Files
awoooi/docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md

8.6 KiB
Raw Blame History

agent-bounty-protocol Owner Request Draft

項目 內容
日期 2026-06-14
狀態 owner_request_draft_ready_not_dispatched
工具 scripts/security/agent-bounty-owner-request-draft.py
Snapshot docs/security/agent-bounty-owner-request-draft.snapshot.json
Source handoff docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json
runtime gate 0

1. 目的

本文件把 agent-bounty-protocol onboarding handoff 轉成人工送件前 owner request draft讓 repo / refs、deployment、產品路由、MCP / A2A、cron / daemon、admin / treasury、webhook / traffic、資料分級與外部 agent 自主行為都能用同一套 owner 欄位收件。

本階段仍是 metadata-only request draft不讀 agent-bounty-protocol .env、不改該 repo、不 push refs、不建立 GitHub repo、不改 workflow、不部署、不 restart compose、不跑 DB migration、不啟動 cron / daemon、不 claim、不 submit、不送外部 agent 訊息、不送 Telegram / Discord、不發 GitHub comment、不 payout、不 withdraw、不 staking、不改 webhook secret、不掃描、不寫 production。

2. 摘要

指標 目前值 說明
request draft 11 4 份 control boundary + 7 份 product surface
control boundary request 4 repo / refs、deployment、data classification、external agent / treasury
product surface request 7 public task、well-known metadata、MCP、A2A、cron、admin / treasury、webhook / traffic
write-capable request draft 8 可能觸發 deploy、claim / submit、cron、webhook、admin 或 treasury 風險的 scope
treasury-related request draft 4 settlement、staking、withdrawal、payout 或 treasury 相鄰 scope
MCP / A2A related request draft 5 MCP tool、A2A protocol、cron / daemon 或 agent autonomy scope
live evidence required request 11 每份 request 都需要 owner 提供脫敏 evidence ref
request field 26 每份草稿固定欄位數
required owner field 22 owner 必須補齊的欄位數
owner role field 13 來源 handoff 已定義的 owner 角色欄位
forbidden input 25 驗收前拒收或隔離的輸入
blocked action 28 驗收前全部禁止
request sent / recipient confirmed 0 / 0 尚未送件,收件人也未確認
owner response received / accepted 0 / 0 不得假性拉高
runtime gate / action button 0 / 0 不開任何執行入口

3. Request Draft 類型

類型 範圍 目前邊界
Repo / refs / workflow canonical repo、dirty workspace disposition、workflow / runner / secret name owner 不 push、不 sync refs、不建立 repo、不改 workflow
Production / compose / domain https://agent.wooo.work、compose host、domain / TLS、health smoke 不 deploy、不 restart、不 migration
Data classification task、agent、MCP / A2A、webhook、traffic、treasury、admin、cron 資料分級 只收 metadata不收 raw payload 或 secret
MCP / A2A / treasury MCP tool、A2A negotiation、settlement、staking、withdrawal、payout、notification owner 不 claim、不 submit、不 daemon、不 send、不 payout
Public task surface marketplace、task、leaderboard、traffic、ICO 類公開面 不代表 bounty payout 或 external claim / submit 可執行
Well-known metadata agent-card、ai-plugin、mcp、openapi 可作 route evidence不授權 agent execution 或 credential exposure
Cron / automation A2A discovery / dispatcher / swarm、judge、lead-gen、reaper、self-replicate、treasury alert 不啟用 schedule、不跑 daemon、不 self-replicate
Admin / treasury admin、traffic、treasury、withdraw、simulate 需 RBAC / auth / financial owner response不提款、不 payout
Webhook / traffic traffic、GitHub / Stripe webhook、scout、intent stream、health 只收 redacted metadata不收 webhook secret 或 payload body

