Files
awoooi/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
2026-05-20 19:56:33 +08:00

46 KiB
Raw Blame History

資安鏡像狀態彙整契約

項目 內容
日期 2026-05-17
狀態 草案
Schema docs/schemas/security_mirror_status_rollup_v1.schema.json
Snapshot docs/security/security-mirror-status-rollup.snapshot.json
模式 mirror_only
runtime 執行授權 false

0. 核心結論

security_mirror_status_rollup_v1 是 AwoooP 與 Security Supply Chain Session 的共同狀態入口。

它只彙整目前框架、鏡像契約、approval queue 與下一個安全 gate不授權任何 scan、execute、repo、refs、deploy 或 secret 類動作。

1. 目前狀態

類型 狀態
整體進度估算 約 58%;框架 / 治理 / 文件 / schema / read-only evidence 約 80-85%runtime ingestion / owner response / GitHub primary / AwoooP production landing 約 35-40%
Contract manifest 36 個 contracts
Mirror readiness 33 ready、2 partial、1 contract-only、0 blocked
Approval queue 8 items7 pending approval、1 block candidate
Approval gate S3.0 已建立0 approved、7 pending、1 block candidate
Decision records S3.1 已建立;目前 0 筆決策紀錄
Review packets S3.2 已建立8 packets、7 ready for human review、1 block candidate
State transitions S3.3 已建立5 個 decision options 都有 next state且都不授權執行
Follow-up runtime gate templates S3.4 已建立8 個 templates、0 個 active runtime gates
GitHub primary readiness gate S4.0 已建立8 個 candidate repos、7 個 in-scope blocked、0 個 primary readyS4.10 已補 GitHub target owner decision response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包7 個 response templates、owner response 0 筆S4.11 已補 refs truth owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包5 個 response templates、owner response 0 筆、audit events emitted 0 筆S4.12 已補 workflow / secret 名稱 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與收件包5 個 response templates、owner response 0 筆、audit events emitted 0 筆S4.13 已補四包 owner response validation rollup、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes22 個 templates、received / accepted / rejected 皆為 0、reviewer audit emitted 仍為 0
GitHub primary rollback ADR S4.4 已建立7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed、0 個 active cutover
Gitea inventory S4.5 已補認證清冊匯出請求S4.6 已補匯入驗收契約S4.7 已補 owner coverage attestationS4.8 已把既有 Gitea queue/gate/review packet/follow-up gate 對齊 attestation 先行S4.9 已補 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、owner response 收件包、6 個 intake preflight checks 與 5 個 outcome lanes目前 status=partial_waiting_authenticated_inventory、未認證公開範圍 repos 2 個、本機可見 Gitea unique repos 4 個、匯出來源選項 2 類、匯入驗收 payload 0 筆、owner attestation items 5 個、收到 attestation 0 筆、owner response 0 筆、audit events emitted 0 筆、敏感 payload 必須隔離、允許收集 token value=false
Workflow / secret name inventory S4.1 已建立S4.2 補 4 個 repos、31 個 workflow files、43 個 referenced secret names 的 local evidenceS4.3 補 7 個 repos、5 類 lanes 的 redacted export requestS4.12 補 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 owner response templates0 個 inventory complete、audit events emitted 0 筆、禁止收集 secret value、禁止 write token
Owner response validation S4.13 已建立;四包 owner response 目前 received/accepted 皆為 04 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestationlatest local validation 為 SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OKreviewer audit emitted 仍為 0不代表 owner response 已收到或任何執行授權
Low-friction rollout policy S1.3 已補 7 條 non-blocking escalation lanesLOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warnowner_review_required_before_blocking=trueruntime_blocking_allowed=false
IwoooS frontend posture S2.8 已新增 /iwooos read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs不新增執行按鈕
IwoooS posture projection S2.9 已新增 iwooos_posture_projection_v1S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey stepsS2.13 已補 7 個 owner evidence readiness itemsS2.14 已補 3 個 host coverage itemsKali 112、開發主機 168、開發主機 111S2.15 已補 6 個 host action gate itemsS2.16 已補 7 個 host evidence readiness itemsS2.17 已補 7 個 host evidence collection order stepsS2.18 已補 7 個 host evidence intake preflight checksS2.19 已補 7 個 host evidence review outcome lanesS2.20 已補 7 個 host evidence review handoff packetsS2.21 已補 7 個 host evidence reviewer checklist itemsS2.22 已補 7 個 host evidence reviewer outcome lanesS2.23 已補 7 個 host owner decision candidate packetsS2.24 已補 7 個 host owner