Files
awoooi/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
2026-05-20 20:07:21 +08:00

209 lines
47 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 資安鏡像狀態彙整契約
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-17 |
| 狀態 | 草案 |
| Schema | `docs/schemas/security_mirror_status_rollup_v1.schema.json` |
| Snapshot | `docs/security/security-mirror-status-rollup.snapshot.json` |
| 模式 | `mirror_only` |
| runtime 執行授權 | `false` |
## 0. 核心結論
`security_mirror_status_rollup_v1` 是 AwoooP 與 Security Supply Chain Session 的共同狀態入口。
它只彙整目前框架、鏡像契約、approval queue 與下一個安全 gate不授權任何 scan、execute、repo、refs、deploy 或 secret 類動作。
## 1. 目前狀態
| 類型 | 狀態 |
|------|------|
| 整體進度估算 | 約 58%;框架 / 治理 / 文件 / schema / read-only evidence 約 80-85%runtime ingestion / owner response / GitHub primary / AwoooP production landing 約 35-40% |
| Contract manifest | 36 個 contracts |
| Mirror readiness | 33 ready、2 partial、1 contract-only、0 blocked |
| Approval queue | 8 items7 pending approval、1 block candidate |
| Approval gate | S3.0 已建立0 approved、7 pending、1 block candidate |
| Decision records | S3.1 已建立;目前 0 筆決策紀錄 |
| Review packets | S3.2 已建立8 packets、7 ready for human review、1 block candidate |
| State transitions | S3.3 已建立5 個 decision options 都有 next state且都不授權執行 |
| Follow-up runtime gate templates | S3.4 已建立8 個 templates、0 個 active runtime gates |
| GitHub primary readiness gate | S4.0 已建立8 個 candidate repos、7 個 in-scope blocked、0 個 primary readyS4.10 已補 GitHub target owner decision response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包7 個 response templates、owner response 0 筆S4.11 已補 refs truth owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包5 個 response templates、owner response 0 筆、audit events emitted 0 筆S4.12 已補 workflow / secret 名稱 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包5 個 response templates、owner response 0 筆、audit events emitted 0 筆S4.13 已補四包 owner response validation rollup、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes22 個 templates、received / accepted / rejected 皆為 0、reviewer audit emitted 仍為 0 |
| GitHub primary rollback ADR | S4.4 已建立7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed、0 個 active cutover |
| Gitea inventory | S4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約S4.7 已補 owner coverage attestationS4.8 已把既有 Gitea queue/gate/review packet/follow-up gate 對齊 attestation 先行S4.9 已補 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes目前 status=`partial_waiting_authenticated_inventory`、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、owner response 0 筆、audit events emitted 0 筆、敏感 payload 必須隔離、允許收集 token value=false |
| Workflow / secret name inventory | S4.1 已建立S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidenceS4.3 補 7 個 repos、5 類 lanes 的 redacted export requestS4.12 補 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 owner response templates0 個 inventory complete、audit events emitted 0 筆、禁止收集 secret value、禁止 write token |
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 04 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestationlatest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`reviewer audit emitted 仍為 0不代表 owner response 已收到或任何執行授權 |
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanesLOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn`owner_review_required_before_blocking=true``runtime_blocking_allowed=false` |
