{ "schema_version": "product_code_review_gate_v1", "generated_at": "2026-06-19T00:42:00+08:00", "program_status": { "overall_completion_percent": 100, "current_priority": "P2", "current_task_id": "P2-111", "next_task_id": "P2-112", "read_only_mode": true, "runtime_authority": "repo_only_product_code_review_gate_no_external_scanner_or_write", "status_note": "P2-111 將全產品資產台帳、Gitea code-review、供應鏈漂移、Aider 事件與 AI reviewer 分工收斂成推版前後防木馬 Gate 讀回;本輪不啟用外部掃描、不改 workflow、不 auto-merge、不部署、不讀 secret。" }, "source_refs": [ "apps/api/src/services/platform_operator_service.py", ".gitea/workflows/code-review.yaml", "scripts/ci_code_review.py", "apps/api/src/services/local_code_review_service.py", "apps/api/src/services/aider_event_service.py", "docs/evaluations/package_supply_chain_inventory_2026-06-04.json", "docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json" ], "rollups": { "product_scope_count": 16, "public_route_count_minimum": 31, "source_candidate_repo_count": 10, "pre_deploy_gate_count": 8, "post_deploy_gate_count": 6, "ai_reviewer_count": 5, "mainstream_tool_count": 9, "owner_review_required_count": 9, "critical_gap_count": 6, "blocked_operation_count": 17, "active_write_gate_count": 0, "action_button_count": 0 }, "pre_deploy_gates": [ { "gate_id": "gitea_deterministic_diff_review", "label": "Gitea deterministic diff review", "coverage": "active_current_repo", "status": "wired", "owner_agent": "hermes", "evidence_refs": [".gitea/workflows/code-review.yaml", "scripts/ci_code_review.py"], "current_gap": "目前主要覆蓋 AWOOOI main push,尚未擴成所有產品的必經 pre-deploy Gate。", "next_action": "將所有產品來源範圍映射到同一份 gate packet,阻擋未審查 deploy。" }, { "gate_id": "secret_pattern_guard", "label": "Secret / token diff guard", "coverage": "active_current_repo", "status": "wired", "owner_agent": "openclaw", "evidence_refs": ["scripts/ci_code_review.py", "scripts/ci/check-gitea-step-env-secrets.js"], "current_gap": "已做 diff pattern 與 workflow secret surface guard,缺 full-history gitleaks lane。", "next_action": "新增 gitleaks approval packet;未批准前只呈現工具候選,不執行全史掃描。" }, { "gate_id": "high_risk_operation_guard", "label": "Destructive operation guard", "coverage": "active_current_repo", "status": "wired", "owner_agent": "elephant_alpha", "evidence_refs": ["scripts/ci_code_review.py", "docs/HARD_RULES.md"], "current_gap": "只抓高風險字串,不足以判斷資料流、權限升級或木馬行為。", "next_action": "接 Semgrep / CodeQL candidate,並由 ElephantAlpha 做高風險人工 review packet。" }, { "gate_id": "supply_chain_drift_gate", "label": "Dependency / supply-chain drift", "coverage": "repo_only_snapshot", "status": "wired", "owner_agent": "openclaw", "evidence_refs": ["docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"], "current_gap": "OSV / Trivy / registry / license lookup 尚未批准,不能宣稱已抓到所有 CVE。", "next_action": "建立 external scanner activation owner packet 與 無寫入 schedule gate。" }, { "gate_id": "container_iac_gate", "label": "Container / IaC review", "coverage": "repo_only_snapshot", "status": "partial", "owner_agent": "nemotron", "evidence_refs": ["docs/evaluations/package_supply_chain_inventory_2026-06-04.json"], "current_gap": "Docker digest、checksum、K8s/IaC policy 仍是 read-only gap。", "next_action": "接 Trivy / Checkov candidate 與 digest pin approval packet。" }, { "gate_id": "aider_patch_boundary", "label": "Aider patch boundary", "coverage": "event_intake_present", "status": "candidate_only", "owner_agent": "aider", "evidence_refs": ["apps/api/src/api/v1/aider_events.py", "apps/api/src/services/aider_event_service.py"], "current_gap": "Aider 事件可進 Redis stream / Incident,但尚未接成 code-review 修補批准包。", "next_action": "Aider 只作 approved patch executor,輸出 diff、test receipt、rollback note,不得 auto-merge。" }, { "gate_id": "ai_reviewer_consensus", "label": "AI reviewer consensus", "coverage": "agent_contract_defined", "status": "partial", "owner_agent": "openclaw", "evidence_refs": ["apps/api/src/services/local_code_review_service.py", "docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"], "current_gap": "現有 LLM review 可用於 PR / push 摘要,但沒有多模型交叉 reviewer scorecard。", "next_action": "建立 Hermes / OpenClaw / ElephantAlpha / NemoTron / Aider 分工與 scorecard readback。" }, { "gate_id": "human_owner_gate", "label": "Owner review / CODEOWNERS gate", "coverage": "policy_required", "status": "gap", "owner_agent": "elephant_alpha", "evidence_refs": ["docs/HARD_RULES.md", "docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md"], "current_gap": "高風險產品與跨產品修改尚未有統一 