decision review checklist itemsS2.25 已補 7 個 host owner decision review outcome lanesS2.26 已補 7 個 host owner decision record draft packetsS2.27 已補 7 個 host owner decision record draft review checklist itemsS2.28 已補 7 個 host owner decision record draft review outcome lanesS2.29 已補 7 個 host owner decision record write-up packetsS2.30 已補 7 個 host owner decision record write-up review checklist itemsS2.31 已補 7 個 host owner decision record write-up review outcome lanesS2.32 已補 7 個 host owner decision record formal candidate packetsS2.33 已補 7 個 host owner decision record formal candidate review checklist itemsS2.34 已補 8 個 host owner decision record formal candidate review outcome lanesS2.35 已補 8 個 host owner decision record formal record queue packetsS2.36 已補 8 個 host owner decision record formal record queue review checklist itemsS2.37 已補 8 個 host owner decision record formal record queue review outcome lanesS2.38 已補 8 個 host owner decision record human handoff readiness packetsS2.39 已補 8 個 host owner decision record human handoff readiness review checklist itemsS2.40 已補 9 個 host owner decision record human handoff readiness review outcome lanesS2.41 已補 9 個 host owner decision record human record owner review candidate packetsS2.42 已補 9 個 host owner decision record human record owner review candidate checklist itemsS2.43 已補 9 個 host owner decision record human record owner review candidate outcome lanesS2.44 已補 9 個 host owner decision record human record owner review preparation packetsS2.45 已補 9 個 host owner decision record human record owner review preparation checklist itemsS2.46 已補 6 條 progress acceleration lanes顯示 58% holding 原因與下一個高層解鎖 gateS2.47 已補 4 個 owner response next-action focus items顯示 S4.9 為下一個收件焦點且 S4.10-S4.12 依序排隊S2.48 已補 6 個 S4.9 owner response preflight checks讓下一個 P0 owner response 的可收件條件可見S2.49 已補 5 個 S4.9 owner response request templates讓 owner 要逐項回覆的五題可見S2.50 已補 5 個 progress hold movement gates解釋為什麼 58% 仍維持且五個真實 movement signal 都是 0 / falseS2.51 已補 6 個 AwoooP read-only landing readiness items讓另一個 AwoooP Session 可照 snapshot / evidence / guard / route / forbidden outputs 接入S2.52 已補 6 個 AwoooP cross-session handoff packets固定 PR / branch anchor、progress semantics、guard commands、forbidden runtime actions、read-only inputs 與 next coordination gateS2.53 已把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板,顯示 58%、80-85%、35-40%、active gates 0 與四個接入檢查S2.54 已把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項;仍不新增 action button
AwoooP approvals IwoooS owner response focus S2.55 已把 S4.9-S4.12 owner response 下一個人工收件焦點放進 /awooop/approvals 只讀面板received=0、accepted=0、active runtime gates=0、headline=58%、approval_record_created=false仍不新增 approve、execute、deploy、primary switch、refs action 或 runtime gate
AwoooP contracts IwoooS security contract candidate S2.56 已把四個 security mirror contract refs 放進 /awooop/contracts 只讀面板total contracts=36、ready=33、partial=2、active runtime gates=0、contract_publish_authorized=false仍不發布 contract revision、不改 lifecycle、不寫 platform contracts API、不新增 action button
AwoooP tenants IwoooS tenant scope candidate S2.57 已把 AWOOOI first tenant、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111 與 S4.9-S4.12 owner response waiting 放進 /awooop/tenants 只讀面板host coverage=3、tenant policy changes=0、tenant_migration_mode_changed=false仍不改 migration mode、不改 tenant policy、不寫 platform tenants API、不新增 action button
AwoooP runs IwoooS run state candidate S2.58 已把 security mirror Run State 候選放進 /awooop/runs 只讀面板security runs=0、active runtime gates=0、owner accepted=0、security_run_created=false、execution_router_linked=false仍不建立 platform run、不接 execution router、不新增 action button
Existing security pages IwoooS reverse bridge S2.59 已把 SecurityPanelCompliancePanel、standalone /security/compliance 反向接上 IwoooS 只讀橋接headline=58%、framework=80-85%、runtime gates=0、action buttons=0仍不新增 scan、repair、approve、deploy 或 blocking control
Dry-run contract_defined_not_executed;已納入 CHECK_PROGRESS_GUARDCHECK_OWNER_RESPONSE_GUARDlatest local validation 為 repo_snapshot_guard_pass,仍不代表 production ingestion
Runtime actions false
Payload ingestion false