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs不新增執行按鈕 |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey stepsS2.13 已補 7 個 owner evidence readiness itemsS2.14 已補 3 個 host coverage itemsKali 112、開發主機 168、開發主機 111S2.15 已補 6 個 host action gate itemsS2.16 已補 7 個 host evidence readiness itemsS2.17 已補 7 個 host evidence collection order stepsS2.18 已補 7 個 host evidence intake preflight checksS2.19 已補 7 個 host evidence review outcome lanesS2.20 已補 7 個 host evidence review handoff packetsS2.21 已補 7 個 host evidence reviewer checklist itemsS2.22 已補 7 個 host evidence reviewer outcome lanesS2.23 已補 7 個 host owner decision candidate packetsS2.24 已補 7 個 host owner decision review checklist itemsS2.25 已補 7 個 host owner decision review outcome lanesS2.26 已補 7 個 host owner decision record draft packetsS2.27 已補 7 個 host owner decision record draft review checklist itemsS2.28 已補 7 個 host owner decision record draft review outcome lanesS2.29 已補 7 個 host owner decision record write-up packetsS2.30 已補 7 個 host owner decision record write-up review checklist itemsS2.31 已補 7 個 host owner decision record write-up review outcome lanesS2.32 已補 7 個 host owner decision record formal candidate packetsS2.33 已補 7 個 host owner decision record formal candidate review checklist itemsS2.34 已補 8 個 host owner decision record formal candidate review outcome lanesS2.35 已補 8 個 host owner decision record formal record queue packetsS2.36 已補 8 個 host owner decision record formal record queue review checklist itemsS2.37 已補 8 個 host owner decision record formal record queue review outcome lanesS2.38 已補 8 個 host owner decision record human handoff readiness packetsS2.39 已補 8 個 host owner decision record human handoff readiness review checklist itemsS2.40 已補 9 個 host owner decision record human handoff readiness review outcome lanesS2.41 已補 9 個 host owner decision record human record owner review candidate packetsS2.42 已補 9 個 host owner decision record human record owner review candidate checklist itemsS2.43 已補 9 個 host owner decision record human record owner review candidate outcome lanesS2.44 已補 9 個 host owner decision record human record owner review preparation packetsS2.45 已補 9 個 host owner decision record human record owner review preparation checklist itemsS2.46 已補 6 條 progress acceleration lanes顯示 58% holding 原因與下一個高層解鎖 gateS2.47 已補 4 個 owner response next-action focus items顯示 S4.9 為下一個收件焦點且 S4.10-S4.12 依序排隊S2.48 已補 6 個 S4.9 owner response preflight checks讓下一個 P0 owner response 的可收件條件可見S2.49 已補 5 個 S4.9 owner response request templates讓 owner 要逐項回覆的五題可見S2.50 已補 5 個 progress hold movement gates解釋為什麼 58% 仍維持且五個真實 movement signal 都是 0 / falseS2.51 已補 6 個 AwoooP read-only landing readiness items讓另一個 AwoooP Session 可照 snapshot / evidence / guard / route / forbidden outputs 接入S2.52 已補 6 個 AwoooP cross-session handoff packets固定 PR / branch anchor、progress semantics、guard commands、forbidden runtime actions、read-only inputs 與 next coordination gateS2.53 已把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板,顯示 58%、80-85%、35-40%、active gates 0 與四個接入檢查S2.54 已把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項;仍不新增 action button |
| AwoooP approvals IwoooS owner response focus | S2.55 已把 S4.9-S4.12 owner response 下一個人工收件焦點放進 `/awooop/approvals` 只讀面板received=0、accepted=0、active runtime gates=0、headline=58%、approval_record_created=false仍不新增 approve、execute、deploy、primary switch、refs action 或 runtime gate |
| AwoooP contracts IwoooS security contract candidate | S2.56 已把四個 security mirror contract refs 放進 `/awooop/contracts` 只讀面板total contracts=36、ready=33、partial=2、active runtime gates=0、contract_publish_authorized=false仍不發布 contract revision、不改 lifecycle、不寫 platform contracts API、不新增 action button |
| AwoooP tenants IwoooS tenant scope candidate | S2.57 已把 AWOOOI first tenant、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111 與 S4.9-S4.12 owner response waiting 放進 `/awooop/tenants` 只讀面板host coverage=3、tenant policy changes=0、tenant_migration_mode_changed=false仍不改 migration mode、不改 tenant policy、不寫 platform tenants API、不新增 action button |
| AwoooP runs IwoooS run state candidate | S2.58 已把 security mirror Run State 候選放進 `/awooop/runs` 只讀面板security runs=0、active runtime gates=0、owner accepted=0、security_run_created=false、execution_router_linked=false仍不建立 platform run、不接 execution router、不新增 action button |
| Existing security pages IwoooS reverse bridge | S2.59 已把 `SecurityPanel``CompliancePanel`、standalone `/security``/compliance` 反向接上 IwoooS 只讀橋接headline=58%、framework=80-85%、runtime gates=0、action buttons=0仍不新增 scan、repair、approve、deploy 或 blocking control |
