Files
awoooi/docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json
Your Name 8e7136dddb
All checks were successful
CD Pipeline / tests (push) Successful in 2m9s
Code Review / ai-code-review (push) Successful in 15s
CD Pipeline / build-and-deploy (push) Successful in 6m56s
CD Pipeline / post-deploy-checks (push) Successful in 3m6s
feat(security): 納入 Agent Bounty 只讀資安範圍
2026-06-11 09:41:09 +08:00

386 lines
15 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "agent_bounty_iwooos_onboarding_handoff_v1",
"status": "draft_waiting_owner_review",
"date": "2026-06-11",
"mode": "product_scope_handoff_only",
"source_evidence_refs": [
"docs/security/iwooos-posture-projection.snapshot.json",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
"apps/web/messages/zh-TW.json",
"/Users/ogt/Documents/agent-bounty-protocol/README.md",
"/Users/ogt/Documents/agent-bounty-protocol/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/apps/web/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/mcp-server/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/packages/contracts/package.json",
"/Users/ogt/Documents/agent-bounty-protocol/docker-compose.yml"
],
"summary": {
"product_name": "agent-bounty-protocol",
"onboarding_handoff_package_ready": true,
"onboarding_handoff_completion_percent": 100,
"product_boundary_merged_into_awoooi": false,
"owner_response_received": false,
"owner_response_accepted": false,
"repo_refs_truth_accepted": false,
"data_classification_accepted": false,
"deployment_boundary_accepted": false,
"external_agent_boundary_accepted": false,
"runtime_gate_open": false,
"runtime_execution_authorized": false,
"production_deploy_authorized": false,
"repo_creation_authorized": false,
"refs_sync_authorized": false,
"workflow_modification_authorized": false,
"secret_value_collection_authorized": false,
"auto_claim_submit_authorized": false,
"bounty_payout_authorized": false,
"external_agent_autonomy_authorized": false,
"shared_database_authorized": false,
"shared_session_authorized": false,
"shared_rbac_authorized": false,
"action_buttons_allowed": false
},
"product_identity": {
"product_type": "M2M 交易閘道器、Agent Bounty / MCP / A2A 實驗產品",
"current_focus": "公開任務、agent 互動、MCP tool gateway、A2A negotiation、外部流量監控、scout、webhook、admin / treasury 與 cron automation 的只讀資安納管。",
"technical_stack": [
"Next.js 16 App Router",
"React 19",
"TypeScript",
"Prisma",
"PostgreSQL",
"Redis",
"Docker Compose",
"MCP SDK",
"A2A / Nostr / Waku / XMTP 類外部 agent 連線",
"Stripe / Ethers / webhook 類整合候選",
"Telegram / Discord / GitHub 通知或 webhook 候選"
],
"language_policy": "納入 IwoooS 與 AWOOOI 文件、前端內容、LOGBOOK 與 handoff 時一律使用繁體中文程式符號、API、套件名稱、route 與 env-key 名稱可保留英文。"
},
"repo_scope": {
"active_workspace": {
"path": "/Users/ogt/Documents/agent-bounty-protocol",
"status_summary": "read_only_observed_dirty_workspace_on_main_with_51_modified_or_untracked_items; .env-like files exist but were not read",
"canonical_for_iwooos": false,
"forbidden_actions": [
"commit",
"rebase",
"push",
"delete_files",
"sync_refs",
"read_env_file",
"run_deploy_script",
"run_security_scan",
"start_cron_or_daemon"
]
},
"reference_worktree": {
"path": "/Users/ogt/Documents/agent-bounty-protocol",
"head_sha": "a1856d08bc2778f9b41076cd6175ff2389b2e5ca",
"origin_main_sha": "a1856d08bc2778f9b41076cd6175ff2389b2e5ca",
"main_sha": "a1856d08bc2778f9b41076cd6175ff2389b2e5ca",
"remote": "http://192.168.0.110:3001/wooo/agent-bounty-protocol.git",
"refs_truth_status": "waiting_owner_decision_due_dirty_workspace_and_internal_remote"
},
"required_owner_answers": [
"canonical repo path / remote",
"dirty workspace WIP vs release candidate disposition",
"GitHub target metadata if needed",
"workflow / runner / webhook / secret name parity owner",
"production host / compose directory / domain / TLS owner",
"A2A / MCP / external agent autonomy boundary owner",
"treasury / payout / staking / Stripe / settlement data owner",
"traffic monitoring / Telegram / Discord / GitHub webhook notification owner"
]
},
"product_surfaces": [
{
"surface_id": "public-and-task-surface",
"routes": [
"/",
"/tasks/[id]",
"/tasks/create",
"/showcase",
"/showcase/[id]",
"/leaderboard",
"/explorer",
"/traffic",
"/ico"
],
"boundary": "public and marketplace-facing surface only; no bounty payout or external claim/submit authorization in this handoff"