1.1 進度判讀

目前進度不是以「強制防護開了多少」計算,而是以統帥指定的低摩擦路線拆成兩層:

  1. 框架期約 80-85%36 個主要 contract 已有 33 個 ready、2 個 partial、1 個 contract-only、0 blocked表示治理骨架、只讀 evidence、人工批准語義、AwoooP mirror-only 接口與 IwoooS 前端投影已接近完整。
  2. 落地期約 35-40%owner responses 仍為 0、active runtime gate 為 0、payload ingestion 為 false、GitHub primary ready 為 0、AwoooP production ingestion 尚未啟用。

因此跨 Session 採用 58% 作為目前整體進度。這代表「框架健康、尚未過度收緊」,不是 runtime enforcement 或 primary cutover 授權。

1.2 為什麼 58% 看起來沒動

58% 是 headline progress只在高層 gate 真正改變時調整。最近幾輪 S4.10、S4.11、S4.12、S4.13 與 S1.3 的工作確實有前進,但屬於框架細節、顯示順序、收件安全與低摩擦分流,不會直接推高 headline。

最近完成 進度軸 headline delta 為什麼整體百分比不變
S4.10 request packet framework detail 0 只顯示 owner 要回覆什麼,不代表 request sent、response received 或 approval
S4.10 template status ledger framework detail 0 只逐項顯示 7 個 target 仍為 waitingreceived / accepted 仍為 0
S4.10 audit event templates framework detail 0 event templates 仍為 template_only_not_emittedproduction ingestion 尚未啟用
S4.10 redaction examples framework detail 0 只示範安全 metadata shape不代表 owner response 已收到或可執行 repo / refs / primary 動作
S4.10 collection checks framework detail 0 只維持 request / received / accepted 狀態分離,不代表 owner response 已收到或已接受
S4.10 intake preflight checks framework detail 0 只分類可收、補證、隔離或拒收,不代表 owner response accepted 或可執行 repo / refs / primary 動作
S4.11 request packet framework detail 0 只顯示 owner 要回覆哪 5 類 refs truth 問題,不代表 request sent、response received、accepted 或 refs sync/delete/force push 授權
S4.11 template status ledger framework detail 0 只逐項顯示 5 類 refs truth response 仍為 waitingreceived / accepted 仍為 0不代表 refs sync/delete/force push 授權
S4.11 audit event templates framework detail 0 event templates 仍為 template_only_not_emittedemitted 仍為 0不代表 production ingestion 或 refs sync/delete/force push 授權
S4.11 redaction examples framework detail 0 只示範安全 metadata shape不代表 owner response received / accepted 或 refs sync/delete/force push 授權
S4.11 collection checks framework detail 0 只維持 request / received / accepted 狀態分離,不代表 owner response received / accepted 或 refs sync/delete/force push 授權
S4.11 intake preflight checks framework detail 0 只分類可審、補證、隔離、拒收或等待,不代表 owner response accepted 或 refs sync/delete/force push 授權
S4.12 request packet framework detail 0 只顯示 owner 要回覆哪 5 類 workflow / secret 名稱問題,不代表 request sent、response received、secret value collection、workflow 修改、runner 啟用或 primary 授權
S4.12 template status ledger framework detail 0 只逐項顯示 5 類 workflow / secret 名稱 response 仍為 waitingreceived / accepted 仍為 0不代表 secret value collection、workflow 修改、runner 啟用或 primary 授權
S4.12 audit event templates framework detail 0 event templates 仍為 template_only_not_emittedemitted 仍為 0不代表 production ingestion、secret value collection、workflow 修改、runner 啟用或 primary 授權
S4.12 redaction examples framework detail 0 只示範安全 metadata shape不代表 owner response received / accepted 或 secret value collection、workflow 修改、runner 啟用授權
S4.12 collection checks framework detail 0 只維持 request / received / accepted 狀態分離,不代表 owner response received / accepted、secret value collection、workflow 修改、runner 啟用或 primary 授權
S4.12 intake preflight checks framework detail 0 只分類可審、補證、隔離或拒收,不代表 owner response accepted、secret 建立、workflow 修改、runner 啟用或 primary 授權
S4.13 evidence routing rules framework detail 0 只決定 owner evidence pointer 應補證、隔離、拒收、進跨包 review 或只讀更新,不代表 owner response received / accepted、approval、runtime gate 或 execution authorization
S4.13 display sections framework detail 0 只固定 AwoooP Operator Console 的 read-only 呈現順序,不代表 owner response received / accepted、approval、runtime gate、execution queue 或 action button