| Security control pages IwoooS reverse bridge | S2.60 已把 `/alerts``/errors``/authorizations``/governance` 反向接上 IwoooS 只讀橋接headline=58%、framework=80-85%、runtime gates=0、action buttons=0仍不新增 alert blocker、scan、repair、approve、deploy 或 blocking control |
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD``CHECK_OWNER_RESPONSE_GUARD`latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
| Runtime actions | `false` |
| Payload ingestion | `false` |
## 1.1 進度判讀
目前進度不是以「強制防護開了多少」計算,而是以統帥指定的低摩擦路線拆成兩層:
1. 框架期約 80-85%36 個主要 contract 已有 33 個 ready、2 個 partial、1 個 contract-only、0 blocked表示治理骨架、只讀 evidence、人工批准語義、AwoooP mirror-only 接口與 IwoooS 前端投影已接近完整。
2. 落地期約 35-40%owner responses 仍為 0、active runtime gate 為 0、payload ingestion 為 false、GitHub primary ready 為 0、AwoooP production ingestion 尚未啟用。
因此跨 Session 採用 **58%** 作為目前整體進度。這代表「框架健康、尚未過度收緊」,不是 runtime enforcement 或 primary cutover 授權。
## 1.2 為什麼 58% 看起來沒動
58% 是 headline progress只在高層 gate 真正改變時調整。最近幾輪 S4.10、S4.11、S4.12、S4.13 與 S1.3 的工作確實有前進,但屬於框架細節、顯示順序、收件安全與低摩擦分流,不會直接推高 headline。
| 最近完成 | 進度軸 | headline delta | 為什麼整體百分比不變 |
|----------|--------|----------------|----------------------|
| S4.10 request packet | framework detail | 0 | 只顯示 owner 要回覆什麼,不代表 request sent、response received 或 approval |
| S4.10 template status ledger | framework detail | 0 | 只逐項顯示 7 個 target 仍為 waitingreceived / accepted 仍為 0 |
| S4.10 audit event templates | framework detail | 0 | event templates 仍為 `template_only_not_emitted`production ingestion 尚未啟用 |
| S4.10 redaction examples | framework detail | 0 | 只示範安全 metadata shape不代表 owner response 已收到或可執行 repo / refs / primary 動作 |
| S4.10 collection checks | framework detail | 0 | 只維持 request / received / accepted 狀態分離,不代表 owner response 已收到或已接受 |
| S4.10 intake preflight checks | framework detail | 0 | 只分類可收、補證、隔離或拒收,不代表 owner response accepted 或可執行 repo / refs / primary 動作 |
| S4.11 request packet | framework detail | 0 | 只顯示 owner 要回覆哪 5 類 refs truth 問題,不代表 request sent、response received、accepted 或 refs sync/delete/force push 授權 |
| S4.11 template status ledger | framework detail | 0 | 只逐項顯示 5 類 refs truth response 仍為 waitingreceived / accepted 仍為 0不代表 refs sync/delete/force push 授權 |
| S4.11 audit event templates | framework detail | 0 | event templates 仍為 `template_only_not_emitted`emitted 仍為 0不代表 production ingestion 或 refs sync/delete/force push 授權 |
| S4.11 redaction examples | framework detail | 0 | 只示範安全 metadata shape不代表 owner response received / accepted 或 refs sync/delete/force push 授權 |
| S4.11 collection checks | framework detail | 0 | 只維持 request / received / accepted 狀態分離,不代表 owner response received / accepted 或 refs sync/delete/force push 授權 |
| S4.11 intake preflight checks | framework detail | 0 | 只分類可審、補證、隔離、拒收或等待,不代表 owner response accepted 或 refs sync/delete/force push 授權 |
| S4.12 request packet | framework detail | 0 | 只顯示 owner 要回覆哪 5 類 workflow / secret 名稱問題,不代表 request sent、response received、secret value collection、workflow 修改、runner 啟用或 primary 授權 |
| S4.12 template status ledger | framework detail | 0 | 只逐項顯示 5 類 workflow / secret 名稱 response 仍為 waitingreceived / accepted 仍為 0不代表 secret value collection、workflow 修改、runner 啟用或 primary 授權 |
| S4.12 audit event templates | framework detail | 0 | event templates 仍為 `template_only_not_emitted`emitted 仍為 0不代表 production ingestion、secret value collection、workflow 修改、runner 啟用或 primary 授權 |
| S4.12 redaction examples | framework detail | 0 | 只示範安全 metadata shape不代表 owner response received / accepted 或 secret value collection、workflow 修改、runner 啟用授權 |
| S4.12 collection checks | framework detail | 0 | 只維持 request / received / accepted 狀態分離,不代表 owner response received / accepted、secret value collection、workflow 修改、runner 啟用或 primary 授權 |
| S4.12 intake preflight checks | framework detail | 0 | 只分類可審、補證、隔離或拒收,不代表 owner response accepted、secret 建立、workflow 修改、runner 啟用或 primary 授權 |
