# IwoooS 高價值配置 Owner Request 草稿包 | 項目 | 內容 | |------|------| | 日期 | 2026-06-14 | | 狀態 | `owner_request_draft_ready_not_dispatched` | | 工具 | `scripts/security/high-value-config-owner-request-draft.py` | | 輸入 | `docs/security/high-value-config-owner-packet-intake-preflight.snapshot.json` | | Snapshot | `docs/security/high-value-config-owner-request-draft.snapshot.json` | | runtime gate | `0` | ## 1. 目的 本文件承接高價值配置 Owner Packet 收件預檢,將三包 owner packet 轉成可人工核對的 request draft 與 handoff envelope。它只負責固定未來送件前的內容格式、禁止 payload 與送後不變條件。 本階段仍不是 request sent、不是 recipient confirmed、不是 owner response received、不是 reviewer accepted、不是 audit event emitted,也不是 Nginx reload、DNS / TLS 變更、workflow 修改、host write、active scan、agent-bounty runtime、payout / withdrawal 或 production write 授權。 ## 2. 草稿摘要 | 指標 | 值 | 說明 | |------|----|------| | request draft count | `3` | DNS / TLS / certbot、Nginx public gateway、security evidence tooling | | C0 request draft count | `2` | DNS / TLS / certbot 與 Nginx public gateway | | handoff envelope field count | `11` | 送件前交接封套欄位 | | required owner field total | `27` | 三包各九欄 | | forbidden payload count | `12` | token、secret、private key、cookie、session、raw sensitive live config 等 | | blocked request count | `16` | repo / refs / workflow / runner / host / scan / runtime / payout 等要求全部拒收 | | request sent | `0` | 尚未送 request | | recipient confirmed | `0` | 尚未確認收件角色 | | audit event emitted | `0` | 尚未建立送件稽核事件 | | received / accepted / rejected | `0 / 0 / 0` | 尚未收到或驗收任何 owner response | | runtime gate | `0` | 未開啟 | ## 3. Handoff Envelope | 欄位 | 內容規則 | |------|----------| | `request_id` | 固定對應高價值配置 owner request,不建立 runtime action id | | `stage_id` | 固定 `P0-14` | | `packet_id` | 對應來源 owner packet | | `recipient_role_or_team` | 只填 role / team;不得填 token、cookie、session 或私人聯絡資訊 | | `sender_role_or_team` | 只填送件操作角色;不得把 AwoooP approval 視為資安批准 | | `requested_response_window` | 可填人工約定窗口;空值不得阻擋 `0 / false` gate | | `allowed_response_format` | 只接受九個 canonical owner 欄位與允許 decision | | `redacted_evidence_refs` | 僅指向既有文件、snapshot、ticket id、hash 或 quarantine pointer | | `forbidden_payloads` | secret、repo archive、DB dump、runner token、raw sensitive live config 等全部拒收 | | `followup_owner` | 只記後續補證 role / team | | `not_approval` | 必須為 `true` | ## 4. 三包草稿 | Request | Priority | Control tier | 邊界 | |---------|----------|--------------|------| | `high_value_config_owner_request:dns_tls_certbot` | `P0` | `C0` | 只要求 domain / TLS / certbot owner 補件,不代表 certbot renew、DNS 變更或 public HTTPS route change | | `high_value_config_owner_request:nginx_public_gateway` | `P0` | `C0` | 只要求 Nginx public gateway owner 補件,不代表 live conf 讀取、`nginx -t`、reload 或 route change | | `high_value_config_owner_request:security_evidence_tooling` | `P3` | `C3` | 只要求文件 / snapshot / guard 類證據補件,不代表 runtime gate 提升 | ## 5. 送後不變條件 即使未來真的由人工送出 request,也只能在有可稽核送件 metadata 後,另行記錄真實 `request_sent_count`。不得因草稿、送件、AwoooP approval、UI 可見或 CD success 同步拉高 received / accepted / rejected、reviewer queue、runtime gate 或 action button。 送件後仍需經過: 1. owner response 收件預檢。 2. 敏感 payload 隔離。 3. 執行要求拒收。 4. 跨包一致性檢查。 5. reviewer validation。 6. security acceptance record。 7. 獨立人工 runtime approval、維護窗口、rollback 與 post-check。 ## 6. 指令 產生 committed snapshot: ```bash python3 scripts/security/high-value-config-owner-request-draft.py \ --root . \ --intake-preflight-report docs/security/high-value-config-owner-packet-intake-preflight.snapshot.json \ --output docs/security/high-value-config-owner-request-draft.snapshot.json \ --generated-at 2026-06-14T18:45:00+08:00 ``` 驗證 guard: ```bash python3 scripts/security/security-mirror-progress-guard.py --root . ``` ## 7. 完成度 | 工作 | 完成度 | 說明 | |------|--------|------| | request draft artifact | `100%` | 產生器、snapshot 與文件已固定 | | request dispatch | `0%` | 尚未送 owner request | | owner response received | `0%` | 尚未收到正式回覆 | | reviewer accepted | `0%` | 尚未建立 security acceptance record | | runtime gate | `0%` | 未授權且未開啟 |