S4.13 state transition rules framework detail 0 只固定 owner response validation 的 read-only 狀態語義,不代表 owner response received / accepted、approval、runtime gate、execution queue 或 action button
S4.13 reviewer checklist framework detail 0 只提供人工審查順序與只讀檢查提示,不代表 owner response received / accepted、approval、runtime gate、execution queue 或 action button
S4.13 reviewer outcome lanes framework detail 0 只把人工檢查結果分類成等待、補證、隔離、拒收、跨包 review、只讀更新候選或等待 runtime gate不代表 approval、runtime gate、execution queue 或 action button
S4.13 reviewer audit event templates framework detail 0 只定義未來可留痕的脫敏 metadata 形狀emitted 仍為 0不代表 production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit display sections framework detail 0 只固定 AwoooP 顯示 audit templates、允許 metadata、禁止 payload、0 emitted 狀態與非授權邊界,不代表 production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit collection checks framework detail 0 只要求 audit template 可見、metadata-only、forbidden payload blocked、emitted=0、無 runtime side effect 與 counters 不變,不代表 production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit redaction examples framework detail 0 只示範 reviewer audit metadata 的安全顯示形狀,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit retention rules framework detail 0 只定義 reviewer audit metadata 可保留的安全形狀與 raw payload 拒收邊界,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit retention checks framework detail 0 只確認 retention rules 可見、metadata-only、raw payload / secret retention blocked、counter snapshot-only 與無 runtime side effect不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit handoff packets framework detail 0 只整理跨 Session resume、必讀 source packets、安全顯示欄位、禁止 runtime 誤讀、下一個 owner response focus 與後續 gates不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 reviewer audit handoff checks framework detail 0 只確認 handoff packets 可見、counters 不變、source packets 必讀、安全顯示欄位、runtime 誤讀阻擋與 next focus 未被標記 received不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 parallel session sync checks framework detail 0 只確認同一 PR 分支、latest delta 可見、counters 仍為 0、runtime flags 仍為 false、source-control mutation 阻擋與 next focus 維持 S4.9,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 parallel session conflict lanes framework detail 0 只把 stale branch、stale delta、counter drift、runtime flag drift、source-control mutation request 與 next focus drift 分流到停下重讀或人工 review不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 parallel session recovery checks framework detail 0 只確認 conflict lane 後要重抓遠端、重讀 latest ledger、重跑只讀 guards、review staged diff、確認 runtime false flags 與回到 S4.9 next focus不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S4.13 parallel session recovery outcome lanes framework detail 0 只把復原結果分類成 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S1.3 non-blocking escalation lanes framework detail 0 只確認 LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 先維持 observe / warn不代表 blocking gate、runtime enforcement 或 action button
S2.8 IwoooS frontend posture entry framework detail 0 只把 mirror-only 資安態勢呈現在前端,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S2.9 IwoooS posture projection contract framework detail 0 只把前端顯示資料固定成可驗證契約,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization
S2.10 IwoooS existing frontend surface integration framework detail 0 只把既有前端資安頁面整理成只讀索引,不代表 owner response、production ingestion、approval、runtime gate、Kali scan、Code Review gate 或 execution authorization
S2.11 IwoooS surface coverage boundary matrix framework detail 0 只把既有前端資安頁面分成訊號、人工控制、治理稽核與工程審查四面,並顯示重疊 / 衝突控制,不代表 runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權