| S4.13 evidence routing rules | framework detail | 0 | 只決定 owner evidence pointer 應補證、隔離、拒收、進跨包 review 或只讀更新,不代表 owner response received / accepted、approval、runtime gate 或 execution authorization |
| S4.13 display sections | framework detail | 0 | 只固定 AwoooP Operator Console 的 read-only 呈現順序,不代表 owner response received / accepted、approval、runtime gate、execution queue 或 action button |
| S4.13 state transition rules | framework detail | 0 | 只固定 owner response validation 的 read-only 狀態語義,不代表 owner response received / accepted、approval、runtime gate、execution queue 或 action button |
| S4.13 reviewer checklist | framework detail | 0 | 只提供人工審查順序與只讀檢查提示,不代表 owner response received / accepted、approval、runtime gate、execution queue 或 action button |
| S4.13 reviewer outcome lanes | framework detail | 0 | 只把人工檢查結果分類成等待、補證、隔離、拒收、跨包 review、只讀更新候選或等待 runtime gate不代表 approval、runtime gate、execution queue 或 action button |
| S4.13 reviewer audit event templates | framework detail | 0 | 只定義未來可留痕的脫敏 metadata 形狀emitted 仍為 0不代表 production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit display sections | framework detail | 0 | 只固定 AwoooP 顯示 audit templates、允許 metadata、禁止 payload、0 emitted 狀態與非授權邊界,不代表 production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit collection checks | framework detail | 0 | 只要求 audit template 可見、metadata-only、forbidden payload blocked、emitted=0、無 runtime side effect 與 counters 不變,不代表 production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit redaction examples | framework detail | 0 | 只示範 reviewer audit metadata 的安全顯示形狀,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit retention rules | framework detail | 0 | 只定義 reviewer audit metadata 可保留的安全形狀與 raw payload 拒收邊界,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit retention checks | framework detail | 0 | 只確認 retention rules 可見、metadata-only、raw payload / secret retention blocked、counter snapshot-only 與無 runtime side effect不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit handoff packets | framework detail | 0 | 只整理跨 Session resume、必讀 source packets、安全顯示欄位、禁止 runtime 誤讀、下一個 owner response focus 與後續 gates不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 reviewer audit handoff checks | framework detail | 0 | 只確認 handoff packets 可見、counters 不變、source packets 必讀、安全顯示欄位、runtime 誤讀阻擋與 next focus 未被標記 received不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 parallel session sync checks | framework detail | 0 | 只確認同一 PR 分支、latest delta 可見、counters 仍為 0、runtime flags 仍為 false、source-control mutation 阻擋與 next focus 維持 S4.9,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 parallel session conflict lanes | framework detail | 0 | 只把 stale branch、stale delta、counter drift、runtime flag drift、source-control mutation request 與 next focus drift 分流到停下重讀或人工 review不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 parallel session recovery checks | framework detail | 0 | 只確認 conflict lane 後要重抓遠端、重讀 latest ledger、重跑只讀 guards、review staged diff、確認 runtime false flags 與回到 S4.9 next focus不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S4.13 parallel session recovery outcome lanes | framework detail | 0 | 只把復原結果分類成 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S1.3 non-blocking escalation lanes | framework detail | 0 | 只確認 LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 先維持 observe / warn不代表 blocking gate、runtime enforcement 或 action button |
| S2.8 IwoooS frontend posture entry | framework detail | 0 | 只把 mirror-only 資安態勢呈現在前端,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S2.9 IwoooS posture projection contract | framework detail | 0 | 只把前端顯示資料固定成可驗證契約,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S2.10 IwoooS existing frontend surface integration | framework detail | 0 | 只把既有前端資安頁面整理成只讀索引,不代表 owner response、production ingestion、approval、runtime gate、Kali scan、Code Review gate 或 execution authorization |
