{ "schema_version": "ai_agent_tool_adoption_approval_package_v1", "generated_at": "2026-06-11T23:35:00+08:00", "program_status": { "overall_completion_percent": 55, "current_priority": "P2", "current_task_id": "P2-402C", "next_task_id": "P2-402D", "read_only_mode": true, "runtime_authority": "approval_package_only_no_tool_install_or_ci_change", "status_note": "P2-402C 建立 Renovate / OSV-Scanner / Trivy / Syft / Grype 工具採用批准包;本波只保留官方來源與採用門檻,不安裝工具、不改 CI、不下載漏洞 DB、不建立 PR、不發 Telegram。" }, "source_evidence": [ { "source_id": "renovate_gitea_platform_docs", "tool_id": "renovate_gitea", "name": "Renovate Gitea platform docs", "url": "https://docs.renovatebot.com/modules/platform/gitea/", "retrieved_at": "2026-06-11T23:35:00+08:00", "evidence_type": "official_documentation", "usage_boundary": "只用於確認 Renovate 支援 Gitea 與 autodiscover / PR 權限需求;本波不啟用 bot、不寫 workflow、不建立 PR。" }, { "source_id": "osv_scanner_usage_docs", "tool_id": "osv_scanner", "name": "OSV-Scanner usage docs", "url": "https://google.github.io/osv-scanner/usage/", "retrieved_at": "2026-06-11T23:35:00+08:00", "evidence_type": "official_documentation", "usage_boundary": "只用於確認 OSV-Scanner V2 使用面;本波不下載漏洞資料、不掃描專案、不呼叫外部查詢。" }, { "source_id": "trivy_docs", "tool_id": "trivy", "name": "Trivy official docs", "url": "https://trivy.dev/", "retrieved_at": "2026-06-11T23:35:00+08:00", "evidence_type": "official_documentation", "usage_boundary": "只用於確認 Trivy 可作為漏洞 / IaC / SBOM / Kubernetes 類掃描候選;本波不安裝、不掃描、不下載 vulnerability DB。" }, { "source_id": "anchore_syft_docs", "tool_id": "syft", "name": "Anchore Syft open source docs", "url": "https://anchore.com/opensource/", "retrieved_at": "2026-06-11T23:35:00+08:00", "evidence_type": "official_documentation", "usage_boundary": "只用於確認 Syft 是 SBOM 產生候選;本波不安裝、不產 SBOM、不寫 artifact。" }, { "source_id": "anchore_grype_docs", "tool_id": "grype", "name": "Anchore Grype open source docs", "url": "https://anchore.com/opensource/", "retrieved_at": "2026-06-11T23:35:00+08:00", "evidence_type": "official_documentation", "usage_boundary": "只用於確認 Grype 是 container / filesystem vulnerability scanner 候選;本波不安裝、不掃描、不下載資料庫。" } ], "agent_review_matrix": [ { "agent_id": "hermes", "role": "彙整官方來源、repo-only freshness source、CI 變更點與 evidence refs。", "allowed_now": [ "讀 committed snapshot", "整理工具採用批准欄位", "產出比較表與 next gate" ], "blocked_until_approval": [ "安裝工具", "寫 workflow", "下載漏洞資料庫", "建立 Renovate PR" ], "output": "tool adoption evidence packet" }, { "agent_id": "openclaw", "role": "仲裁工具採用風險、secret / 費用 / CI / false-positive / blast-radius 邊界。", "allowed_now": [ "審核採用門檻", "要求 HITL approval", "定義 rollback 與 failure-only notification 條件" ], "blocked_until_approval": [ "批准自己的工具啟用", "改 CI runner", "改 Alertmanager 或 Telegram route", "auto merge" ], "output": "HITL approval package verdict" }, { "agent_id": "nemotron", "role": "離線比較掃描器輸出如何影響 AI Agent / model / prompt / tool-call replay 評分。", "allowed_now": [ "建立離線 replay 欄位", "標記 scanner assumption risk", "建議多工具交叉驗證策略" ], "blocked_until_approval": [ "新增 SDK", "呼叫付費模型", "shadow/canary", "production provider route" ], "output": "offline scanner-assumption review note" } ], "adoption_lanes": [ { "lane_id": "dependency_update_pr_lane", "display_name": "Dependency update PR lane", "owner_agent": "hermes", "tool_ids": [ "renovate_gitea" ], "approval_gate": "gitea_bot_token_branch_policy_and_ci_workflow_approval", "planned_output": "Renovate config / grouping / automerge=false / reviewer policy approval package", "blocked_now": [ "建立 bot token", "寫 renovate config", "啟用 autodiscover", "建立 PR", "auto merge" ] }, { "lane_id": "vulnerability_lookup_lane", "display_name": "Vulnerability lookup lane", "owner_agent": "openclaw", "tool_ids": [ "osv_scanner", "trivy", "grype" ], "approval_gate": "external_source_cache_rate_limit_and_false_positive_policy_approval", "planned_output": "CVE / OSV / advisory lookup approval package with cache and suppression policy", "blocked_now": [ "下載 vulnerability DB", "查外部 advisory", "掃描 image / filesystem", "把 scanner output 當唯一事實" ] }, { "lane_id": "sbom_generation_lane", "display_name": "SBOM generation lane", "owner_agent": "hermes", "tool_ids": [ "syft", "trivy" ], "approval_gate": "artifact_retention_and_sbom_schema_approval", "planned_output": "SPDX / CycloneDX / JSON artifact policy and storage path approval package", "blocked_now": [ "安裝 Syft", "產生 SBOM artifact", "上傳 artifact", "保存 package payload 超出批准範圍" ] }, { "lane_id": "container_crosscheck_lane", "display_name": "Container scanner cross-check lane", "owner_agent": "openclaw", "tool_ids": [ "trivy", "syft", "grype" ], "approval_gate": "container_scan_runbook_and_dedup_policy_approval", "planned_output": "Trivy