{ "basis": { "gitea_main_commit": "57df61da", "latest_logbook_commit": "57df61da", "latest_runtime_deploy_marker": "166497ee", "latest_tenants_redaction_commit": "94a9c612", "production_verification_required_for_frontend_changes": true, "source_control_rollup_date": "2026-06-13", "source_control_rollup_templates": 24 }, "current_requirement_gaps": [ { "current_state": "request_sent=false、received=0、accepted=0、rejected=0。", "gap_id": "s49_owner_response_absent", "priority": "P0", "required_next_step": "只能等待人工送件與 owner 脫敏回覆;不得用 UI、LOGBOOK 或 AwoooP approval 補成 accepted。", "requirement": "S4.9 必須收到完整 owner response metadata,且五題都通過 reviewer checklist。", "status": "active_blocker" }, { "current_state": "audit event templates 存在,但 emitted_event_count=0。", "gap_id": "s49_dispatch_audit_event_absent", "priority": "P0", "required_next_step": "送件前維持 0;送件後只保存 metadata,不保存 raw response body。", "requirement": "request shown、request sent、owner response received、reviewer outcome 必須是分離 audit metadata。", "status": "active_blocker" }, { "current_state": "尚無 owner response,reviewer outcome 仍是 template-only。", "gap_id": "s49_reviewer_outcome_absent", "priority": "P0", "required_next_step": "補 reviewer outcome ledger,但不得因此開 runtime gate。", "requirement": "任何 owner response 都要先分類為 waiting、supplement、quarantine、reject 或 read-only update candidate。", "status": "active_blocker" }, { "current_state": "AwoooP 高可見頁已改用公開名稱 / SRC-###;仍需由 guard 固定 public surface redaction 規則。", "gap_id": "public_surface_identity_leak_risk", "priority": "P0", "required_next_step": "持續跑 security mirror guard;新增頁面、API payload 或 client bundle 時一律先做 sensitive public-surface scan。", "requirement": "前台與瀏覽器 API 不得顯示個人 namespace、外部 org namespace、工作視窗對話或內部 session 語句。", "status": "mitigated_needs_guard" }, { "current_state": "部分 docs/security source-control evidence 仍有 raw repo identifiers,屬內部 evidence;需要明確 public/private boundary。", "gap_id": "raw_namespace_internal_evidence_misroute_risk", "priority": "P0", "required_next_step": "所有前台資料源必須使用 redacted scope id 或 evidence ref,不直接讀 raw source-control evidence。", "requirement": "內部 source-control evidence 可保留必要技術識別,但不得被路由到產品頁、public API、公開 bundle 或截圖文案。", "status": "active_risk" }, { "current_state": "舊 MD / 產生器曾停在 2026-06-14 以前的 deploy marker;本 snapshot 將基準更新到最新 AwoooP 高可見頁脫敏正式驗證。", "gap_id": "latest_basis_staleness_risk", "priority": "P0", "required_next_step": "每次推送前 fetch gitea 並更新 basis,不得沿用舊 commit 宣稱最新。", "requirement": "S4.9 缺口稽核基準需跟上最新 gitea/main、deploy marker、production verification 與 LOGBOOK。", "status": "remediated_by_this_snapshot" }, { "current_state": "本輪已 fetch 且 worktree 與 gitea/main 一致;仍需每次推送前重查。", "gap_id": "parallel_session_conflict_risk", "priority": "P0", "required_next_step": "禁止 force push;若 gitea/main 前進,只能 fast-forward / rebase 正常收斂。", "requirement": "另一個 AwoooP Session 與本 Session 的 commit、run、deploy marker、production evidence 必須同步。", "status": "active_risk" }, { "current_state": "此 release worktree 未包含 repo-local MEMORY.md。", "gap_id": "release_worktree_memory_index_absent", "priority": "P1", "required_next_step": "把缺檔視為啟動程序缺口,不阻擋只讀工作,但不得聲稱已讀 repo-local MEMORY.md。", "requirement": "Session 啟動必讀 MEMORY.md;若 release worktree 缺檔,必須改讀全域 memory 與 LOGBOOK,並記錄例外。", "status": "active_process_gap" } ], "false_boundaries": { "action_buttons_allowed": false, "force_push_authorized": false, "owner_response_accepted": false, "owner_response_received": false, "raw_namespace_public_surface_allowed": false, "redacted_payload_ingested": false, "refs_sync_authorized": false, "repo_creation_authorized": false, "request_dispatch_authorized": false, "request_sent": false, "runner_enablement_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "visibility_change_authorized": false, "work_session_transcript_public_allowed": false, "workflow_modification_authorized": false }, "generated_at": "2026-06-15T07:50:00+08:00", "git_commit": "57df61da", "mode": "read_only_gap_audit_no_runtime_action", "new_rules_required": [ { "priority": "P0", "rule": "前台、public API、HTML、bundle、messages 不得出現 raw owner namespace、個人識別或工作視窗對話。", "rule_id": "public_surface_redaction_gate", "verification": "security-mirror-progress-guard + production desktop/mobile sensitive scan。" }, { "priority": "P0", "rule": "S4.9 現況缺口稽核不得只停在 MD,必須有 machine-readable snapshot 與 guard。", "rule_id": "s49_gap_audit_snapshot_required", "verification": "source-control-owner-response-guard 必須讀取本 snapshot。" }, { "priority": "P0", "rule": "內部 source-control raw evidence 僅能留在 private docs / committed evidence,不得直接成為產品渲染來源。", "rule_id": "raw_evidence_private_boundary", "verification": "前台只讀 redacted scope id、evidence ref 或 aggregate count。" }, { "priority": "P0", "rule": "owner response received / accepted / rejected 只能由 reviewer record 更新,不得由 request draft、UI 或 LOGBOOK 文字更新。", "rule_id": "owner_response_counts_are_runtime_locked", "verification": "所有 snapshot false boundaries 維持 0 / false。" }, { "priority": "P0", "rule": "request ready、request sent、response received、response accepted、runtime approval 必須是五個獨立狀態。", "rule_id": "dispatch_received_accepted_separation", "verification": "summary counters 必須分離,且 runtime gate 永遠等待獨立批准。" }, { "priority": "P0", "rule": "每次 commit / push 前必須 fetch gitea,並同步另一 Session 的 run / deploy / production evidence。", "rule_id": "parallel_session_basis_refresh", "verification": "LOGBOOK 必須記錄 basis、runs、deploy marker 與 gate 邊界。" }, { "priority": "P1", "rule": "repo-local MEMORY.md 缺檔時,需記錄使用全域 memory 與 LOGBOOK 的替代讀取路徑。", "rule_id": "memory_index_startup_exception", "verification": "啟動記錄不得假稱 repo-local MEMORY.md 已讀。" } ], "next_safe_actions": [ "更新 S4.9 缺口稽核文件基準與 snapshot reference。", "把本 snapshot 納入 source-control owner response guard。", "繼續補 owner response acceptance ledger,但所有 request / received / accepted / runtime gate 維持 0 / false。" ], "priority_work_queue": [ { "blocked_by": "尚未人工送件、尚未收到 owner response。", "completion_percent": 70, "next_validation": "source-control-owner-response-guard。", "priority": "P0-1", "work_item": "S4.9 owner response gate 收件前置" }, { "blocked_by": "後續新增頁面仍需 guard 持續保護。", "completion_percent": 100, "next_validation": "production desktop/mobile sensitive scan。", "priority": "P0-2", "work_item": "前台 / public API identity redaction" }, { "blocked_by": "尚缺 owner-provided live conf、rendered diff、nginx -t evidence、route smoke、maintenance window、rollback owner。", "completion_percent": 86, "next_validation": "public gateway acceptance snapshot + owner-provided evidence review。", "priority": "P0-3", "work_item": "Nginx public gateway owner response acceptance" }, { "blocked_by": "尚缺 ArgoCD health readback、rendered manifest diff、rollback revision、owner response。", "completion_percent": 62, "next_validation": "k8s-argocd owner response acceptance snapshot。", "priority": "P0-4", "work_item": "K8s / ArgoCD owner response acceptance" }, { "blocked_by": "尚缺 restore drill approval package、offsite owner、escrow owner、retention owner、validation plan。", "completion_percent": 62, "next_validation": "backup restore acceptance snapshot。", "priority": "P0-5", "work_item": "Backup / restore / escrow owner response acceptance" }, { "blocked_by": "尚缺 110 / 188 live hash、restart window、rollback owner、post-check 指標。", "completion_percent": 50, "next_validation": "host service owner request / future acceptance ledger。", "priority": "P1-1", "work_item": "Docker Compose / systemd / host service owner response" }, { "blocked_by": "尚缺 live access state、allowed source CIDR、host key pinning、firewall owner、NetworkPolicy / NodePort / WireGuard owner。", "completion_percent": 58, "next_validation": "ssh