| S2.11 IwoooS surface coverage boundary matrix | framework detail | 0 | 只把既有前端資安頁面分成訊號、人工控制、治理稽核與工程審查四面,並顯示重疊 / 衝突控制,不代表 runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權 |
| S2.12 IwoooS operator journey projection | framework detail | 0 | 只把資安處理旅程顯示成 read-only status projection不代表 execution queue、runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權 |
| S2.13 IwoooS owner evidence readiness board | framework detail | 0 | 只顯示 headline 進度下一步需要的 owner evidence / approval gatereceived / accepted 仍為 0不代表 owner response received、approval、runtime gate、Kali scan 或 GitHub primary 授權 |
| S2.14 IwoooS host coverage view | framework detail | 0 | 只顯示 Kali 112 與 168 / 111 開發主機已納入 observe-only 資安視野,不代表 active scan、SSH 變更、主機更新、credentialed scan、runtime gate 或 Kali `/execute` 授權 |
| S2.15 IwoooS host action gate matrix | framework detail | 0 | 只把 active scan、credentialed scan、Kali `/execute`、SSH / host change、Kali update 與 runtime blocking control 拆成只讀 gate不代表任何主機動作或 runtime enforcement 已批准 |
| S2.16 IwoooS host evidence readiness board | framework detail | 0 | 只顯示主機動作前仍缺 scope、owner decision、credential handling、maintenance window、rollback、validation metrics 與 redacted ingestion evidencereceived / accepted 仍為 0不代表任何主機動作已批准 |
| S2.17 IwoooS host evidence collection order | framework detail | 0 | 只把七個主機 evidence readiness items 排成只讀收件順序與依賴關係received / accepted 仍為 0不代表 active scan、SSH、Kali update、raw evidence ingestion 或 runtime control 已批准 |
| S2.18 IwoooS host evidence intake preflight | framework detail | 0 | 只把主機 evidence 進人工 review 前的七個預檢規則顯示出來raw payload、secret value、runtime execution、action button 與 received / accepted counter 仍全部鎖住 |
| S2.19 IwoooS host evidence review outcome lanes | framework detail | 0 | 只顯示主機 evidence 通過 preflight 後的只讀人工審查結果分流approval record、runtime gate、received / accepted counter 與 action button 仍全部鎖住 |
| S2.20 IwoooS host evidence review handoff packets | framework detail | 0 | 只顯示人工 reviewer 需要的七個脫敏交接包received / accepted、approval record、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.21 IwoooS host evidence reviewer checklist | framework detail | 0 | 只顯示 reviewer 在 handoff packets 後要確認的七個只讀檢查received / accepted、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.22 IwoooS host evidence reviewer outcome lanes | framework detail | 0 | 只顯示 reviewer checklist 後的七個只讀結果分流checklist passed、received / accepted、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.23 IwoooS host owner decision candidate packets | framework detail | 0 | 只顯示 owner 人工決策前需要的七個 candidate packetsdecision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.24 IwoooS host owner decision review checklist | framework detail | 0 | 只顯示 owner decision 前的七個只讀核對項decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.25 IwoooS host owner decision review outcome lanes | framework detail | 0 | 只顯示 owner review checklist 後的七個只讀結果分流review passed、decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.26 IwoooS host owner decision record draft packets | framework detail | 0 | 只顯示 formal decision record 需要的七個草稿欄位decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.27 IwoooS host owner decision record draft review checklist | framework detail | 0 | 只顯示 decision record 草稿進人審前的七個核對項review passed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.28 IwoooS host owner decision record draft review outcome lanes | framework detail | 0 | 只顯示 decision record 草稿核對後的七個只讀結果分流review passed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.29 IwoooS host owner decision record write-up packets | framework detail | 0 | 只顯示 formal decision record 需要的七個撰寫欄位write-up completed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.30 IwoooS host owner decision record write-up review checklist | framework detail | 0 | 只顯示 formal decision record 撰寫欄位進人審前的七個只讀核對項review passed、write-up completed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.31 IwoooS host owner decision record write-up review outcome lanes | framework detail | 0 | 只顯示 write-up review checklist 後的七個只讀結果分流review passed、write-up completed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.32 IwoooS host owner decision record formal candidate packets | framework detail | 0 | 只顯示 formal decision record candidate 需要的七個候選欄位finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.33 IwoooS host owner decision record formal candidate review checklist | framework detail | 0 | 只顯示 formal candidate packets 後的七個只讀核對項review passed、finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.34 IwoooS host owner decision record formal candidate review outcome lanes | framework detail | 0 | 只顯示 formal candidate review 後的八個只讀結果分流review passed、finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.35 IwoooS host owner decision record formal record queue packets | framework detail | 0 | 只顯示 formal record queue 需要的八個只讀資料包queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.36 IwoooS host owner decision record formal record queue review checklist | framework detail | 0 | 只顯示 formal record queue packets 後的八個只讀核對項review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.37 IwoooS host owner decision record formal record queue review outcome lanes | framework detail | 0 | 只顯示 formal record queue review 後的八個只讀結果分流review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.38 IwoooS host owner decision record human handoff readiness packets | framework detail | 0 | 只顯示未來 human record owner handoff 前的八個 metadata readiness packetshandoff started、handoff ready、review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.39 IwoooS host owner decision record human handoff readiness review checklist | framework detail | 0 | 只顯示 handoff readiness packets 進人工 record owner 前的八個只讀核對項review passed、handoff started、handoff ready、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.40 IwoooS host owner decision record human handoff readiness review outcome lanes | framework detail | 0 | 只顯示 handoff readiness review 後的九個只讀結果分流review passed、handoff started、handoff ready、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.41 IwoooS host owner decision record human record owner review candidate packets | framework detail | 0 | 只顯示未來 human record owner review candidate 需要看的九個只讀 metadata packetsreview started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.42 IwoooS host owner decision record human record owner review candidate checklist | framework detail | 0 | 只顯示 human record owner review candidate packets 後的九個只讀核對項checklist passed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.43 IwoooS host owner decision record human record owner review candidate outcome lanes | framework detail | 0 | 只顯示 human record owner review candidate checklist 後的九個只讀結果分流outcome passed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.44 IwoooS host owner decision record human record owner review preparation packets | framework detail | 0 | 只顯示 human record owner review preparation candidate 後的九個只讀 metadata packetspreparation completed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.45 IwoooS host owner decision record human record owner review preparation checklist | framework detail | 0 | 只顯示 human record owner review preparation packets 後的九個只讀核對項preparation completed、checklist passed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.46 IwoooS progress acceleration lanes | framework detail | 0 | 只顯示 owner response、redacted ingestion、runtime gate、GitHub readiness、AwoooP landing 與 cadence compression 六條解鎖 laneheadline percent、owner response、payload ingestion、runtime gate、GitHub primary、production execution 與 action button 仍全部鎖住 |
| S2.47 IwoooS owner response next-action focus | framework detail | 0 | 只顯示 S4.9 為下一個 owner response 收件焦點S4.10 / S4.11 / S4.12 依序排隊received、accepted、rejected、audit emitted、approval record、runtime gate、repo / refs mutation、secret value collection 與 action button 仍全部鎖住 |