CODEOWNERS / owner response 阻擋。", "next_action": "建立 all-products CODEOWNERS / owner lane proposal,不直接修改 workflow。" } ], "post_deploy_gates": [ { "gate_id": "deploy_marker_readback", "label": "Deploy marker readback", "coverage": "active_current_repo", "status": "wired", "owner_agent": "hermes", "evidence_refs": ["docs/LOGBOOK.md"], "current_gap": "目前主要靠人工回填與 smoke 紀錄,尚未自動串回每個產品 release gate。", "next_action": "把 deploy marker、image revision、route smoke 寫入 product release receipt read model。" }, { "gate_id": "production_route_smoke", "label": "Production route smoke", "coverage": "active_current_repo", "status": "wired", "owner_agent": "nemotron", "evidence_refs": [".gitea/workflows/cd.yaml", "docs/LOGBOOK.md"], "current_gap": "AWOOOI routes 有 post-deploy smoke,其他產品尚未統一納入。", "next_action": "以 Tenants public routes 產生 smoke matrix,成功安靜、失敗進 AwoooI SRE 戰情室。" }, { "gate_id": "artifact_provenance", "label": "Artifact provenance / signing", "coverage": "candidate", "status": "gap", "owner_agent": "openclaw", "evidence_refs": ["docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"], "current_gap": "尚未有 SLSA provenance、Sigstore / cosign image signing 與 verification readback。", "next_action": "建立 signing / provenance activation approval packet;未批准前不推 registry 或改 deploy。" }, { "gate_id": "rollback_verifier", "label": "Rollback / verifier receipt", "coverage": "policy_required", "status": "partial", "owner_agent": "elephant_alpha", "evidence_refs": ["docs/HARD_RULES.md"], "current_gap": "部分部署有 smoke,但缺統一 rollback owner、verifier plan 與 fail-close 判定。", "next_action": "把 rollback owner、verifier plan、post-check receipt 做成必填 gate。" }, { "gate_id": "runtime_anomaly_watch", "label": "Runtime anomaly watch", "coverage": "observability_candidate", "status": "partial", "owner_agent": "hermes", "evidence_refs": ["docs/evaluations/ai_agent_report_no_write_analysis_runtime_2026-06-18.json"], "current_gap": "告警、報表與 code-review 尚未用同一個 release fingerprint 關聯。", "next_action": "把 release fingerprint 關聯到 incident、Sentry、SigNoz、K8s 與 SRE digest。" }, { "gate_id": "learning_writeback", "label": "KM / PlayBook writeback", "coverage": "candidate", "status": "gap", "owner_agent": "hermes", "evidence_refs": ["docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"], "current_gap": "Code Review 結果還沒有完整回寫 KM / PlayBook trust / reviewer scorecard。", "next_action": "建立 code-review finding -> work item -> fix receipt -> KM / PlayBook trust 的 writeback gate。" } ], "ai_reviewer_lanes": [ { "agent_id": "hermes", "label": "Hermes", "role": "證據整理、產品資產與 KM / 報表沉澱", "allowed_output": "readback packet, KM draft, report digest draft", "write_allowed": false }, { "agent_id": "openclaw", "label": "OpenClaw", "role": "風險仲裁、供應鏈 Gate、owner packet 編排", "allowed_output": "risk verdict, owner gate, policy decision packet", "write_allowed": false }, { "agent_id": "elephant_alpha", "label": "ElephantAlpha", "role": "高風險與防木馬 read-only reviewer", "allowed_output": "security review finding, high-risk hold, rollback requirement", "write_allowed": false }, { "agent_id": "nemotron", "label": "NemoTron", "role": "長任務回放、供應鏈版本與 post-deploy verifier", "allowed_output": "replay scorecard, smoke matrix, drift comparison", "write_allowed": false }, { "agent_id": "aider", "label": "Aider", "role": "批准後的 patch pair-programmer,不作審批者", "allowed_output": "draft patch, lint/test receipt, rollback note", "write_allowed": false } ], "mainstream_tool_lanes": [ { "tool_id": "codeql", "label": "CodeQL", "category": "semantic_sast", "source_url": "https://docs.github.com/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql", "integration_status": "candidate_owner_approval_required", "recommended_role": "跨語言語意分析與高風險資料流審查", "blocked_now": ["enable workflow", "upload alerts"] }, { "tool_id": "semgrep", "label": "Semgrep", "category": "sast_policy", "source_url": "https://semgrep.dev/docs/semgrep-code/overview", "integration_status": "candidate_owner_approval_required", "recommended_role": "快速規則化 SAST、框架風險與組織 policy guard", "blocked_now": ["install scanner", "network rule fetch"] }, { "tool_id": "gitleaks", "label": "Gitleaks", "category": "secret_scanning", "source_url": "https://gitleaks.io/", "integration_status": "candidate_owner_approval_required", "recommended_role": "repo / diff / history secret scanning", "blocked_now": ["full-history scan", "write report artifact"] }, { "tool_id": "osv_scanner", "label": "OSV-Scanner", "category": "dependency_vulnerability", "source_url": "https://google.github.io/osv-scanner/", "integration_status": "candidate_owner_approval_required", "recommended_role": "dependency manifest / lockfile vulnerability matching", "blocked_now": ["external vulnerability lookup"] }, { "tool_id": "trivy", "label": "Trivy", "category": "container_iac_vulnerability", "source_url": "https://trivy.dev/", "integration_status": "candidate_owner_approval_required", "recommended_role": "container image、filesystem、IaC 與 secret scan", "blocked_now": ["image pull", "external DB update"] }, { "tool_id": "openssf_scorecard", "label": "OpenSSF Scorecard", "category": "repo_security_posture", "source_url": "https://scorecard.dev/", "integration_status": "candidate_owner_approval_required", "recommended_role": "repository security posture / branch / token / CI hygiene score", "blocked_now": ["external repo metadata lookup"] }, { "tool_id": "slsa", "label": "SLSA", "category": "provenance_framework", "source_url": "https://slsa.dev/", "integration_status": "candidate_owner_approval_required", "recommended_role": "build provenance 與 artifact integrity framework", "blocked_now": ["provenance emission", "workflow write"] }, { "tool_id": "sigstore_cosign", "label": "Sigstore / cosign", "category": "artifact_signing", "source_url": "https://www.sigstore.dev/", "integration_status": "candidate_owner_approval_required", "recommended_role": "container / artifact signing and verification", "blocked_now": ["keyless signing", "registry write"] }, { "tool_id": "coderabbit_or_snyk", "label": "CodeRabbit / Snyk", "category": "ai_appsec_platform", "source_url": "https://docs.coderabbit.ai/", "integration_status": "paid_or_external_candidate_owner_approval_required", "recommended_role": "PR AI review、SCA、container / IaC 風險與 developer workflow", "blocked_now": ["paid external service", "repo app install"] } ], "decision_matrix": [ { "risk_lane": "low_ui_or_docs", "reviewer": "Hermes + deterministic guard", "aider_role": "可在批准後起草 patch", "required_gate": "owner_scope_confirmed", "post_deploy": "route smoke + screenshot" }, { "risk_lane": "medium_application_logic", "reviewer": "OpenClaw + ElephantAlpha", "aider_role": "只產 patch 與 test receipt", "required_gate": "manual_approval_and_rollback_note", "post_deploy": "API / UI smoke + incident watch" }, { "risk_lane": "high_security_supply_chain", "reviewer": "ElephantAlpha + OpenClaw + NemoTron replay", "aider_role": "預設禁用,除非單項批准", "required_gate": "owner_response + security_acceptance + verifier_plan", "post_deploy": "deploy marker + provenance / verifier receipt" }, { "risk_lane": "critical_runtime_or_secret", "reviewer": "ElephantAlpha hold", "aider_role": "禁止", "required_gate": "break_glass_or_formal_change_window", "post_deploy": "rollback owner + audit evidence + SRE digest" } ], "gate_boundaries": { "read_only_api_allowed": true, "workflow_write_allowed": false, "external_scanner_activation_allowed": false, "paid_ai_review_allowed": false, "repo_app_install_allowed": false, "auto_merge_allowed": false, "production_deploy_authorized": false, "aider_auto_patch_allowed": false, "elephantalpha_write_allowed": false, "secret_read_allowed": false, "post_deploy_write_allowed": false, "runtime_execution_allowed": false, "telegram_send_allowed": false, "gateway_queue_write_allowed": false, "host_probe_allowed": false, "registry_push_allowed": false, "artifact_signing_allowed": false, "action_buttons_allowed": false }, "next_actions": [ { "task_id": "P2-112", "priority": "P1", "summary": "把 product_code_review_gate 接到 Gitea workflow pre-deploy policy readback;高風險先 fail-close,低風險仍需 reviewer receipt。", "gate": "workflow_change_owner_approval_required" }, { "task_id": "P2-113", "priority": "P1", "summary": "建立 post-deploy release receipt:deploy marker、image revision、product route smoke、rollback owner、verifier receipt。", "gate": "read_only_release_receipt_first" }, { "task_id": "P2-114", "priority": "P1", "summary": "設計外部 scanner 啟用批准包:CodeQL、Semgrep、Gitleaks、OSV、Trivy、OpenSSF、SLSA、Sigstore。", "gate": "cost_and_external_lookup_approval_required" } ] }