Files
awoooi/docs/security/security-approval-review-packet.snapshot.json
Your Name 58e760fae2
All checks were successful
CD Pipeline / tests (push) Successful in 1m25s
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / build-and-deploy (push) Successful in 4m2s
CD Pipeline / post-deploy-checks (push) Successful in 1m48s
feat(security): 擴充 S4.10 target owner response
2026-06-11 20:30:41 +08:00

413 lines
19 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "security_approval_review_packet_v1",
"status": "draft",
"date": "2026-05-17",
"mode": "approval_review_packet_only",
"runtime_execution_authorized": false,
"source_indexes": [
"docs/security/security-approval-queue.snapshot.json",
"docs/security/security-approval-gate.snapshot.json",
"docs/security/security-approval-decision-record.snapshot.json",
"docs/security/security-approval-state-transition.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json",
"docs/security/security-mirror-status-rollup.snapshot.json",
"docs/security/security-rollout-policy.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
"docs/security/source-control-ref-truth-owner-response.snapshot.json"
],
"summary": {
"total_review_packets": 8,
"ready_for_human_review_count": 7,
"block_candidate_count": 1,
"decision_records_created_count": 0,
"runtime_actions_authorized": false,
"action_buttons_allowed": false,
"raw_secret_storage_authorized": false
},
"review_packets": [
{
"packet_id": "review-packet-redacted-finding-ingestion-20260513",
"review_order": 1,
"gate_id": "gate-redacted-finding-ingestion-20260513",
"source_queue_item_id": "kali-finding-runtime-ingestion-approval-20260513",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否允許先設計或建立 draft PR讓 AwoooP 未來可接收已脫敏 security_finding_v1 摘要與 evidence_ref。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/SECURITY-FINDING-CONTRACT.md",
"docs/security/security-finding-kali-sample.snapshot.json",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
"顯示 packet 與 evidence refs",
"要求 reviewer 補充 scope 或資料欄位",
"保留 sample snapshot mirror-only"
],
"allowed_after_decision_actions": [
"若 approve_scope只能進入設計或 draft PR",
"若 reject/defer/request_more_evidence寫入 decision record 並維持 blocked"
],
"still_forbidden": [
"保存 raw secret/token/cookie/private key/exploit payload",
"讓 AwoooP 直接啟動 scan",
"自動封鎖 deploy 或自動修復"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-safe-web-crawl-20260513",
"review_order": 2,
"gate_id": "gate-safe-web-crawl-20260513",
"source_queue_item_id": "kali-safe-web-crawl-approval-20260513",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "low_noise_scan_scope_review",
"requested_decision": "是否允許定義公開產品 domains 的 TLS、security header 與 basic crawl 低噪音 scope。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/KALI-SECURITY-MESH-BLUEPRINT.md"
],
"allowed_pre_decision_actions": [
"顯示公開 web perimeter 候選範圍",
"要求補 scan window、頻率與排除清單",
"維持 observe-only"
],
"allowed_after_decision_actions": [
"若 approve_scope只能整理低噪音 scope 與 redacted finding 格式",
"任何實際掃描仍需 follow-up runtime gate"
],
"still_forbidden": [
"active DAST fuzz",
"auth flow 改狀態測試",
"credentialed scan",
"阻擋 release"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-gitea-readonly-inventory-20260513",
"review_order": 3,
"gate_id": "gate-gitea-readonly-inventory-20260513",
"source_queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "read_only_inventory_review",
"requested_decision": "是否先要求 owner 依 S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / response 收件包完成 S4.7 coverage attestation並在 scope decision 被接受後,才允許 read-only token 或 redacted admin export 補齊 Gitea private/internal 全量 repo list。",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
"docs/security/gitea-readonly-inventory-approval.snapshot.json",
"docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md",
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md",
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
],
"allowed_pre_decision_actions": [
"顯示 public-only 與 blocked endpoint evidence",
"顯示 S4.7 的 5 個 owner attestation items 與 received_attestation_count=0",
"顯示 S4.9 的 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、5 個 owner response templates、6 個 intake preflight checks、5 個 outcome lanes、received_response_count=0、audit_events_emitted=0 與 rejection rules",
"要求 owner 確認 read-only token 或 redacted export 來源",
"不保存 token value"
],
"allowed_after_decision_actions": [
"若 approve_scope先依 S4.9 request packet 要求 owner 回覆,用 template status ledger / audit event templates / redaction examples / display sections / collection checks 維持 request / received / accepted 分離,並完成 preflight / outcome lane 判定 / 驗收 S4.7 owner response再更新 attestation evidence 與 scope decision",
"若 approve_scope只能做一次 read-only inventory 或匯入 redacted export",
"更新 migration matrix 與 repo decision table"
],
"still_forbidden": [
"保存 token value",
"使用 write-capable token",
"未完成 owner attestation 就標記 inventory complete",
"把 owner attestation 當成 repo migration 或 primary approval",
"把 S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 或 response packet 當成 inventory 執行授權",
"建立 GitHub repo",
"sync refs",
"切 GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-github-target-decisions-20260513",
"review_order": 4,
"gate_id": "gate-github-target-decisions-20260513",
"source_queue_item_id": "source-control-target-repo-approval-bundle-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否依 S4.10 逐 repo 確認 GitHub target、owner、visibility、canonical response 與 refs reconcile review本封包不授權建立 repo 或改 visibility。",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md",
"docs/security/source-control-approval-board.snapshot.json",
"docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md",