| S2.48 IwoooS S4.9 owner response preflight | framework detail | 0 | 只顯示 S4.9 六個收件前檢查與 failure lanesrequest sent、received、accepted、rejected、preflight passed、audit emitted、Gitea write、repo / refs mutation、runtime gate、GitHub primary 與 action button 仍全部鎖住 |
| S2.49 IwoooS S4.9 owner response request templates | framework detail | 0 | 只顯示 S4.9 五個 request-ready-not-sent templatesrequest sent、received、accepted、rejected、audit emitted、Gitea inventory completed、Gitea write、repo / refs mutation、token collection、runtime gate、GitHub primary 與 action button 仍全部鎖住 |
| S2.50 IwoooS progress hold movement gates | framework detail | 0 | 只顯示 58% 維持的五個實質門檻owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing 仍全部為 0 / false不把 gate 顯示當授權、進度加分或 action button |
| S2.51 IwoooS AwoooP read-only landing readiness | framework detail | 0 | 只顯示 AwoooP 只讀接入前的六個條件production_landing_enabled=false、execution_router_linked=false、progress_change_applied=false不把 readiness 當 production consumption、guard skip、runtime gate 或 action button |
| S2.52 IwoooS AwoooP cross-session handoff packets | framework detail | 0 | 只顯示另一個 Session 接手前的 PR / branch、進度語義、guard commands、runtime 禁止動作、只讀輸入與下一個協調 gateproduction_landing_enabled=false、execution_router_linked=false、progress_change_applied=false不把 handoff 當 merge、deploy、primary switch、refs mutation、guard skip 或 production consumption |
| S2.53 AwoooP home IwoooS security mirror candidate | framework detail | 0 | 只把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false不把候選面板當 production landing、runtime gate、execution router 或 action button |
| S2.54 AwoooP work-items IwoooS security mirror candidate | framework detail | 0 | 只把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false不把觀察項當 production landing、runtime gate、execution router、scan、execute、repair、deploy、primary switch 或 refs action |
| S2.55 AwoooP approvals IwoooS owner response gate candidate | framework detail | 0 | 只把 S4.9-S4.12 owner response 下一個人工收件焦點放進 AwoooP 審批視野approval_record_created=false、owner_response_accepted_count=0、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 approval record、runtime gate、execution router 或 action button |
| S2.56 AwoooP contracts IwoooS security contract candidate | framework detail | 0 | 只把四個 security mirror contract refs 放進 AwoooP 合約儀表板只讀視野contract_publish_authorized=false、contract_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 contract publish、lifecycle mutation、runtime gate、execution router 或 action button |
| S2.57 AwoooP tenants IwoooS tenant scope candidate | framework detail | 0 | 只把 AWOOOI first tenant、IwoooS security mirror、host coverage=3 與 owner response waiting 放進 AwoooP 租戶管理只讀視野tenant_migration_mode_changed=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 migration mode change、tenant policy mutation、runtime gate、execution router 或 action button |
| S2.58 AwoooP runs IwoooS run state candidate | framework detail | 0 | 只把 security mirror Run State、read-only dry-run-only、owner response waiting 與 active runtime gates 0 放進 AwoooP Run 監控只讀視野security_run_created=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 platform run、execution router、runtime gate、execution queue 或 action button |
| S2.59 existing security pages IwoooS reverse bridge | framework detail | 0 | 只把 SecurityPanel、CompliancePanel、standalone `/security``/compliance` 反向接上 IwoooS 只讀橋接runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true不把既有頁面的可見性當 owner response、runtime gate、掃描、修復、批准或部署 |
| S2.60 security control pages IwoooS reverse bridge | framework detail | 0 | 只把 `/alerts``/errors``/authorizations``/governance` 反向接上 IwoooS 只讀橋接runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true不把告警、錯誤、授權或治理頁面的可見性當 owner response、runtime gate、掃描、修復、批准、部署或 blocking control |
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence
1. S4.9 Gitea owner attestation response 收到並接受脫敏 evidence。
2. S4.10 GitHub target owner / visibility / canonical response 收到並接受脫敏 evidence。
3. S4.11 refs truth owner response 收到並接受脫敏 evidence。