network acceptance snapshot。", "priority": "P1-2", "work_item": "SSH / firewall / network access owner response acceptance" }, { "blocked_by": "尚缺 live drift evidence、receiver owner、reload owner、route smoke、receipt proof。", "completion_percent": 62, "next_validation": "monitoring owner request / future acceptance ledger。", "priority": "P1-3", "work_item": "Monitoring / alerting / observability owner response" }, { "blocked_by": "尚缺 deployment boundary、external agent boundary、treasury owner、runtime gate owner。", "completion_percent": 68, "next_validation": "agent bounty owner request draft 與 future acceptance ledger。", "priority": "P1-4", "work_item": "agent-bounty-protocol C0 runtime / MCP / A2A / treasury owner response" } ], "public_surface_redaction_requirements": { "allowed_display": [ "SRC-### scope id", "aggregate count", "risk tier", "readiness state", "redacted evidence ref" ], "forbidden_display": [ "raw repository owner namespace", "personal namespace", "external organization namespace when not explicitly public-safe", "工作視窗對話內容", "approval chat phrase", "token / secret / private key / cookie / authorization header" ], "required_fields_or_markers": [ "source_scope_id", "source_namespace_redacted", "repo_owner_namespace_redacted", "raw_repository_namespace_visible", "public_api_raw_repo_namespace_allowed" ], "verification": [ "public API payload sensitive scan", "production HTML sensitive scan", "desktop browser sensitive scan", "mobile browser sensitive scan", "horizontal overflow check" ] }, "rule_adjustments_required": [ { "adjusted_rule": "低摩擦不代表延後修補即時資訊揭露;public surface leak 可先 source-control 止血,再補 owner gate。", "adjustment_id": "low_friction_but_p0_stop_the_bleed", "from_rule": "初期資安低摩擦、先只讀框架。", "priority": "P0" }, { "adjusted_rule": "技術識別只能留在內部 evidence;產品頁只顯示 redacted scope id、風險等級、狀態與 evidence ref。", "adjustment_id": "internal_evidence_not_product_copy", "from_rule": "source-control evidence 可保留技術識別。", "priority": "P0" }, { "adjusted_rule": "AwoooP approval、Runs、Work Items、Tenants 顯示全部只算狀態,不等於 IwoooS security acceptance。", "adjustment_id": "awooop_approval_not_security_acceptance", "from_rule": "AwoooP 可顯示 owner response / approval 候選。", "priority": "P0" }, { "adjusted_rule": "Nginx / public gateway / DNS / TLS 是 C0,優先要求 source-of-truth、drift evidence、owner response、rollback 與 post-check。", "adjustment_id": "nginx_config_control_first", "from_rule": "高價值配置逐步納管。", "priority": "P0" }, { "adjusted_rule": "即使 owner 文字包含同意、批准、OK,也只算 metadata decision,不自動授權 refs sync、reload、deploy 或 runtime action。", "adjustment_id": "owner_response_language_not_execution", "from_rule": "owner 可回覆 decision。", "priority": "P0" }, { "adjusted_rule": "改前端或 public API 後必須做 production desktop/mobile sensitive scan、水平溢出檢查與關鍵卡片可見檢查。", "adjustment_id": "public_verification_required_after_frontend_change", "from_rule": "改前端後做 smoke。", "priority": "P0" }, { "adjusted_rule": "agent-bounty-protocol 需以 C0 runtime / MCP / A2A / treasury 邊界管理,但保持獨立產品與 owner response。", "adjustment_id": "agent_bounty_c0_runtime_boundary", "from_rule": "agent-bounty-protocol 納入 IwoooS scope。", "priority": "P1" } ], "schema_version": "s4_9_owner_response_gap_audit_v1", "status": "gap_audit_ready_owner_gate_zero", "summary": { "active_blocker_count": 3, "active_risk_or_process_gap_count": 3, "current_requirement_gap_count": 8, "mitigated_needs_guard_count": 1, "new_rule_count": 7, "owner_response_accepted_count": 0, "owner_response_received_count": 0, "owner_response_rejected_count": 0, "priority_work_item_count": 9, "public_surface_raw_namespace_allowed": false, "public_surface_redaction_guard_ready": true, "request_sent_count": 0, "rule_adjustment_count": 7, "runtime_gate_count": 0, "s4_9_owner_response_gate_percent": 0, "work_session_transcript_public_allowed": false } }