From f704607793ea065e7a952654007090d47d414766 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 24 Jun 2026 14:34:10 +0800 Subject: [PATCH] docs(ops): add blocked product response acceptance ledger [skip ci] --- docs/LOGBOOK.md | 21 ++ ...TS-OWNER-RESPONSE-ACCEPTANCE-2026-06-24.md | 78 ++++++++ ...ts-owner-response-acceptance.snapshot.json | 189 ++++++++++++++++++ 3 files changed, 288 insertions(+) create mode 100644 docs/operations/CODEX-GITEA-BLOCKED-PRODUCTS-OWNER-RESPONSE-ACCEPTANCE-2026-06-24.md create mode 100644 docs/operations/codex-gitea-blocked-products-owner-response-acceptance.snapshot.json diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index d08f2c36..14a2eaf8 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,24 @@ +## 2026-06-24|Blocked products owner response acceptance ledger + +**背景**:blocked product decision packages `8/8`、owner response templates `8/8` 與 Mac Mini / MacBook Pro Start Here sync readback 已完成,但 owner response received / accepted 仍是 `0/8`。本輪補上「收到回覆後如何驗收」的 acceptance ledger,避免一般「批准繼續」被誤判成 source-control 或 runtime 授權。 + +**新增文件**: +- `docs/operations/codex-gitea-blocked-products-owner-response-acceptance.snapshot.json` +- `docs/operations/CODEX-GITEA-BLOCKED-PRODUCTS-OWNER-RESPONSE-ACCEPTANCE-2026-06-24.md` + +**固定口徑**: +- blocked products:`8` +- acceptance candidates:`8` +- required owner response fields:`14` +- acceptance checks:`16` +- rejection guards:`15` +- default blockers:`21` +- owner response received / accepted / rejected:`0 / 0 / 0` +- review branch ready / remote dev ready / remote dev created:`0 / 0 / 0` +- product repo write / runtime write / secret collection:`0` + +**邊界**:這是只讀 acceptance ledger,不是 owner response、review branch、remote `dev` branch、Gitea repo write、runtime write、secret collection、raw `.git` sync 或 raw conversation sync。 + ## 2026-06-24|Codex Start Here / Dashboard blocked-products sync readback **背景**:blocked product decision packages `8/8` 與 owner response templates `8/8` 已推上 Gitea 後,更新兩台 Codex 共用開工入口,避免新視窗讀到舊的 registry / artifact sync 狀態。 diff --git a/docs/operations/CODEX-GITEA-BLOCKED-PRODUCTS-OWNER-RESPONSE-ACCEPTANCE-2026-06-24.md b/docs/operations/CODEX-GITEA-BLOCKED-PRODUCTS-OWNER-RESPONSE-ACCEPTANCE-2026-06-24.md new file mode 100644 index 00000000..432641ed --- /dev/null +++ b/docs/operations/CODEX-GITEA-BLOCKED-PRODUCTS-OWNER-RESPONSE-ACCEPTANCE-2026-06-24.md @@ -0,0 +1,78 @@ +# Codex Gitea Blocked Products Owner Response Acceptance + +- generated_at: `2026-06-24T14:44:00+08:00` +- blocked_products: `8` +- owner_response_received: `0 / 8` +- owner_response_accepted: `0 / 8` +- review_branch_ready: `0 / 8` +- remote_dev_branch_ready: `0 / 8` +- runtime_write_authorized: `0` + +## 目的 + +這份文件把 blocked products 的 owner response 驗收規則固定下來。前一階段已完成 `8/8` owner decision packages 與 `8/8` owner response templates;本階段只建立「收到回覆後怎麼驗收」的 ledger,不代表已收到或接受任何產品回覆。 + +## 必填欄位 + +每個產品都必須有完整、具體、無 secret 的 owner response,至少包含: + +- `owner_role_or_team` +- `decision` +- `decision_reason` +- `accepted_baseline_source` +- `include_groups` +- `exclude_groups` +- `quarantined_paths_ack` +- `env_secret_policy_ack` +- `generated_artifact_policy_ack` +- `review_branch_allowed` +- `remote_dev_branch_allowed` +- `runtime_write_allowed` +- `followup_owner` +- `evidence_refs` + +## 驗收檢查 + +回覆必須同時通過: + +- owner / team、decision、reason、baseline source 皆明確。 +- include / exclude 不能只寫「全部」或「照你判斷」,必須對到 path group / artifact class。 +- `runtime_write_allowed` 必須是 `false`,因為這條流程只允許 source-control readiness,不允許部署、restart、DB、host、K8s 或 runtime write。 +- `remote_dev_branch_allowed` 必須逐產品明確,不能由一般「批准繼續」推論。 +- evidence refs 必須是 redacted refs,不得包含 secret value、hash、partial token、`.env` 內容或 raw conversation。 + +## 拒收規則 + +以下任何一項出現,就不得標 accepted: + +- 只有一般批准語句,沒有產品級決策。 +- 要求同步 raw `.git`、raw Codex / ChatGPT history、`.env`、runtime volume、secret value。 +- 要求直接建立 remote `dev`,但沒有逐產品 include / exclude。 +- 要求 runtime write、部署、restart、firewall、Nginx、K8s、DB 或主機操作。 +- generated outputs、logs、backup archives 沒有明確 sanitized artifact policy。 +- Bitan / Tsenyang / VTuber 這類 internal or missing repo 沒有 owner export / repo identity 決策。 + +## 產品狀態 + +| Product | 狀態 | 主要 blocker | +|---------|------|--------------| +| `clawbot-openclaw` | `waiting_owner_response` | two-file drift not accepted | +| `tsenyang-website` | `waiting_owner_response` | presentation output policy missing | +| `agent-bounty-protocol` | `waiting_owner_response` | A2A / treasury scope and backup archive policy missing | +| `2026fifa` | `waiting_owner_response` | narrow scanner not completed | +| `vibework` | `waiting_owner_response` | release scope not split or accepted | +| `stockplatform-v2` | `waiting_owner_response` | tmp/generated/source candidate policy missing | +| `bitan-pharmacy` | `waiting_owner_response` | internal inventory and content evidence policy missing | +| `vtuber` | `waiting_owner_response` | repository identity and remote repo unresolved | + +## 下一步 + +只有當某一產品收到完整、遮罩、可驗證來源的 owner response,且通過本 ledger 的所有 acceptance checks,才可以進入該產品的 review branch / remote `dev` final confirmation。到那之前,8 個 blocked products 全部維持 blocked。 + +## 邊界 + +- 沒有讀、收、保存 secret value / token / private key / env content。 +- 沒有同步 raw `.git`、runtime volume 或 raw conversation。 +- 沒有修改任何產品 repo。 +- 沒有建立 review branch、remote `dev` branch 或 Gitea repo。 +- 沒有部署、restart、reload、DB / K8s / host / firewall / Nginx runtime write。 diff --git a/docs/operations/codex-gitea-blocked-products-owner-response-acceptance.snapshot.json b/docs/operations/codex-gitea-blocked-products-owner-response-acceptance.snapshot.json new file mode 100644 index 00000000..3137a5e0 --- /dev/null +++ b/docs/operations/codex-gitea-blocked-products-owner-response-acceptance.snapshot.json @@ -0,0 +1,189 @@ +{ + "schema_version": "codex_gitea_blocked_products_owner_response_acceptance_v1", + "generated_at": "2026-06-24T14:44:00+08:00", + "scope": "Acceptance ledger for blocked product owner responses before any remote dev branch or product repo write", + "summary": { + "blocked_product_count": 8, + "acceptance_candidate_count": 8, + "required_owner_response_field_count": 14, + "acceptance_check_count": 16, + "rejection_guard_count": 15, + "default_blocker_count": 21, + "owner_response_received_count": 0, + "owner_response_accepted_count": 0, + "owner_response_rejected_count": 0, + "review_branch_ready_count": 0, + "remote_dev_branch_ready_count": 0, + "remote_dev_branch_created_count": 0, + "product_repo_write_authorized_count": 0, + "product_repo_write_performed_count": 0, + "runtime_write_authorized_count": 0, + "runtime_write_performed_count": 0, + "secret_values_collected_count": 0, + "env_file_content_read_count": 0, + "raw_git_sync_allowed": false, + "raw_conversation_sync_allowed": false + }, + "required_owner_response_fields": [ + "owner_role_or_team", + "decision", + "decision_reason", + "accepted_baseline_source", + "include_groups", + "exclude_groups", + "quarantined_paths_ack", + "env_secret_policy_ack", + "generated_artifact_policy_ack", + "review_branch_allowed", + "remote_dev_branch_allowed", + "runtime_write_allowed", + "followup_owner", + "evidence_refs" + ], + "acceptance_checks": [ + "owner_role_or_team_is_present", + "decision_is_product_specific", + "decision_reason_is_present", + "baseline_source_is_explicit", + "include_groups_are_specific", + "exclude_groups_are_specific", + "quarantined_paths_ack_is_true", + "env_secret_policy_ack_is_true", + "generated_artifact_policy_ack_is_true", + "review_branch_allowed_is_explicit", + "remote_dev_branch_allowed_is_explicit", + "runtime_write_allowed_is_false", + "evidence_refs_are_redacted", + "followup_owner_is_present", + "no_secret_value_or_partial_secret_present", + "no_raw_conversation_or_raw_git_sync_requested" + ], + "rejection_guards": [ + "generic_approval_phrase_only", + "missing_owner_role_or_team", + "missing_decision_reason", + "missing_baseline_source", + "ambiguous_include_or_exclude_groups", + "requests_secret_value_or_env_content", + "requests_raw_git_directory_sync", + "requests_raw_codex_or_chatgpt_history_sync", + "requests_runtime_volume_sync", + "requests_runtime_write", + "requests_product_repo_write_without_review_branch", + "requests_remote_dev_branch_without_explicit_product_decision", + "includes_generated_outputs_without_sanitized_policy", + "includes_logs_or_backup_archives_without_policy", + "missing_redacted_evidence_refs" + ], + "products": [ + { + "product_id": "clawbot-openclaw", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/CLAWBOT-OPENCLAW-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-1 ClawBot / OpenClaw", + "default_blockers": [ + "owner_response_missing", + "two_file_drift_not_accepted" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "tsenyang-website", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/TSENYANG-WEBSITE-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-2 Tsenyang Website", + "default_blockers": [ + "owner_response_missing", + "presentation_output_policy_missing" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "agent-bounty-protocol", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/AGENT-BOUNTY-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-3 Agent Bounty", + "default_blockers": [ + "owner_response_missing", + "a2a_treasury_scope_not_accepted", + "backup_archive_policy_missing" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "2026fifa", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/2026FIFA-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-4 2026FIFA", + "default_blockers": [ + "owner_response_missing", + "narrow_scanner_not_completed" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "vibework", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/VIBEWORK-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-5 VibeWork", + "default_blockers": [ + "owner_response_missing", + "release_scope_not_split_or_accepted", + "diff_check_debt_unresolved" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "stockplatform-v2", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/STOCKPLATFORM-V2-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-6 StockPlatform v2", + "default_blockers": [ + "owner_response_missing", + "tmp_generated_outputs_not_excluded", + "source_candidate_policy_missing" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "bitan-pharmacy", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/BITAN-PHARMACY-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-7 Bitan Pharmacy", + "default_blockers": [ + "owner_response_missing", + "internal_inventory_missing", + "public_content_cleanliness_evidence_policy_missing" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + }, + { + "product_id": "vtuber", + "acceptance_status": "waiting_owner_response", + "decision_package": "docs/operations/VTUBER-DEV-BASELINE-OWNER-DECISION-2026-06-24.md", + "response_template_section": "P1-8 VTuber", + "default_blockers": [ + "owner_response_missing", + "repository_identity_unresolved", + "remote_repo_missing" + ], + "review_branch_ready": false, + "remote_dev_branch_ready": false + } + ], + "hard_gates": [ + "Owner response accepted count remains 0 until product-specific responses pass all acceptance checks.", + "A generic approval phrase cannot create review branches, remote dev branches, or product repo writes.", + "remote_dev_branch_allowed=true is product-specific and does not imply runtime write.", + "runtime_write_allowed must remain false in this owner response flow.", + "Secrets, env contents, raw git directories, raw conversations, runtime volumes, generated outputs, logs, and backup archives remain excluded unless a sanitized product-specific policy accepts them." + ], + "recommended_next_step": "Process the smallest low-blast-radius product first only after a complete owner response arrives; otherwise keep all eight products in waiting_owner_response." +}