4. Owner 必填欄位

欄位 說明
product_owner_role_or_team 產品 owner 或 team
security_owner_role_or_team 資安 / abuse / 資料保護 owner
source_control_owner_role_or_team repo / refs / workflow / secret name owner
deployment_owner_role_or_team compose / domain / TLS / smoke owner
data_classification_owner_role_or_team task、agent、webhook、traffic、treasury、admin 資料分級 owner
external_agent_boundary_owner_role_or_team MCP / A2A / cron / daemon owner
settlement_or_treasury_owner_role_or_team staking、withdrawal、payout、Stripe / wallet 風險 owner
notification_owner_role_or_team Telegram、Discord、GitHub webhook / issue comment owner
surface_scope 本次納入 IwoooS 的 route、API、admin、cron、worker、webhook 範圍
decision owner 對此 scope 的判定
decision_reason 決策理由摘要,不得包含機敏值
redacted_evidence_refs 文件、snapshot、ticket、commit、hash 或脫敏 metadata pointer
canonical_repo_ref canonical repo / remote / branch 的脫敏 ref
repo_dirty_disposition dirty / untracked workspace 的 WIP 或 release candidate 判定
deployment_boundary_ref production host、compose directory、domain / TLS、health smoke 的脫敏 ref
auth_abuse_boundary_ref auth、RBAC、abuse control、rate limit、anti-spam 的脫敏 ref
external_agent_boundary_ref MCP / A2A / cron / daemon / external agent autonomy 的脫敏 ref
settlement_treasury_boundary_ref settlement、staking、withdrawal、payout、Stripe / wallet 的脫敏 ref
maintenance_window 維護窗口或禁止窗口
rollback_owner rollback 負責人與 rollback ref
validation_plan 驗證與 post-check plan
followup_owner 後續補件或決策負責人

5. 禁止輸入

.env content
database URL value
API key value
MCP API key value
E2B API key value
Telegram bot token value
Telegram chat id value
Discord webhook value
GitHub token value
Stripe secret value
wallet private key
seed phrase
cookie
session
auth header
raw webhook payload
raw traffic payload
raw agent prompt or transcript
claim or submit execution request
payout or withdraw execution request
deploy command request
compose restart request
DB migration request
repo push request
refs sync request

6. 禁止動作

modify_agent_bounty_repo
commit_agent_bounty_changes
push_agent_bounty_refs
sync_refs
create_github_repo
change_workflow
collect_secret_value
read_env_file
deploy_production
restart_compose
run_db_migration
run_active_scan
run_credentialed_scan
start_daemon
enable_cron
auto_claim
auto_submit
send_external_agent_message
send_telegram_notification
send_discord_notification
post_github_comment
execute_payout
execute_withdrawal
share_database
share_session
bind_rbac
enable_runtime_gate
add_awooop_action_button

7. 指令

固定 committed snapshot 時間:

python3 scripts/security/agent-bounty-owner-request-draft.py \
  --root . \
  --handoff-report docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json \
  --output docs/security/agent-bounty-owner-request-draft.snapshot.json \
  --generated-at 2026-06-14T23:55:00+08:00

只讀 guard

python3 scripts/security/security-mirror-progress-guard.py --root .
python3 scripts/security/source-control-owner-response-guard.py --root .

8. 完成度

工作 完成度 說明
owner request draft artifact 100% 11 份 request draft 已由 committed onboarding handoff 產生
request dispatch 0% 尚未送件recipient 未確認
owner response received / accepted 0% 尚未收到或接受任何 owner response
live evidence collection 0% 未讀 production host、compose、DB、webhook、MCP 或 treasury live state
source-control / deployment / financial action 0% 未 push、未 sync refs、未 deploy、未 payout
runtime / production write 0% 無 action button無 production write

9. 邊界

這份 owner request draft 不是資安批准、不是 deployment approval、不是 external agent autonomy approval、不是 treasury approval也不是 live production truth。不得把 request draft、snapshot、IwoooS UI、AwoooP approval、LOGBOOK 或 onboarding handoff 解讀成 repo / refs / workflow 修改、secret 收集、production deploy、compose restart、DB migration、cron / daemon 啟動、MCP claim / submit、A2A dispatcher、self-replication、Telegram / Discord / GitHub send、Stripe / wallet 操作、payout、withdrawal、staking、active scan、host write 或 runtime gate 授權。