4. S4.12 workflow / secret name owner response 收到並接受脫敏 evidence。
5. redacted payload ingestion 或 active runtime gate 在人工批准後啟用。
6. GitHub primary readiness gate 的 `primary_ready_count` 大於 0。
因此現在不是停住,而是進入「避免灌水」的區段:框架小步有累積,但 headline 需要 owner response / runtime gate / primary readiness 這類真正落地訊號才會跳。
只讀驗證:
```text
python3 scripts/security/security-mirror-progress-guard.py
```
## 2. AwoooP 可做
1. 顯示 S0 到 S4 的階段狀態。
2. 顯示 contract readiness、approval queue summary、approval gate summary 與下一個 gate。
3. 將彙整結果寫入 Audit evidence。
4. 低噪音通知階段完成、blocked reason 或人工批准必要事件。
5. 把下一步限制在 `observe` / `approval_required` / `block_candidate`
6. 顯示 7 條 non-blocking escalation lanes讓 follow-up 不直接升級成 runtime blocker。
## 3. AwoooP 不可做
1. 不把 rollup 當成 runtime authorization。
2. 不新增 scan、execute、repo、refs、deploy、secret 類 action button。
3. 不把 LOW / MEDIUM observation 變成 blocking gate。
4. 不把 approval queue 接成 runner。
5. 不把 GitHub primary、refs sync 或 Kali `/execute` 當成已批准。
6. 不把缺 owner response、partial mirror、source-control drift 或 headline holding 當成產品流程阻擋。
## 4. 下一個安全 gate
下一步仍不是 runtime enforcement。
建議先讓 AwoooP 主線只讀消費本 rollup、`security_approval_gate_v1``security_approval_decision_record_v1``security_approval_review_packet_v1``security_approval_state_transition_v1``security_followup_runtime_gate_v1``source_control_primary_readiness_gate_v1``source_control_primary_rollback_adr_v1``source_control_workflow_secret_name_inventory_v1`,並由人工依序 review
1. redacted finding ingestion adapter。
2. safe web crawl scope。
3. Gitea private/internal read-only inventory先依 S4.9 收到並驗收 S4.7 owner coverage attestation response且 S4.8 已把這個先行條件接到既有 approval queue / gate / review packet / follow-up runtime gate再依 S4.5 認證匯出請求補全量清冊;收到脫敏 payload 後先依 S4.6 驗收 / 拒收 / 隔離;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆,不保存 token value。
4. GitHub target / owner / visibility / canonical先依 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 7 個 owner decision response templatesreceived / accepted response 目前皆為 0不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation、visibility change、refs sync 或 primary approval。
5. Kali `/execute` 維持 block candidate。
6. Refs truth owner response先依 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 顯示 main/dev truth、deprecated drift、release tag、GitHub-only refs 的 5 個 response templatesreceived / accepted response 目前皆為 0audit events emitted 仍為 0不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync、delete、force push 或 primary approval。
7. Workflow / secret 名稱 owner response先依 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 顯示 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 的 5 個 response templatesreceived / accepted response 目前皆為 0audit events emitted 仍為 0不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value 收集、workflow 修改、GitHub hosted runner 啟用或 primary approval。
8. Owner response validation rollup先依 S4.13 顯示 S4.9/S4.10/S4.11/S4.12 四包 response packets、22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與 quarantine rules不得把 rollup、routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets / checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 或 parallel session recovery outcome lanes 當成 approval、runtime gate、production ingestion 或 execution authorization。
9. GitHub primary readiness blockers 與 rollback ADR 缺口。
10. S4.4 GitHub primary rollback ADR 草案:先顯示 7 個 repo 的 rollback owner、validation window 與 triggersowner approval 前不可執行。
11. workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口,先看 S4.2 local evidence再依 S4.3 redacted export request 與 S4.12 owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / 收件包補 webhook / runner / deploy key / branch protection / repository secret parity只保存名稱與 owner不保存 value不使用 write token。
12. Low-friction rollout policy先顯示 7 條 non-blocking escalation lanes只允許 observe / warn、建立 follow-up 與 owner review before blocking不得把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接升 blocking。
任何批准後的執行仍需下一階段 runtime gate 與獨立 evidence不得由本 rollup 自動觸發。