},
{
"surface_id": "well-known-agent-metadata",
"routes": [
"/.well-known/agent-card.json",
"/.well-known/ai-plugin.json",
"/.well-known/mcp.json",
"/.well-known/openapi.yaml"
],
"boundary": "metadata can be indexed as route evidence; it does not authorize agent execution or credential exposure"
},
{
"surface_id": "mcp-and-open-task-api",
"routes": [
"/api/mcp/[tool]",
"/api/mcp/agent_card",
"/api/mcp/create_human_task",
"/api/mcp/submit_bid",
"/api/open-tasks"
],
"boundary": "MCP tool gateway requires owner response, auth boundary and abuse controls before any runtime use; this handoff is read-only"
},
{
"surface_id": "a2a-agent-protocol",
"routes": [
"/api/a2a/arbitrate",
"/api/a2a/directory/sync",
"/api/a2a/dispute",
"/api/a2a/launchpad/create",
"/api/a2a/launchpad/projects",
"/api/a2a/mcp/discover",
"/api/a2a/negotiate",
"/api/a2a/reputation/verify",
"/api/a2a/rpc",
"/api/a2a/settle",
"/api/a2a/staking/deposit",
"/api/a2a/staking/withdraw"
],
"boundary": "external agent, settlement, staking and dispute routes stay locked until owner approval and follow-up runtime gate"
},
{
"surface_id": "automation-and-cron",
"routes": [
"/api/cron/a2a-discovery",
"/api/cron/a2a-dispatcher",
"/api/cron/a2a-inviter",
"/api/cron/a2a-swarm",
"/api/cron/bidding-evaluator",
"/api/cron/judge-agent",
"/api/cron/lead-gen",
"/api/cron/reaper",
"/api/cron/self-replicate",
"/api/cron/sentience-check",
"/api/cron/treasury-alert"
],
"boundary": "cron and daemon behavior is observe-only in IwoooS; no schedule enable, external send, claim, submit, payout or self-replication is authorized"
},
{
"surface_id": "admin-and-treasury",
"routes": [
"/admin",
"/admin/traffic",
"/admin/treasury",
"/api/admin/health",
"/api/admin/simulate",
"/api/admin/treasury/stats",
"/api/admin/withdraw",
"/login"
],
"boundary": "admin, treasury and withdraw surfaces require RBAC / auth / financial owner response; IwoooS only lists them as scope"
},
{
"surface_id": "webhooks-and-traffic",
"routes": [
"/api/traffic",
"/api/webhooks/github",
"/api/webhooks/stripe",
"/api/scout/draft",
"/api/scout/issue-exists",
"/api/intents/stream",
"/api/v1/health"
],
"boundary": "traffic, scout and webhook evidence must be redacted metadata only; no webhook secret or payload body collection"
}
],
"owner_response_handoff": {
"status": "ready_not_dispatched",
"request_dispatch_authorized": false,
"required_response_fields": [
"product_owner_role_or_team",
"security_owner_role_or_team",
"source_control_owner_role_or_team",
"deployment_owner_role_or_team",
"data_classification_owner_role_or_team",
"external_agent_boundary_owner_role_or_team",
"settlement_or_treasury_owner_role_or_team",
"notification_owner_role_or_team",
"surface_scope",
"decision",
"decision_reason",
"redacted_evidence_refs",
"followup_owner"
],
"allowed_decisions": [
"confirm_observe_only",
"defer",
"reject",
"request_more_evidence"
],
"forbidden_inputs": [
".env content",
"database URL value",
"API key value",
"MCP API key value",
"E2B API key value",
"Telegram bot token value",
"Telegram chat id value",
"Discord webhook value",
"GitHub token value",
"Stripe secret value",
"wallet private key",
"seed phrase",
"cookie",
"session",
"auth header",
"raw webhook payload",
"raw traffic payload",
"raw agent prompt or transcript",
"claim or submit execution request",
"payout or withdraw execution request",
"deploy command request",
"compose restart request",
"DB migration request",
"repo push request",
"refs sync request"
],
"response_received": false,
"response_accepted": false
},
"independent_product_boundary": {
"must_remain_independent": true,
"forbidden_couplings": [
"share_awoooi_database",
"share_awoooi_session",
"bind_agent_bounty_rbac_to_awoooi_rbac_without_owner_review",
"depend_on_awoooi_runtime_for_agent_bounty_core_flow",
"treat_awooop_approval_as_agent_bounty_security_approval",
"direct_cross_database_join",
"auto_bridge_awooop_work_item_to_agent_claim_submit",
"auto_trigger_payout_or_withdrawal"
],
"allowed_future_integrations": [
"versioned API",
"Webhook event with redacted metadata",
"outbox pattern",
"import / export adapter",
"SSO / OAuth with product RBAC preserved",
"Anti-Corruption Layer",
"read-only AwoooP evidence mirror"
]
},
"data_classification_intake": [
{
"data_type": "task / bounty / solution metadata",