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md",
"docs/security/github-target-owner-decision-response.snapshot.json",
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json"
],
"allowed_pre_decision_actions": [
"顯示 9 個 approval-required target",
"顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、owner response templates、received_response_count=0 與 rejection rules",
"顯示 S4.12 workflow / secret 名稱 owner response request packet、template statuses、audit event templates、redaction examples、collection checks、intake preflight checks、templates、received_response_count=0 與 rejection rules",
"要求 repo owner 補 owner/visibility/canonical 判定",
"維持 refs action disabled"
],
"allowed_after_decision_actions": [
"若 approve_scope只能更新 S4.10 / S4.12 response 驗收結果、決策草案、workflow parity wording、draft reconcile plan 或 ADR",
"任何 repo creation 或 visibility change 仍需後續 runtime gate"
],
"still_forbidden": [
"建立 repo",
"修改 visibility",
"把 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation 或 visibility approval",
"把 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification 或 runner enablement approval",
"push refs",
"delete refs",
"切 GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-ref-truth-review-20260513",
"review_order": 5,
"gate_id": "gate-ref-truth-review-20260513",
"source_queue_item_id": "source-control-ref-truth-review-bundle-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否逐 repo / 單 ref 判定真相來源、deprecated 候選、release tag 與 GitHub-only refs先依 S4.11 驗收 owner response分類結果不得自動執行。",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md",
"docs/security/source-control-ref-truth-classification.snapshot.json",
"docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md",
"docs/security/source-control-ref-truth-owner-response.snapshot.json",
"docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"
],
"allowed_pre_decision_actions": [
"顯示 194 個 refs review items",
"顯示 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、五個 owner response templates 與 received_response_count=0",
"依 repo / branch / tag 分組給 owner 判定",
"產生人工 review checklist"
],
"allowed_after_decision_actions": [
"若 approve_scope只能依 S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks 驗收後更新 truth classification 或 reconcile draft",
"任何 refs sync/delete 仍需後續 runtime gate"
],
"still_forbidden": [
"把 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync/delete/force push approval",
"push refs",
"delete refs",
"force push",
"切 GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-credentialed-scan-20260513",
"review_order": 6,
"gate_id": "gate-credentialed-scan-20260513",
"source_queue_item_id": "kali-credentialed-scan-approval-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "manual_exception_review",
"requested_decision": "是否允許先設計 credentialed scan 的人工 exception、credential source、scope、audit trail 與停用方式。",
"required_reviewers": [
"security-commander",
"vuln-verifier",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
],
"allowed_pre_decision_actions": [
" exception ",
" credential lifecyclescope ",
" credential value"
],
"allowed_after_decision_actions": [
" approve_scope exception audit trail",
" credentialed scan follow-up runtime gate "
],
"still_forbidden": [
" credential value",
"",
"",
" firewall/RBAC/NetworkPolicy"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-kali-full-upgrade-reboot-20260513",
"review_order": 7,
"gate_id": "gate-kali-full-upgrade-reboot-20260513",
"source_queue_item_id": "kali-full-upgrade-reboot-approval-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "manual_exception_review",
"requested_decision": " Kali 112 full-upgrade autoremove reboot snapshotrollback post-health gate",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
" Kali update no reboot required ",
"snapshotrollback post-check",
" reboot"
],
"allowed_after_decision_actions": [
" approve_scope rollback ",
" full-upgrade/reboot follow-up runtime gate"
],
"still_forbidden": [
" reboot",
" snapshot full-upgrade",
" scanner health "
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-kali-execute-endpoint-20260513",
"review_order": 8,
"gate_id": "gate-kali-execute-endpoint-20260513",
"source_queue_item_id": "kali-execute-endpoint-approval-20260513",
"risk": "CRITICAL",
"review_state": "block_candidate",
"review_lane": "blocked_by_default_review",
"requested_decision": " Kali /execute blocked by default disableallowlistaudit gate exception",
"required_reviewers": [
"critic",
"security-commander",
"human-owner"
],
"decision_options": [
"keep_blocked",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
" blocked reason",
" disable/allowlist/audit gate ",
" AwoooP runtime "
],
"allowed_after_decision_actions": [
" keep_blocked decision record disabled posture",
" defer/request_more_evidence runtime"
],
"still_forbidden": [
"AwoooP runtime /execute",
" /execute MCP action",
" shell command ",
" command "
],
"followup_runtime_gate_required": true,
"execution_authorized": false
}
],
"packet_rules": [
"Review packet ",
" packet security_approval_gate_v1 gate item security_approval_queue_v1 queue item",
" security_approval_decision_record_v1",
" next state security_approval_state_transition_v1 ",
"使 decision=approve_scopeexecution_authorized false security_followup_runtime_gate_v1 runtime gate ",
"AwoooP packet scanexecutereporefsdeploysecret action button"
],
"forbidden_actions": [
"start_kali_scan",
"call_kali_execute_endpoint",
"run_credentialed_scan",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"switch_github_primary",
"auto_merge",
"production_deploy",
"store_secret_token_cookie_private_key_or_exploit_payload",
"treat_review_packet_as_approval",
"treat_review_packet_as_execution_authorization"
]
}