S2.12 IwoooS operator journey projection framework detail 0 只把資安處理旅程顯示成 read-only status projection不代表 execution queue、runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權
S2.13 IwoooS owner evidence readiness board framework detail 0 只顯示 headline 進度下一步需要的 owner evidence / approval gatereceived / accepted 仍為 0不代表 owner response received、approval、runtime gate、Kali scan 或 GitHub primary 授權
S2.14 IwoooS host coverage view framework detail 0 只顯示 Kali 112 與 168 / 111 開發主機已納入 observe-only 資安視野,不代表 active scan、SSH 變更、主機更新、credentialed scan、runtime gate 或 Kali /execute 授權
S2.15 IwoooS host action gate matrix framework detail 0 只把 active scan、credentialed scan、Kali /execute、SSH / host change、Kali update 與 runtime blocking control 拆成只讀 gate不代表任何主機動作或 runtime enforcement 已批准
S2.16 IwoooS host evidence readiness board framework detail 0 只顯示主機動作前仍缺 scope、owner decision、credential handling、maintenance window、rollback、validation metrics 與 redacted ingestion evidencereceived / accepted 仍為 0不代表任何主機動作已批准
S2.17 IwoooS host evidence collection order framework detail 0 只把七個主機 evidence readiness items 排成只讀收件順序與依賴關係received / accepted 仍為 0不代表 active scan、SSH、Kali update、raw evidence ingestion 或 runtime control 已批准
S2.18 IwoooS host evidence intake preflight framework detail 0 只把主機 evidence 進人工 review 前的七個預檢規則顯示出來raw payload、secret value、runtime execution、action button 與 received / accepted counter 仍全部鎖住
S2.19 IwoooS host evidence review outcome lanes framework detail 0 只顯示主機 evidence 通過 preflight 後的只讀人工審查結果分流approval record、runtime gate、received / accepted counter 與 action button 仍全部鎖住
S2.20 IwoooS host evidence review handoff packets framework detail 0 只顯示人工 reviewer 需要的七個脫敏交接包received / accepted、approval record、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.21 IwoooS host evidence reviewer checklist framework detail 0 只顯示 reviewer 在 handoff packets 後要確認的七個只讀檢查received / accepted、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.22 IwoooS host evidence reviewer outcome lanes framework detail 0 只顯示 reviewer checklist 後的七個只讀結果分流checklist passed、received / accepted、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.23 IwoooS host owner decision candidate packets framework detail 0 只顯示 owner 人工決策前需要的七個 candidate packetsdecision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.24 IwoooS host owner decision review checklist framework detail 0 只顯示 owner decision 前的七個只讀核對項decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.25 IwoooS host owner decision review outcome lanes framework detail 0 只顯示 owner review checklist 後的七個只讀結果分流review passed、decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.26 IwoooS host owner decision record draft packets framework detail 0 只顯示 formal decision record 需要的七個草稿欄位decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.27 IwoooS host owner decision record draft review checklist framework detail 0 只顯示 decision record 草稿進人審前的七個核對項review passed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.28 IwoooS host owner decision record draft review outcome lanes framework detail 0 只顯示 decision record 草稿核對後的七個只讀結果分流review passed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.29 IwoooS host owner decision record write-up packets framework detail 0 只顯示 formal decision record 需要的七個撰寫欄位write-up completed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.30 IwoooS host owner decision record write-up review checklist framework detail 0 只顯示 formal decision record 撰寫欄位進人審前的七個只讀核對項review passed、write-up completed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.31 IwoooS host owner decision record write-up review outcome