新增 `docs/schemas/security_mirror_acceptance_v1.schema.json`、`docs/security/security-mirror-acceptance.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ACCEPTANCE.md`。AwoooP 可用 8 個 acceptance checks 驗收 mirror ingestion;blocking checks 只針對 contract count mismatch、缺 event envelope、route coverage 不完整、未脫敏 evidence 或進度估算被誤當授權,不得阻擋 runtime 流程。 2026-05-13 mirror quarantine 追加:已新增 `docs/schemas/security_mirror_quarantine_v1.schema.json`、`docs/security/security-mirror-quarantine.snapshot.json` 與 `docs/security/SECURITY-MIRROR-QUARANTINE.md`。AwoooP 可用 5 個 quarantine lanes 隔離驗收失敗 payload,顯示 owner、recovery request 與 retry gate;不得自動重試、不得猜測缺漏 contract、不得阻擋 runtime 流程。 -2026-05-13 mirror dry-run 追加:已新增 `docs/schemas/security_mirror_dry_run_v1.schema.json`、`docs/security/security-mirror-dry-run.snapshot.json` 與 `docs/security/SECURITY-MIRROR-DRY-RUN.md`。AwoooP 未來可用 6 個 dry-run steps 回報接入演練結果;本 snapshot 狀態為 `contract_defined_not_executed`,不得視為 production ingestion 已啟用。 +2026-05-13 mirror dry-run 追加,2026-05-18 已對齊 progress guard 與 owner response guard:已新增 `docs/schemas/security_mirror_dry_run_v1.schema.json`、`docs/security/security-mirror-dry-run.snapshot.json` 與 `docs/security/SECURITY-MIRROR-DRY-RUN.md`。AwoooP 未來可用 8 個 dry-run steps 回報接入演練結果;本 snapshot 狀態為 `contract_defined_not_executed`,不得視為 production ingestion 已啟用。 2026-05-13 mirror status rollup 追加:已新增 `docs/schemas/security_mirror_status_rollup_v1.schema.json`、`docs/security/security-mirror-status-rollup.snapshot.json` 與 `docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md`。AwoooP 與 Security Supply Chain Session 可用同一份 rollup 同步 S0-S4、35 個 contracts、approval queue summary、review packet summary、state transition summary、follow-up runtime gate template summary、GitHub primary readiness summary、rollback ADR summary、workflow / secret name inventory summary 與下一個安全 gate;本契約不授權任何 runtime action。 diff --git a/docs/security/SECURITY-MIRROR-DRY-RUN.md b/docs/security/SECURITY-MIRROR-DRY-RUN.md index cdec42cba..b21f24225 100644 --- a/docs/security/SECURITY-MIRROR-DRY-RUN.md +++ b/docs/security/SECURITY-MIRROR-DRY-RUN.md @@ -24,6 +24,7 @@ | `CHECK_ROUTE_COVERAGE` | 確認 route groups 覆蓋所有 contracts | 不建立 fallback execution route | | `CHECK_ACCEPTANCE_AND_QUARANTINE` | 確認驗收與隔離只處理 mirror payload | 不阻擋 runtime | | `CHECK_PROGRESS_GUARD` | 確認 58% 進度估算只作狀態顯示 | 不把進度當 approval 或 runtime authorization | +| `CHECK_OWNER_RESPONSE_GUARD` | 確認四包 owner response 仍未收到 / 接受 | 不把 guard pass 當成 repo、refs、workflow、secret、runner、primary 或 runtime 授權 | | `CHECK_LOW_NOISE_CHANNEL` | 確認 Channel Event 低噪音 | 不對 LOW / MEDIUM 洗版 | | `CONFIRM_NO_RUNTIME_ACTION` | 確認 dry-run 沒有任何 runtime action | 不掃描、不 deploy、不 sync refs | @@ -31,9 +32,10 @@ ```text python3 scripts/security/security-mirror-progress-guard.py +python3 scripts/security/source-control-owner-response-guard.py ``` -此指令只讀 committed snapshots,確認 dry-run 仍維持 `runtime_actions_executed=false` 與 `payloads_ingested=false`。 +這兩個指令只讀 committed snapshots,確認 dry-run 仍維持 `runtime_actions_executed=false`、`payloads_ingested=false`,且 owner response received / accepted 仍為 0。 ## 1.1 最新本機只讀驗證 @@ -41,8 +43,8 @@ python3 scripts/security/security-mirror-progress-guard.py |------|------| | 日期 | 2026-05-18 | | 範圍 | `repo_snapshot_only` | -| 指令 | `python3 scripts/security/security-mirror-progress-guard.py` | -| 結果 | `SECURITY_MIRROR_PROGRESS_GUARD_OK` | +| 指令 | `python3 scripts/security/security-mirror-progress-guard.py && python3 scripts/security/source-control-owner-response-guard.py` | +| 結果 | `SECURITY_MIRROR_PROGRESS_GUARD_OK; SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK` | | dry-run 狀態 | `contract_defined_not_executed` | | production ingestion | `false` | | runtime actions | `false` | diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md index a27c4a629..f1940ca9c 100644 --- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md +++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md @@ -33,7 +33,7 @@ | Gitea inventory | S4.5 已補認證清冊匯出請求;S4.6 已補匯入驗收契約;S4.7 已補 owner coverage attestation;S4.8 已把既有 Gitea queue/gate/review packet/follow-up gate 對齊 attestation 先行;S4.9 已補 owner response 收件包;目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、owner response 0 筆、敏感 payload 必須隔離、允許收集 token value=false | | Workflow / secret name inventory | S4.1 已建立;S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidence;S4.3 補 7 個 repos、5 類 lanes 的 redacted export request;S4.12 補 5 個 owner response templates;0 個 inventory complete、禁止收集 secret value、禁止 write token | | Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,不代表 owner response 已收到或任何執行授權 | -| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion | +| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion | | Runtime actions | `false` | | Payload ingestion | `false` | diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index a11856fee..2f13dcda2 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -44,9 +44,9 @@ python3 scripts/security/security-mirror-progress-guard.py | S2.1 AwoooP mirror-only intake plan | 完成草案 | `security_mirror_intake_plan_v1` 已建立 5 個 intake waves 與 4 個 acceptance gates | AwoooP 主線照 wave mirror,不新增 execution router | | S2.2 AwoooP 鏡像事件信封 | 完成草案 | `security_mirror_event_v1` 已建立,要求每筆鏡像 payload 標示 `execution_authorized=false` 與 `action_buttons_allowed=false` | AwoooP 鏡像 payload 統一信封 | | S2.3 AwoooP 鏡像路由矩陣 | 完成草案 | `security_mirror_route_v1` 已建立 5 個 route groups,定義目的地、channel policy 與 review lane | AwoooP 消費時不猜路由、不新增執行入口 | -| S2.4 AwoooP 鏡像驗收契約 | 完成草案 | `security_mirror_acceptance_v1` 已建立 7 個 acceptance checks;blocking 只針對鏡像資料不完整或未脫敏 | AwoooP 接入時可驗收,不升級成 runtime enforcement | +| S2.4 AwoooP 鏡像驗收契約 | 完成草案 | `security_mirror_acceptance_v1` 已建立 8 個 acceptance checks;blocking 只針對鏡像資料不完整、未脫敏或進度估算被誤當授權 | AwoooP 接入時可驗收,不升級成 runtime enforcement | | S2.5 AwoooP 鏡像隔離契約 | 完成草案 | `security_mirror_quarantine_v1` 已建立 5 個 quarantine lanes;失敗 payload 必須等新 snapshot commit 後才能 retry | AwoooP 可隔離壞資料,不阻擋 runtime | -| S2.6 AwoooP 鏡像 dry-run 報告契約 | 完成草案 | `security_mirror_dry_run_v1` 已建立 7 個 dry-run steps,已納入 `CHECK_PROGRESS_GUARD`;latest local validation 為 `repo_snapshot_guard_pass`;目前狀態仍為 contract defined not executed | AwoooP 未來可回報演練結果,但不啟動 production ingestion | +| S2.6 AwoooP 鏡像 dry-run 報告契約 | 完成草案 | `security_mirror_dry_run_v1` 已建立 8 個 dry-run steps,已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`;latest local validation 為 `repo_snapshot_guard_pass`;目前狀態仍為 contract defined not executed | AwoooP 未來可回報演練結果,但不啟動 