"status": "waiting_owner_classification",
"collection_rule": "metadata and field type only; no private task content, raw solution or unpublished code"
},
{
"data_type": "agent identity / reputation / negotiation state",
"status": "waiting_owner_classification",
"collection_rule": "agent id category and state transition summary only; no raw prompt, transcript, private key or token"
},
{
"data_type": "MCP tool calls / A2A protocol events",
"status": "waiting_owner_classification",
"collection_rule": "route, tool name and decision metadata only; no request body, credential, payload or generated secret"
},
{
"data_type": "webhook / traffic / scout evidence",
"status": "waiting_owner_classification",
"collection_rule": "source type, timestamp and redacted status only; no webhook secret, auth header or raw payload body"
},
{
"data_type": "settlement / staking / treasury / Stripe",
"status": "waiting_owner_classification",
"collection_rule": "capability and owner metadata only; no wallet private key, seed phrase, Stripe secret or payout instruction"
},
{
"data_type": "admin / login / traffic dashboard",
"status": "waiting_owner_classification",
"collection_rule": "role boundary and audit event type only; no account password, session, cookie or private user data"
},
{
"data_type": "cron / daemon / ecosystem hunter",
"status": "waiting_owner_classification",
"collection_rule": "schedule name, disabled/enabled intent and redacted endpoint refs only; no daemon start, claim, submit or external send"
}
],
"deployment_boundary": {
"public_host": "https://agent.wooo.work",
"production_mode": "Docker Compose candidate with owner confirmation required",
"compose_host_status": "README mentions 110; scripts and prior local deploy helpers mention 188; owner must confirm canonical host before any production claim",
"compose_directory_status": "waiting_owner_confirmation; no SSH, rsync, compose restart or deploy script was executed in this AWOOOI stage",
"internal_web_status": "docker-compose exposes web host port 3004 and agent host port 3001 in local evidence; do not publish internal URL in frontend",
"database_boundary": "Compose PostgreSQL and Redis services; .env-like files exist but were not read; no DB URL value collection",
"production_verification_in_this_awoooi_stage": false,
"deployment_authorized": false
},
"external_agent_boundary": {
"autonomy_authorized": false,
"claim_submit_authorized": false,
"payout_authorized": false,
"allowed_now": [
"display_read_only_scope",
"display_redacted_route_inventory",
"display_required_owner_response_fields",
"display_forbidden_actions",
"prepare_followup_review_candidate"
],
"blocked_until_owner_review": [
"AUTO_CLAIM",
"AUTO_SUBMIT",
"RUN_DAEMON",
"external MCP claim / submit",
"Nostr listener daemon",
"A2A dispatcher",
"self-replicate cron",
"treasury alert send",
"Stripe webhook secret validation change",
"payout / withdraw / staking action",
"GitHub issue comment or token use",
"Telegram / Discord notification send"
]
},
"acceptance_rules": [
"本 handoff 完成不代表 agent-bounty-protocol owner response 已收到或 accepted。",
"agent-bounty-protocol 納入 IwoooS 只代表全產品資安視野可見不代表掃描、部署、修復、claim、submit、payout、withdraw、cron 或 runtime execution。",
"canonical repo、refs truth、workflow / secret name、GitHub target、compose host 與 production URL 仍需 owner response。",
"正式 URL、Docker Compose、health endpoint、MCP metadata 或 A2A routes 可見,不等於本段已做 production verification。",
"任何 .env、secret、DB URL、token、private key、seed phrase、cookie、session、auth header、webhook secret 都必須拒收或隔離。",
"未來若要改 agent-bounty-protocol production、deploy、compose、DB migration、cron、daemon、domain、TLS、MCP tool behavior 或 A2A automation必須另開 owner approval 與 rollback / post-check。"
],
"forbidden_actions": [
"modify_agent_bounty_repo",
"commit_agent_bounty_changes",
"push_agent_bounty_refs",
"sync_refs",
"create_github_repo",
"change_workflow",
"collect_secret_value",
"read_env_file",
"deploy_production",
"restart_compose",
"run_db_migration",
"run_active_scan",
"run_credentialed_scan",
"start_daemon",
"enable_cron",
"auto_claim",
"auto_submit",
"send_external_agent_message",
"send_telegram_notification",
"send_discord_notification",
"post_github_comment",
"execute_payout",
"execute_withdrawal",
"share_database",
"share_session",
"bind_rbac",
"enable_runtime_gate",
"add_awooop_action_button"
]
}