# agent-bounty-protocol Owner Request Draft | 項目 | 內容 | |------|------| | 日期 | 2026-06-14 | | 狀態 | `owner_request_draft_ready_not_dispatched` | | 工具 | `scripts/security/agent-bounty-owner-request-draft.py` | | Snapshot | `docs/security/agent-bounty-owner-request-draft.snapshot.json` | | Source handoff | `docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json` | | runtime gate | `0` | ## 1. 目的 本文件把 `agent-bounty-protocol` onboarding handoff 轉成人工送件前 owner request draft,讓 repo / refs、deployment、產品路由、MCP / A2A、cron / daemon、admin / treasury、webhook / traffic、資料分級與外部 agent 自主行為都能用同一套 owner 欄位收件。 本階段仍是 metadata-only request draft:不讀 `agent-bounty-protocol` `.env`、不改該 repo、不 push refs、不建立 GitHub repo、不改 workflow、不部署、不 restart compose、不跑 DB migration、不啟動 cron / daemon、不 claim、不 submit、不送外部 agent 訊息、不送 Telegram / Discord、不發 GitHub comment、不 payout、不 withdraw、不 staking、不改 webhook secret、不掃描、不寫 production。 ## 2. 摘要 | 指標 | 目前值 | 說明 | |------|--------|------| | request draft | `11` | 4 份 control boundary + 7 份 product surface | | control boundary request | `4` | repo / refs、deployment、data classification、external agent / treasury | | product surface request | `7` | public task、well-known metadata、MCP、A2A、cron、admin / treasury、webhook / traffic | | write-capable request draft | `8` | 可能觸發 deploy、claim / submit、cron、webhook、admin 或 treasury 風險的 scope | | treasury-related request draft | `4` | settlement、staking、withdrawal、payout 或 treasury 相鄰 scope | | MCP / A2A related request draft | `5` | MCP tool、A2A protocol、cron / daemon 或 agent autonomy scope | | live evidence required request | `11` | 每份 request 都需要 owner 提供脫敏 evidence ref | | request field | `26` | 每份草稿固定欄位數 | | required owner field | `22` | owner 必須補齊的欄位數 | | owner role field | `13` | 來源 handoff 已定義的 owner 角色欄位 | | forbidden input | `25` | 驗收前拒收或隔離的輸入 | | blocked action | `28` | 驗收前全部禁止 | | request sent / recipient confirmed | `0 / 0` | 尚未送件,收件人也未確認 | | owner response received / accepted | `0 / 0` | 不得假性拉高 | | runtime gate / action button | `0 / 0` | 不開任何執行入口 | ## 3. Request Draft 類型 | 類型 | 範圍 | 目前邊界 | |------|------|----------| | Repo / refs / workflow | canonical repo、dirty workspace disposition、workflow / runner / secret name owner | 不 push、不 sync refs、不建立 repo、不改 workflow | | Production / compose / domain | `https://agent.wooo.work`、compose host、domain / TLS、health smoke | 不 deploy、不 restart、不 migration | | Data classification | task、agent、MCP / A2A、webhook、traffic、treasury、admin、cron 資料分級 | 只收 metadata,不收 raw payload 或 secret | | MCP / A2A / treasury | MCP tool、A2A negotiation、settlement、staking、withdrawal、payout、notification owner | 不 claim、不 submit、不 daemon、不 send、不 payout | | Public task surface | marketplace、task、leaderboard、traffic、ICO 類公開面 | 不代表 bounty payout 或 external claim / submit 可執行 | | Well-known metadata | agent-card、ai-plugin、mcp、openapi | 可作 route evidence;不授權 agent execution 或 credential exposure | | Cron / automation | A2A discovery / dispatcher / swarm、judge、lead-gen、reaper、self-replicate、treasury alert | 不啟用 schedule、不跑 daemon、不 self-replicate | | Admin / treasury | admin、traffic、treasury、withdraw、simulate | 需 RBAC / auth / financial owner response;不提款、不 payout | | Webhook / traffic | traffic、GitHub / Stripe webhook、scout、intent stream、health | 只收 redacted metadata,不收 webhook secret 或 payload body | ## 4. Owner 必填欄位 | 欄位 | 說明 | |------|------| | `product_owner_role_or_team` | 產品 owner 或 team | | `security_owner_role_or_team` | 資安 / abuse / 資料保護 owner | | `source_control_owner_role_or_team` | repo / refs / workflow / secret name owner | | `deployment_owner_role_or_team` | compose / domain / TLS / smoke owner | | `data_classification_owner_role_or_team` | task、agent、webhook、traffic、treasury、admin 資料分級 owner | | `external_agent_boundary_owner_role_or_team` | MCP / A2A / cron / daemon owner | | `settlement_or_treasury_owner_role_or_team` | staking、withdrawal、payout、Stripe / wallet 風險 owner | | `notification_owner_role_or_team` | Telegram、Discord、GitHub webhook / issue comment owner | | `surface_scope` | 本次納入 IwoooS 的 route、API、admin、cron、worker、webhook 範圍 | | `decision` | owner 對此 scope 的判定 | | `decision_reason` | 決策理由摘要,不得包含機敏值 | | `redacted_evidence_refs` | 文件、snapshot、ticket、commit、hash 或脫敏 metadata pointer | | `canonical_repo_ref` | canonical repo / remote / branch 的脫敏 ref | | `repo_dirty_disposition` | dirty / untracked workspace 的 WIP 或 release candidate 判定 | | `deployment_boundary_ref` | production host、compose directory、domain / TLS、health smoke 的脫敏 ref | | `auth_abuse_boundary_ref` | auth、RBAC、abuse control、rate limit、anti-spam 的脫敏 ref | | `external_agent_boundary_ref` | MCP / A2A / cron / daemon / external agent autonomy 的脫敏 ref | | `settlement_treasury_boundary_ref` | settlement、staking、withdrawal、payout、Stripe / wallet 的脫敏 ref | | `maintenance_window` | 維護窗口或禁止窗口 | | `rollback_owner` | rollback 負責人與 rollback ref | | `validation_plan` | 驗證與 post-check plan | | `followup_owner` | 後續補件或決策負責人 | ## 5. 禁止輸入 ```text .env content database URL value API key value MCP API key value E2B API key value Telegram bot token value Telegram chat id value Discord webhook value GitHub token value Stripe secret value wallet private key seed phrase cookie session auth header raw webhook payload raw traffic payload raw agent prompt or transcript claim or submit execution request payout or withdraw execution request deploy command request compose restart request DB migration request repo push request refs sync request ``` ## 6. 禁止動作 ```text modify_agent_bounty_repo commit_agent_bounty_changes push_agent_bounty_refs sync_refs create_github_repo change_workflow collect_secret_value read_env_file deploy_production restart_compose run_db_migration run_active_scan run_credentialed_scan start_daemon enable_cron auto_claim auto_submit send_external_agent_message send_telegram_notification send_discord_notification post_github_comment execute_payout execute_withdrawal share_database share_session bind_rbac enable_runtime_gate add_awooop_action_button ``` ## 7. 指令 固定 committed snapshot 時間: ```bash python3 scripts/security/agent-bounty-owner-request-draft.py \ --root . \ --handoff-report docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json \ --output docs/security/agent-bounty-owner-request-draft.snapshot.json \ --generated-at 2026-06-14T23:55:00+08:00 ``` 只讀 guard: ```bash python3 scripts/security/security-mirror-progress-guard.py --root . python3 scripts/security/source-control-owner-response-guard.py --root . ``` ## 8. 完成度 | 工作 | 完成度 | 說明 | |------|--------|------| | owner request draft artifact | `100%` | 11 份 request draft 已由 committed onboarding handoff 產生 | | request dispatch | `0%` | 尚未送件,recipient 未確認 | | owner response received / accepted | `0%` | 尚未收到或接受任何 owner response | | live evidence collection | `0%` | 未讀 production host、compose、DB、webhook、MCP 或 treasury live state | | source-control / deployment / financial action | `0%` | 未 push、未 sync refs、未 deploy、未 payout | | runtime / production write | `0%` | 無 action button,無 production write | ## 9. 邊界 這份 owner request draft 不是資安批准、不是 deployment approval、不是 external agent autonomy approval、不是 treasury approval,也不是 live production truth。不得把 request draft、snapshot、IwoooS UI、AwoooP approval、LOGBOOK 或 onboarding handoff 解讀成 repo / refs / workflow 修改、secret 收集、production deploy、compose restart、DB migration、cron / daemon 啟動、MCP claim / submit、A2A dispatcher、self-replication、Telegram / Discord / GitHub send、Stripe / wallet 操作、payout、withdrawal、staking、active scan、host write 或 runtime gate 授權。