lanes framework detail 0 只顯示 write-up review checklist 後的七個只讀結果分流review passed、write-up completed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.32 IwoooS host owner decision record formal candidate packets framework detail 0 只顯示 formal decision record candidate 需要的七個候選欄位finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.33 IwoooS host owner decision record formal candidate review checklist framework detail 0 只顯示 formal candidate packets 後的七個只讀核對項review passed、finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.34 IwoooS host owner decision record formal candidate review outcome lanes framework detail 0 只顯示 formal candidate review 後的八個只讀結果分流review passed、finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.35 IwoooS host owner decision record formal record queue packets framework detail 0 只顯示 formal record queue 需要的八個只讀資料包queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.36 IwoooS host owner decision record formal record queue review checklist framework detail 0 只顯示 formal record queue packets 後的八個只讀核對項review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.37 IwoooS host owner decision record formal record queue review outcome lanes framework detail 0 只顯示 formal record queue review 後的八個只讀結果分流review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.38 IwoooS host owner decision record human handoff readiness packets framework detail 0 只顯示未來 human record owner handoff 前的八個 metadata readiness packetshandoff started、handoff ready、review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.39 IwoooS host owner decision record human handoff readiness review checklist framework detail 0 只顯示 handoff readiness packets 進人工 record owner 前的八個只讀核對項review passed、handoff started、handoff ready、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.40 IwoooS host owner decision record human handoff readiness review outcome lanes framework detail 0 只顯示 handoff readiness review 後的九個只讀結果分流review passed、handoff started、handoff ready、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.41 IwoooS host owner decision record human record owner review candidate packets framework detail 0 只顯示未來 human record owner review candidate 需要看的九個只讀 metadata packetsreview started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.42 IwoooS host owner decision record human record owner review candidate checklist framework detail 0 只顯示 human record owner review candidate packets 後的九個只讀核對項checklist passed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.43 IwoooS host owner decision record human record owner review candidate outcome lanes framework detail 0 只顯示 human record owner review candidate checklist 後的九個只讀結果分流outcome passed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.44 IwoooS host owner decision record human record owner review preparation packets framework detail 0 只顯示 human record owner review preparation candidate 後的九個只讀 metadata packetspreparation completed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.45 IwoooS host owner decision record human record owner review preparation checklist framework detail 0 只顯示 human record owner review preparation packets 後的九個只讀核對項preparation completed、checklist passed、review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住
S2.46 IwoooS progress acceleration lanes framework detail 0 只顯示 owner response、redacted ingestion、runtime gate、GitHub readiness、AwoooP landing 與 cadence compression 六條解鎖 laneheadline percent、owner response、payload ingestion、runtime gate、GitHub primary、production execution 與 action button 仍全部鎖住