vs Syft+Grype cross-check runbook and false-positive review policy", "blocked_now": [ "docker build", "image pull", "registry push", "改 Harbor / ArgoCD / production route" ] } ], "tool_candidates": [ { "tool_id": "renovate_gitea", "display_name": "Renovate for Gitea", "category": "dependency_update_pr", "owner_agent": "hermes", "adoption_status": "approval_required", "risk_tier": "high", "cost_profile": "open_source_self_hosted_candidate; runner usage and maintenance cost require approval", "secret_requirement": "Gitea bot token / repo permission required after approval; no token is created or read in this package.", "external_data_requirement": "Package registry metadata required after approval; currently blocked.", "ci_change_required": true, "official_source_refs": [ "renovate_gitea_platform_docs" ], "intended_scope": [ "dependency update PR draft", "grouping", "automerge=false", "reviewer assignment" ], "approval_requirements": [ "Gitea bot identity and token storage plan", "branch naming and PR grouping policy", "automerge=false hard gate", "rate limit and schedule policy", "rollback plan for bad PR storm" ], "blocked_until_approval": [ "renovate config write", "workflow schedule activation", "bot token creation", "PR creation", "auto merge" ], "recommendation": "Adopt only after P2-402E Gitea PR lane and branch policy approval; do not enable during P2-402C.", "rollback_plan": "Disable workflow / bot token, close 產生於 PRs, revert Renovate config commit; no production route change allowed." }, { "tool_id": "osv_scanner", "display_name": "OSV-Scanner", "category": "vulnerability_lookup", "owner_agent": "openclaw", "adoption_status": "approval_required", "risk_tier": "medium", "cost_profile": "free_public_candidate; network and rate-limit policy still require approval", "secret_requirement": "No project secret required for public lookup candidate; cache policy required.", "external_data_requirement": "OSV vulnerability database lookup required after approval; currently blocked.", "ci_change_required": true, "official_source_refs": [ "osv_scanner_usage_docs" ], "intended_scope": [ "dependency vulnerability lookup", "lockfile / manifest advisory matching", "approval package evidence" ], "approval_requirements": [ "network egress and cache TTL policy", "false-positive suppression process", "severity mapping to dependency_risk_policy_v1", "failure-only notification policy", "artifact retention boundary" ], "blocked_until_approval": [ "external advisory lookup", "vulnerability DB query", "CI workflow write", "package upgrade" ], "recommendation": "Adopt as first vulnerability lookup candidate after cache/rate-limit approval; keep output advisory-only until OpenClaw review.", "rollback_plan": "Remove workflow step and cached advisory artifacts; keep prior repo-only freshness snapshot as fallback." }, { "tool_id": "trivy", "display_name": "Trivy", "category": "container_iac_vulnerability_scan", "owner_agent": "openclaw", "adoption_status": "approval_required", "risk_tier": "high", "cost_profile": "open_source_candidate; DB download, cache, runner time and false-positive review cost require approval", "secret_requirement": "No plaintext secret allowed; registry credentials only after dedicated secret policy approval.", "external_data_requirement": "Vulnerability DB and optional registry/image metadata required after approval; currently blocked.", "ci_change_required": true, "official_source_refs": [ "trivy_docs" ], "intended_scope": [ "container image vulnerability scan", "filesystem scan", "IaC / Kubernetes config scan", "SBOM or misconfiguration signal" ], "approval_requirements": [ "runner cache and DB update policy", "image pull/build boundary", "registry credential handling", "false-positive triage and suppression owner", "cross-check with Syft / Grype before action-required escalation" ], "blocked_until_approval": [ "trivy install", "vulnerability DB download", "filesystem scan", "image scan", "Kubernetes live scan", "CI workflow write" ], "recommendation": "Adopt after OSV baseline and SBOM artifact policy; use as primary container/IaC scanner only with OpenClaw gating.", "rollback_plan": "Disable scan job, remove scanner cache, keep prior Dockerfile surface inventory; do not change images or deployments." }, { "tool_id": "syft", "display_name": "Syft", "category": "sbom_generation", "owner_agent": "hermes", "adoption_status": "approval_required", "risk_tier": "medium", "cost_profile": "open_source_candidate; runner time and artifact storage require approval", "secret_requirement": "No secret required for