production ingestion | | S2.7 AwoooP 鏡像狀態彙整契約 | 完成草案 | `security_mirror_status_rollup_v1` 已建立,彙整 S0-S4、approval queue summary 與下一個安全 gate;S4.13 已補 owner response validation rollup | 兩個 Session 用同一份 rollup 同步,不誤啟執行面 | | S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate | | S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item | diff --git a/docs/security/security-mirror-dry-run.snapshot.json b/docs/security/security-mirror-dry-run.snapshot.json index 6f156b23e..5b8a22066 100644 --- a/docs/security/security-mirror-dry-run.snapshot.json +++ b/docs/security/security-mirror-dry-run.snapshot.json @@ -12,7 +12,8 @@ "docs/security/security-mirror-route.snapshot.json", "docs/security/security-mirror-acceptance.snapshot.json", "docs/security/security-mirror-quarantine.snapshot.json", - "docs/security/security-mirror-status-rollup.snapshot.json" + "docs/security/security-mirror-status-rollup.snapshot.json", + "docs/security/source-control-owner-response-validation-rollup.snapshot.json" ], "summary": { "total_contracts": 35, @@ -71,7 +72,7 @@ }, { "step_id": "CHECK_ACCEPTANCE_AND_QUARANTINE", - "expected_observation": "7 個 acceptance checks 與 5 個 quarantine lanes 都可顯示,且失敗 payload 只隔離不執行。", + "expected_observation": "8 個 acceptance checks 與 5 個 quarantine lanes 都可顯示,且失敗 payload 只隔離不執行。", "evidence_refs": [ "docs/security/security-mirror-acceptance.snapshot.json", "docs/security/security-mirror-quarantine.snapshot.json" @@ -104,6 +105,26 @@ "switch_github_primary" ] }, + { + "step_id": "CHECK_OWNER_RESPONSE_GUARD", + "expected_observation": "AwoooP dry-run 必須確認 S4.9 / S4.10 / S4.11 / S4.12 四包 owner response 仍為 waiting_owner_response,received / accepted 皆為 0,且不能解鎖 repo、refs、workflow、secret、runner、GitHub primary 或 runtime action。", + "evidence_refs": [ + "docs/security/source-control-owner-response-validation-rollup.snapshot.json", + "docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md", + "scripts/security/source-control-owner-response-guard.py" + ], + "pass_condition": "`python3 scripts/security/source-control-owner-response-guard.py` 回傳 SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK,且 received_response_count=0、accepted_response_count=0。", + "execution_allowed": false, + "blocked_actions": [ + "treat_owner_guard_as_response_received", + "create_github_repo", + "change_repo_visibility", + "sync_git_refs", + "modify_workflow_or_secret", + "enable_runner", + "switch_github_primary" + ] + }, { "step_id": "CHECK_LOW_NOISE_CHANNEL", "expected_observation": "Channel Event 初期只發低噪音摘要或人工批准必要事件。", @@ -143,12 +164,13 @@ "status": "repo_snapshot_guard_pass", "date": "2026-05-18", "scope": "repo_snapshot_only", - "command": "python3 scripts/security/security-mirror-progress-guard.py", - "result": "SECURITY_MIRROR_PROGRESS_GUARD_OK", + "command": "python3 scripts/security/security-mirror-progress-guard.py && python3 scripts/security/source-control-owner-response-guard.py", + "result": "SECURITY_MIRROR_PROGRESS_GUARD_OK; SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK", "validated_steps": [ "LOAD_CONTRACT_INDEXES", "CHECK_ACCEPTANCE_AND_QUARANTINE", "CHECK_PROGRESS_GUARD", + "CHECK_OWNER_RESPONSE_GUARD", "CONFIRM_NO_RUNTIME_ACTION" ], "runtime_actions_executed": false, diff --git a/docs/security/security-mirror-intake-plan.snapshot.json b/docs/security/security-mirror-intake-plan.snapshot.json index 557d0fb52..db5c58991 100644 --- a/docs/security/security-mirror-intake-plan.snapshot.json +++ b/docs/security/security-mirror-intake-plan.snapshot.json @@ -59,7 +59,7 @@ "execution_router", "blocking_gate" ], - "exit_gate": "Operator Console 能顯示 35 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps、status rollup、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且 mirror event envelope action_buttons_allowed=false。" + "exit_gate": "Operator Console 能顯示 35 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且 mirror event envelope action_buttons_allowed=false。" }, { "wave_id": "M1_kali_visibility", diff --git a/docs/security/security-mirror-route.snapshot.json b/docs/security/security-mirror-route.snapshot.json index 07f710ce9..6b379c4f9 100644 --- a/docs/security/security-mirror-route.snapshot.json +++ b/docs/security/security-mirror-route.snapshot.json @@ -57,7 +57,7 @@ "runtime blocking", "自動批准任何 queue item" ], - "exit_gate": "AwoooP 可顯示 35 個 contract、5 個 route groups、7 個 acceptance checks、5 個 quarantine lanes、6 個 dry-run steps、status rollup、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且所有 route 都維持 runtime_execution_authorized=false。" + "exit_gate": "AwoooP 可顯示 35 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且所有 route 都維持 runtime_execution_authorized=false。" }, { "wave_id": "M1_kali_visibility", diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index 07a2965c0..6d4c78662 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -124,12 +124,22 @@ def validate(root: Path) -> None: assert_false("dry_run.runtime_actions_executed", dry_run_summary["runtime_actions_executed"]) assert_false("dry_run.payloads_ingested", dry_run_summary["payloads_ingested"]) assert_contains("dry_run_steps", dry_run_step_ids, "CHECK_PROGRESS_GUARD") + assert_contains("dry_run_steps", dry_run_step_ids, "CHECK_OWNER_RESPONSE_GUARD") local_validation = dry_run["latest_local_validation"] assert_equal("dry_run.latest_local_validation.status", local_validation["status"], "repo_snapshot_guard_pass") assert_equal("dry_run.latest_local_validation.scope", local_validation["scope"], "repo_snapshot_only") - assert_equal("dry_run.latest_local_validation.result", local_validation["result"], "SECURITY_MIRROR_PROGRESS_GUARD_OK") + assert_equal( + "dry_run.latest_local_validation.result", + local_validation["result"], + "SECURITY_MIRROR_PROGRESS_GUARD_OK; SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK", + ) assert_contains("dry_run.latest_local_validation.validated_steps", local_validation["validated_steps"], "CHECK_PROGRESS_GUARD") + assert_contains( + "dry_run.latest_local_validation.validated_steps", + local_validation["validated_steps"], + "CHECK_OWNER_RESPONSE_GUARD", + ) assert_false("dry_run.latest_local_validation.runtime_actions_executed", local_validation["runtime_actions_executed"]) assert_false("dry_run.latest_local_validation.payloads_ingested", local_validation["payloads_ingested"]) assert_false("dry_run.latest_local_validation.production_ingestion_enabled", local_validation["production_ingestion_enabled"])