Files
awoooi/docs/security/s4-9-owner-response-gap-audit.snapshot.json

308 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"basis": {
"gitea_main_commit": "57df61da",
"latest_logbook_commit": "57df61da",
"latest_runtime_deploy_marker": "166497ee",
"latest_tenants_redaction_commit": "94a9c612",
"production_verification_required_for_frontend_changes": true,
"source_control_rollup_date": "2026-06-13",
"source_control_rollup_templates": 24
},
"current_requirement_gaps": [
{
"current_state": "request_sent=false、received=0、accepted=0、rejected=0。",
"gap_id": "s49_owner_response_absent",
"priority": "P0",
"required_next_step": "只能等待人工送件與 owner 脫敏回覆;不得用 UI、LOGBOOK 或 AwoooP approval 補成 accepted。",
"requirement": "S4.9 必須收到完整 owner response metadata且五題都通過 reviewer checklist。",
"status": "active_blocker"
},
{
"current_state": "audit event templates 存在,但 emitted_event_count=0。",
"gap_id": "s49_dispatch_audit_event_absent",
"priority": "P0",
"required_next_step": "送件前維持 0送件後只保存 metadata不保存 raw response body。",
"requirement": "request shown、request sent、owner response received、reviewer outcome 必須是分離 audit metadata。",
"status": "active_blocker"
},
{
"current_state": "尚無 owner responsereviewer outcome 仍是 template-only。",
"gap_id": "s49_reviewer_outcome_absent",
"priority": "P0",
"required_next_step": "補 reviewer outcome ledger但不得因此開 runtime gate。",
"requirement": "任何 owner response 都要先分類為 waiting、supplement、quarantine、reject 或 read-only update candidate。",
"status": "active_blocker"
},
{
"current_state": "AwoooP 高可見頁已改用公開名稱 / SRC-###;仍需由 guard 固定 public surface redaction 規則。",
"gap_id": "public_surface_identity_leak_risk",
"priority": "P0",
"required_next_step": "持續跑 security mirror guard新增頁面、API payload 或 client bundle 時一律先做 sensitive public-surface scan。",
"requirement": "前台與瀏覽器 API 不得顯示個人 namespace、外部 org namespace、工作視窗對話或內部 session 語句。",
"status": "mitigated_needs_guard"
},
{
"current_state": "部分 docs/security source-control evidence 仍有 raw repo identifiers屬內部 evidence需要明確 public/private boundary。",
"gap_id": "raw_namespace_internal_evidence_misroute_risk",
"priority": "P0",
"required_next_step": "所有前台資料源必須使用 redacted scope id 或 evidence ref不直接讀 raw source-control evidence。",
"requirement": "內部 source-control evidence 可保留必要技術識別但不得被路由到產品頁、public API、公開 bundle 或截圖文案。",
"status": "active_risk"
},
{
"current_state": "舊 MD / 產生器曾停在 2026-06-14 以前的 deploy marker本 snapshot 將基準更新到最新 AwoooP 高可見頁脫敏正式驗證。",
"gap_id": "latest_basis_staleness_risk",
"priority": "P0",
"required_next_step": "每次推送前 fetch gitea 並更新 basis不得沿用舊 commit 宣稱最新。",
"requirement": "S4.9 缺口稽核基準需跟上最新 gitea/main、deploy marker、production verification 與 LOGBOOK。",
"status": "remediated_by_this_snapshot"
},
{
"current_state": "本輪已 fetch 且 worktree 與 gitea/main 一致;仍需每次推送前重查。",
"gap_id": "parallel_session_conflict_risk",
"priority": "P0",
"required_next_step": "禁止 force push若 gitea/main 前進,只能 fast-forward / rebase 正常收斂。",
"requirement": "另一個 AwoooP Session 與本 Session 的 commit、run、deploy marker、production evidence 必須同步。",
"status": "active_risk"
},
{
"current_state": "此 release worktree 未包含 repo-local MEMORY.md。",
"gap_id": "release_worktree_memory_index_absent",
"priority": "P1",
"required_next_step": "把缺檔視為啟動程序缺口,不阻擋只讀工作,但不得聲稱已讀 repo-local MEMORY.md。",
"requirement": "Session 啟動必讀 MEMORY.md若 release worktree 缺檔,必須改讀全域 memory 與 LOGBOOK並記錄例外。",
"status": "active_process_gap"
}
],
"false_boundaries": {
"action_buttons_allowed": false,
"force_push_authorized": false,
"owner_response_accepted": false,
"owner_response_received": false,
"raw_namespace_public_surface_allowed": false,
"redacted_payload_ingested": false,
"refs_sync_authorized": false,
"repo_creation_authorized": false,
"request_dispatch_authorized": false,
"request_sent": false,
"runner_enablement_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"visibility_change_authorized": false,