repo filesystem SBOM; registry credentials blocked until approved.", "external_data_requirement": "No external vulnerability DB needed for local SBOM generation; package cataloging scope still requires approval.", "ci_change_required": true, "official_source_refs": [ "anchore_syft_docs" ], "intended_scope": [ "SBOM generation from filesystem", "container image SBOM after image policy approval", "SPDX / CycloneDX / JSON artifact candidate" ], "approval_requirements": [ "SBOM schema and artifact retention decision", "redaction and private package payload policy", "artifact storage path", "consumer policy for Grype / external scanners" ], "blocked_until_approval": [ "syft install", "SBOM artifact write", "image cataloging", "artifact upload" ], "recommendation": "Adopt as SBOM source of truth candidate before broad scanner rollout; never treat SBOM as remediation approval.", "rollback_plan": "Delete 產生於 artifacts by retention policy and disable SBOM step; no package or image mutation." }, { "tool_id": "grype", "display_name": "Grype", "category": "vulnerability_scan_from_sbom_or_image", "owner_agent": "openclaw", "adoption_status": "approval_required", "risk_tier": "medium", "cost_profile": "open_source_candidate; DB download, cache, runner time and triage cost require approval", "secret_requirement": "No plaintext secret allowed; registry credentials blocked until image scan policy approval.", "external_data_requirement": "Vulnerability DB required after approval; currently blocked.", "ci_change_required": true, "official_source_refs": [ "anchore_grype_docs" ], "intended_scope": [ "scan Syft SBOM", "scan image/filesystem after approval", "cross-check Trivy vulnerability signal" ], "approval_requirements": [ "Syft SBOM input policy", "vulnerability DB cache policy", "severity and fix-available mapping", "false-positive and duplicate handling", "OpenClaw review before action-required Telegram digest" ], "blocked_until_approval": [ "grype install", "vulnerability DB download", "image/filesystem scan", "CI workflow write", "Telegram digest send" ], "recommendation": "Adopt as cross-check scanner paired with Syft and Trivy; use disagreement as review signal, not automatic blocker.", "rollback_plan": "Disable Grype step and remove DB cache; preserve Syft SBOM artifact policy separately." } ], "approval_packet_fields": [ { "field_id": "operator_approval_id", "required": true, "owner_agent": "openclaw", "description": "人工批准 ID;未填不得安裝工具、改 CI 或查外部。" }, { "field_id": "secret_storage_plan", "required": true, "owner_agent": "openclaw", "description": "Gitea bot token / registry credentials / cache token 的存放與注入規則;不得記錄明文。" }, { "field_id": "ci_runner_cost_and_cache_plan", "required": true, "owner_agent": "hermes", "description": "runner 時間、cache 目錄、DB 更新頻率、artifact retention 與清理策略。" }, { "field_id": "false_positive_triage_policy", "required": true, "owner_agent": "openclaw", "description": "掃描器差異、誤報、suppression、severity mapping 與 owner response 流程。" }, { "field_id": "telegram_digest_gate", "required": true, "owner_agent": "openclaw", "description": "P2-402D 才能啟用 action-required digest;成功掃描不得洗版。" }, { "field_id": "rollback_and_disable_plan", "required": true, "owner_agent": "hermes", "description": "出現 PR storm、DB download failure、runner overload 或大量 false-positive 時的停用流程。" } ], "approval_boundaries": { "tool_install_allowed": false, "ci_workflow_change_allowed": false, "external_registry_lookup_allowed": false, "vulnerability_database_download_allowed": false, "package_upgrade_allowed": false, "lockfile_write_allowed": false, "docker_build_allowed": false, "image_pull_allowed": false, "gitea_pr_creation_allowed": false, "auto_merge_allowed": false, "telegram_direct_send_allowed": false, "paid_service_enabled": false, "production_route_change_allowed": false, "secret_plaintext_allowed": false }, "rollups": { "tool_count": 5, "source_evidence_count": 5, "adoption_lane_count": 4, "approval_required_tool_ids": [ "renovate_gitea", "osv_scanner", "trivy", "syft", "grype" ], "ci_change_required_tool_ids": [ "renovate_gitea", "osv_scanner", "trivy", "syft", "grype" ], "secret_required_tool_ids": [ "renovate_gitea", "trivy", "syft", "grype" ], "external_data_required_tool_ids": [ "renovate_gitea", "osv_scanner", "trivy", "grype" ], "sbom_tool_ids": [ "syft", "trivy" ], "vulnerability_scan_tool_ids": [ "osv_scanner", "trivy", "grype" ], "update_pr_tool_ids": [ "renovate_gitea" ], "tool_install_allowed_count": 0, "ci_change_allowed_count": 0, "auto_merge_allowed_count": 0, "telegram_direct_send_count": 0, "next_approval_task_ids": [ "P2-402D", "P2-402E", "P2-402F", "P2-402G" ] } }