S2.47 IwoooS owner response next-action focus framework detail 0 只顯示 S4.9 為下一個 owner response 收件焦點S4.10 / S4.11 / S4.12 依序排隊received、accepted、rejected、audit emitted、approval record、runtime gate、repo / refs mutation、secret value collection 與 action button 仍全部鎖住
S2.48 IwoooS S4.9 owner response preflight framework detail 0 只顯示 S4.9 六個收件前檢查與 failure lanesrequest sent、received、accepted、rejected、preflight passed、audit emitted、Gitea write、repo / refs mutation、runtime gate、GitHub primary 與 action button 仍全部鎖住
S2.49 IwoooS S4.9 owner response request templates framework detail 0 只顯示 S4.9 五個 request-ready-not-sent templatesrequest sent、received、accepted、rejected、audit emitted、Gitea inventory completed、Gitea write、repo / refs mutation、token collection、runtime gate、GitHub primary 與 action button 仍全部鎖住
S2.50 IwoooS progress hold movement gates framework detail 0 只顯示 58% 維持的五個實質門檻owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing 仍全部為 0 / false不把 gate 顯示當授權、進度加分或 action button
S2.51 IwoooS AwoooP read-only landing readiness framework detail 0 只顯示 AwoooP 只讀接入前的六個條件production_landing_enabled=false、execution_router_linked=false、progress_change_applied=false不把 readiness 當 production consumption、guard skip、runtime gate 或 action button
S2.52 IwoooS AwoooP cross-session handoff packets framework detail 0 只顯示另一個 Session 接手前的 PR / branch、進度語義、guard commands、runtime 禁止動作、只讀輸入與下一個協調 gateproduction_landing_enabled=false、execution_router_linked=false、progress_change_applied=false不把 handoff 當 merge、deploy、primary switch、refs mutation、guard skip 或 production consumption
S2.53 AwoooP home IwoooS security mirror candidate framework detail 0 只把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false不把候選面板當 production landing、runtime gate、execution router 或 action button
S2.54 AwoooP work-items IwoooS security mirror candidate framework detail 0 只把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false不把觀察項當 production landing、runtime gate、execution router、scan、execute、repair、deploy、primary switch 或 refs action
S2.55 AwoooP approvals IwoooS owner response gate candidate framework detail 0 只把 S4.9-S4.12 owner response 下一個人工收件焦點放進 AwoooP 審批視野approval_record_created=false、owner_response_accepted_count=0、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 approval record、runtime gate、execution router 或 action button
S2.56 AwoooP contracts IwoooS security contract candidate framework detail 0 只把四個 security mirror contract refs 放進 AwoooP 合約儀表板只讀視野contract_publish_authorized=false、contract_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 contract publish、lifecycle mutation、runtime gate、execution router 或 action button
S2.57 AwoooP tenants IwoooS tenant scope candidate framework detail 0 只把 AWOOOI first tenant、IwoooS security mirror、host coverage=3 與 owner response waiting 放進 AwoooP 租戶管理只讀視野tenant_migration_mode_changed=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 migration mode change、tenant policy mutation、runtime gate、execution router 或 action button
S2.58 AwoooP runs IwoooS run state candidate framework detail 0 只把 security mirror Run State、read-only dry-run-only、owner response waiting 與 active runtime gates 0 放進 AwoooP Run 監控只讀視野security_run_created=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false不把面板當 platform run、execution router、runtime gate、execution queue 或 action button
S2.59 existing security pages IwoooS reverse bridge framework detail 0 只把 SecurityPanel、CompliancePanel、standalone /security/compliance 反向接上 IwoooS 只讀橋接runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true不把既有頁面的可見性當 owner response、runtime gate、掃描、修復、批准或部署

headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence

  1. S4.9 Gitea owner attestation response 收到並接受脫敏 evidence。
  2. S4.10 GitHub target owner / visibility / canonical response 收到並接受脫敏 evidence。
  3. S4.11 refs truth owner response 收到並接受脫敏 evidence。
  4. S4.12 workflow / secret name owner response 收到並接受脫敏 evidence。
  5. redacted payload ingestion 或 active runtime gate 在人工批准後啟用。
  6. GitHub primary readiness gate 的 primary_ready_count 大於 0。

因此現在不是停住,而是進入「避免灌水」的區段:框架小步有累積,但 headline 需要 owner response / runtime gate / primary readiness 這類真正落地訊號才會跳。

只讀驗證:

python3 scripts/security/security-mirror-progress-guard.py

2. AwoooP 可做

  1. 顯示 S0 到 S4 的階段狀態。
  2. 顯示 contract readiness、approval queue summary、approval gate summary 與下一個 gate。
  3. 將彙整結果寫入 Audit evidence。
  4. 低噪音通知階段完成、blocked reason 或人工批准必要事件。
  5. 把下一步限制在 observe / approval_required / block_candidate
  6. 顯示 7 條 non-blocking escalation lanes讓 follow-up 不直接升級成 runtime blocker。

3. AwoooP 不可做

  1. 不把 rollup 當成 runtime authorization。
  2. 不新增 scan、execute、repo、refs、deploy、secret 類 action button。
  3. 不把 LOW / MEDIUM observation 變成 blocking gate。
  4. 不把 approval queue 接成 runner。
  5. 不把 GitHub primary、refs sync 或 Kali /execute 當成已批准。
  6. 不把缺 owner response、partial mirror、source-control drift 或 headline holding 當成產品流程阻擋。

4. 下一個安全 gate

下一步仍不是 runtime enforcement。

建議先讓 AwoooP 主線只讀消費本 rollup、security_approval_gate_v1security_approval_decision_record_v1security_approval_review_packet_v1security_approval_state_transition_v1security_followup_runtime_gate_v1source_control_primary_readiness_gate_v1source_control_primary_rollback_adr_v1source_control_workflow_secret_name_inventory_v1,並由人工依序 review

  1. redacted finding ingestion adapter。
  2. safe web crawl scope。
  3. Gitea private/internal read-only inventory先依 S4.9 收到並驗收 S4.7 owner coverage attestation response且 S4.8 已把這個先行條件接到既有 approval queue / gate / review packet / follow-up runtime gate再依 S4.5 認證匯出請求補全量清冊;收到脫敏 payload 後先依 S4.6 驗收 / 拒收 / 隔離;目前未認證公開範圍 2 個、本機可見 Gitea unique 4 個、覆蓋缺口 2 個、attestation items 5 個、owner response 0 筆,不保存 token value。
  4. GitHub target / owner / visibility / canonical先依 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 收到並驗收 7 個 owner decision response templatesreceived / accepted response 目前皆為 0不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation、visibility change、refs sync 或 primary approval。
  5. Kali /execute 維持 block candidate。
  6. Refs truth owner response先依 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 顯示 main/dev truth、deprecated drift、release tag、GitHub-only refs 的 5 個 response templatesreceived / accepted response 目前皆為 0audit events emitted 仍為 0不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync、delete、force push 或 primary approval。
  7. Workflow / secret 名稱 owner response先依 S4.12 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks 顯示 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity 的 5 個 response templatesreceived / accepted response 目前皆為 0audit events emitted 仍為 0不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value 收集、workflow 修改、GitHub hosted runner 啟用或 primary approval。
  8. Owner response validation rollup先依 S4.13 顯示 S4.9/S4.10/S4.11/S4.12 四包 response packets、22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與 quarantine rules不得把 rollup、routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets / checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 或 parallel session recovery outcome lanes 當成 approval、runtime gate、production ingestion 或 execution authorization。
  9. GitHub primary readiness blockers 與 rollback ADR 缺口。
  10. S4.4 GitHub primary rollback ADR 草案:先顯示 7 個 repo 的 rollback owner、validation window 與 triggersowner approval 前不可執行。
  11. workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口,先看 S4.2 local evidence再依 S4.3 redacted export request 與 S4.12 owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / 收件包補 webhook / runner / deploy key / branch protection / repository secret parity只保存名稱與 owner不保存 value不使用 write token。
  12. Low-friction rollout policy先顯示 7 條 non-blocking escalation lanes只允許 observe / warn、建立 follow-up 與 owner review before blocking不得把 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 或 headline holding 直接升 blocking。

任何批准後的執行仍需下一階段 runtime gate 與獨立 evidence不得由本 rollup 自動觸發。