"work_session_transcript_public_allowed": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-15T07:50:00+08:00",
"git_commit": "57df61da",
"mode": "read_only_gap_audit_no_runtime_action",
"new_rules_required": [
{
"priority": "P0",
"rule": "前台、public API、HTML、bundle、messages 不得出現 raw owner namespace、個人識別或工作視窗對話。",
"rule_id": "public_surface_redaction_gate",
"verification": "security-mirror-progress-guard + production desktop/mobile sensitive scan。"
},
{
"priority": "P0",
"rule": "S4.9 現況缺口稽核不得只停在 MD必須有 machine-readable snapshot 與 guard。",
"rule_id": "s49_gap_audit_snapshot_required",
"verification": "source-control-owner-response-guard 必須讀取本 snapshot。"
},
{
"priority": "P0",
"rule": "內部 source-control raw evidence 僅能留在 private docs / committed evidence不得直接成為產品渲染來源。",
"rule_id": "raw_evidence_private_boundary",
"verification": "前台只讀 redacted scope id、evidence ref 或 aggregate count。"
},
{
"priority": "P0",
"rule": "owner response received / accepted / rejected 只能由 reviewer record 更新,不得由 request draft、UI 或 LOGBOOK 文字更新。",
"rule_id": "owner_response_counts_are_runtime_locked",
"verification": "所有 snapshot false boundaries 維持 0 / false。"
},
{
"priority": "P0",
"rule": "request ready、request sent、response received、response accepted、runtime approval 必須是五個獨立狀態。",
"rule_id": "dispatch_received_accepted_separation",
"verification": "summary counters 必須分離,且 runtime gate 永遠等待獨立批准。"
},
{
"priority": "P0",
"rule": "每次 commit / push 前必須 fetch gitea並同步另一 Session 的 run / deploy / production evidence。",
"rule_id": "parallel_session_basis_refresh",
"verification": "LOGBOOK 必須記錄 basis、runs、deploy marker 與 gate 邊界。"
},
{
"priority": "P1",
"rule": "repo-local MEMORY.md 缺檔時,需記錄使用全域 memory 與 LOGBOOK 的替代讀取路徑。",
"rule_id": "memory_index_startup_exception",
"verification": "啟動記錄不得假稱 repo-local MEMORY.md 已讀。"
}
],
"next_safe_actions": [
"更新 S4.9 缺口稽核文件基準與 snapshot reference。",
"把本 snapshot 納入 source-control owner response guard。",
"繼續補 owner response acceptance ledger但所有 request / received / accepted / runtime gate 維持 0 / false。"
],
"priority_work_queue": [
{
"blocked_by": "尚未人工送件、尚未收到 owner response。",
"completion_percent": 70,
"next_validation": "source-control-owner-response-guard。",
"priority": "P0-1",
"work_item": "S4.9 owner response gate 收件前置"
},
{
"blocked_by": "後續新增頁面仍需 guard 持續保護。",
"completion_percent": 100,
"next_validation": "production desktop/mobile sensitive scan。",
"priority": "P0-2",
"work_item": "前台 / public API identity redaction"
},
{
"blocked_by": "尚缺 owner-provided live conf、rendered diff、nginx -t evidence、route smoke、maintenance window、rollback owner。",
"completion_percent": 86,
"next_validation": "public gateway acceptance snapshot + owner-provided evidence review。",
"priority": "P0-3",
"work_item": "Nginx public gateway owner response acceptance"
},
{
"blocked_by": "尚缺 ArgoCD health readback、rendered manifest diff、rollback revision、owner response。",
"completion_percent": 62,
"next_validation": "k8s-argocd owner response acceptance snapshot。",
"priority": "P0-4",
"work_item": "K8s / ArgoCD owner response acceptance"
},
{
"blocked_by": "尚缺 restore drill approval package、offsite owner、escrow owner、retention owner、validation plan。",
"completion_percent": 62,
"next_validation": "backup restore acceptance snapshot。",
"priority": "P0-5",
"work_item": "Backup / restore / escrow owner response acceptance"
},
{
"blocked_by": "尚缺 110 / 188 live hash、restart window、rollback owner、post-check 指標。",
"completion_percent": 50,
"next_validation": "host service owner request / future acceptance ledger。",
"priority": "P1-1",
"work_item": "Docker Compose / systemd / host service owner response"
},
{
"blocked_by": "尚缺 live access state、allowed source CIDR、host key pinning、firewall owner、NetworkPolicy / NodePort / WireGuard owner。",
"completion_percent": 58,
"next_validation": "ssh network acceptance snapshot。",
"priority": "P1-2",
"work_item": "SSH / firewall / network access owner response acceptance"
},
{
"blocked_by": "尚缺 live drift evidence、receiver owner、reload owner、route smoke、receipt proof。",
"completion_percent": 62,
"next_validation": "monitoring owner request / future acceptance ledger。",
"priority": "P1-3",
"work_item": "Monitoring / alerting / observability owner response"
},
{
"blocked_by": "尚缺 deployment boundary、external agent boundary、treasury owner、runtime gate owner。",
"completion_percent": 68,
"next_validation": "agent bounty owner request draft 與 future acceptance ledger。",
"priority": "P1-4",
"work_item": "agent-bounty-protocol C0 runtime / MCP / A2A / treasury owner response"
}
],
"public_surface_redaction_requirements": {
"allowed_display": [
"SRC-### scope id",
"aggregate count",
"risk tier",
"readiness state",
"redacted evidence ref"
],
"forbidden_display": [
"raw repository owner namespace",
"personal namespace",
"external organization namespace when not explicitly public-safe",
"工作視窗對話內容",
"approval chat phrase",
"token / secret / private key / cookie / authorization header"
],
"required_fields_or_markers": [
"source_scope_id",
"source_namespace_redacted",
"repo_owner_namespace_redacted",
"raw_repository_namespace_visible",
"public_api_raw_repo_namespace_allowed"
],
"verification": [
"public API payload sensitive scan",
"production HTML sensitive scan",
"desktop browser sensitive scan",
"mobile browser sensitive scan",
"horizontal overflow check"
]
},
"rule_adjustments_required": [
{
"adjusted_rule": "低摩擦不代表延後修補即時資訊揭露public surface leak 可先 source-control 止血,再補 owner gate。",
"adjustment_id": "low_friction_but_p0_stop_the_bleed",
"from_rule": "初期資安低摩擦、先只讀框架。",
"priority": "P0"
},
{
"adjusted_rule": "技術識別只能留在內部 evidence產品頁只顯示 redacted scope id、風險等級、狀態與 evidence ref。",
"adjustment_id": "internal_evidence_not_product_copy",
"from_rule": "source-control evidence 可保留技術識別。",
"priority": "P0"
},
{
"adjusted_rule": "AwoooP approval、Runs、Work Items、Tenants 顯示全部只算狀態,不等於 IwoooS security acceptance。",
"adjustment_id": "awooop_approval_not_security_acceptance",
"from_rule": "AwoooP 可顯示 owner response / approval 候選。",
"priority": "P0"
},
{
"adjusted_rule": "Nginx / public gateway / DNS / TLS 是 C0優先要求 source-of-truth、drift evidence、owner response、rollback 與 post-check。",
"adjustment_id": "nginx_config_control_first",
"from_rule": "高價值配置逐步納管。",
"priority": "P0"
},
{
"adjusted_rule": "即使 owner 文字包含同意、批准、OK也只算 metadata decision不自動授權 refs sync、reload、deploy 或 runtime action。",
"adjustment_id": "owner_response_language_not_execution",
"from_rule": "owner 可回覆 decision。",
"priority": "P0"
},
{
"adjusted_rule": "改前端或 public API 後必須做 production desktop/mobile sensitive scan、水平溢出檢查與關鍵卡片可見檢查。",
"adjustment_id": "public_verification_required_after_frontend_change",
"from_rule": "改前端後做 smoke。",
"priority": "P0"
},
{
"adjusted_rule": "agent-bounty-protocol 需以 C0 runtime / MCP / A2A / treasury 邊界管理,但保持獨立產品與 owner response。",
"adjustment_id": "agent_bounty_c0_runtime_boundary",
"from_rule": "agent-bounty-protocol 納入 IwoooS scope。",
"priority": "P1"
}
],
"schema_version": "s4_9_owner_response_gap_audit_v1",
"status": "gap_audit_ready_owner_gate_zero",
"summary": {
"active_blocker_count": 3,
"active_risk_or_process_gap_count": 3,
"current_requirement_gap_count": 8,
"mitigated_needs_guard_count": 1,
"new_rule_count": 7,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"owner_response_rejected_count": 0,
"priority_work_item_count": 9,
"public_surface_raw_namespace_allowed": false,
"public_surface_redaction_guard_ready": true,
"request_sent_count": 0,
"rule_adjustment_count": 7,
"runtime_gate_count": 0,
"s4_9_owner_response_gate_percent": 0,
"work_session_transcript_public_allowed": false
}
}