175 lines
8.6 KiB
Markdown
175 lines
8.6 KiB
Markdown
# agent-bounty-protocol Owner Request Draft
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-14 |
|
||
| 狀態 | `owner_request_draft_ready_not_dispatched` |
|
||
| 工具 | `scripts/security/agent-bounty-owner-request-draft.py` |
|
||
| Snapshot | `docs/security/agent-bounty-owner-request-draft.snapshot.json` |
|
||
| Source handoff | `docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json` |
|
||
| runtime gate | `0` |
|
||
|
||
## 1. 目的
|
||
|
||
本文件把 `agent-bounty-protocol` onboarding handoff 轉成人工送件前 owner request draft,讓 repo / refs、deployment、產品路由、MCP / A2A、cron / daemon、admin / treasury、webhook / traffic、資料分級與外部 agent 自主行為都能用同一套 owner 欄位收件。
|
||
|
||
本階段仍是 metadata-only request draft:不讀 `agent-bounty-protocol` `.env`、不改該 repo、不 push refs、不建立 GitHub repo、不改 workflow、不部署、不 restart compose、不跑 DB migration、不啟動 cron / daemon、不 claim、不 submit、不送外部 agent 訊息、不送 Telegram / Discord、不發 GitHub comment、不 payout、不 withdraw、不 staking、不改 webhook secret、不掃描、不寫 production。
|
||
|
||
## 2. 摘要
|
||
|
||
| 指標 | 目前值 | 說明 |
|
||
|------|--------|------|
|
||
| request draft | `11` | 4 份 control boundary + 7 份 product surface |
|
||
| control boundary request | `4` | repo / refs、deployment、data classification、external agent / treasury |
|
||
| product surface request | `7` | public task、well-known metadata、MCP、A2A、cron、admin / treasury、webhook / traffic |
|
||
| write-capable request draft | `8` | 可能觸發 deploy、claim / submit、cron、webhook、admin 或 treasury 風險的 scope |
|
||
| treasury-related request draft | `4` | settlement、staking、withdrawal、payout 或 treasury 相鄰 scope |
|
||
| MCP / A2A related request draft | `5` | MCP tool、A2A protocol、cron / daemon 或 agent autonomy scope |
|
||
| live evidence required request | `11` | 每份 request 都需要 owner 提供脫敏 evidence ref |
|
||
| request field | `26` | 每份草稿固定欄位數 |
|
||
| required owner field | `22` | owner 必須補齊的欄位數 |
|
||
| owner role field | `13` | 來源 handoff 已定義的 owner 角色欄位 |
|
||
| forbidden input | `25` | 驗收前拒收或隔離的輸入 |
|
||
| blocked action | `28` | 驗收前全部禁止 |
|
||
| request sent / recipient confirmed | `0 / 0` | 尚未送件,收件人也未確認 |
|
||
| owner response received / accepted | `0 / 0` | 不得假性拉高 |
|
||
| runtime gate / action button | `0 / 0` | 不開任何執行入口 |
|
||
|
||
## 3. Request Draft 類型
|
||
|
||
| 類型 | 範圍 | 目前邊界 |
|
||
|------|------|----------|
|
||
| Repo / refs / workflow | canonical repo、dirty workspace disposition、workflow / runner / secret name owner | 不 push、不 sync refs、不建立 repo、不改 workflow |
|
||
| Production / compose / domain | `https://agent.wooo.work`、compose host、domain / TLS、health smoke | 不 deploy、不 restart、不 migration |
|
||
| Data classification | task、agent、MCP / A2A、webhook、traffic、treasury、admin、cron 資料分級 | 只收 metadata,不收 raw payload 或 secret |
|
||
| MCP / A2A / treasury | MCP tool、A2A negotiation、settlement、staking、withdrawal、payout、notification owner | 不 claim、不 submit、不 daemon、不 send、不 payout |
|
||
| Public task surface | marketplace、task、leaderboard、traffic、ICO 類公開面 | 不代表 bounty payout 或 external claim / submit 可執行 |
|
||
| Well-known metadata | agent-card、ai-plugin、mcp、openapi | 可作 route evidence;不授權 agent execution 或 credential exposure |
|
||
| Cron / automation | A2A discovery / dispatcher / swarm、judge、lead-gen、reaper、self-replicate、treasury alert | 不啟用 schedule、不跑 daemon、不 self-replicate |
|
||
| Admin / treasury | admin、traffic、treasury、withdraw、simulate | 需 RBAC / auth / financial owner response;不提款、不 payout |
|
||
| Webhook / traffic | traffic、GitHub / Stripe webhook、scout、intent stream、health | 只收 redacted metadata,不收 webhook secret 或 payload body |
|
||
|
||
## 4. Owner 必填欄位
|
||
|
||
| 欄位 | 說明 |
|
||
|------|------|
|
||
| `product_owner_role_or_team` | 產品 owner 或 team |
|
||
| `security_owner_role_or_team` | 資安 / abuse / 資料保護 owner |
|
||
| `source_control_owner_role_or_team` | repo / refs / workflow / secret name owner |
|
||
| `deployment_owner_role_or_team` | compose / domain / TLS / smoke owner |
|
||
| `data_classification_owner_role_or_team` | task、agent、webhook、traffic、treasury、admin 資料分級 owner |
|
||
| `external_agent_boundary_owner_role_or_team` | MCP / A2A / cron / daemon owner |
|
||
| `settlement_or_treasury_owner_role_or_team` | staking、withdrawal、payout、Stripe / wallet 風險 owner |
|
||
| `notification_owner_role_or_team` | Telegram、Discord、GitHub webhook / issue comment owner |
|
||
| `surface_scope` | 本次納入 IwoooS 的 route、API、admin、cron、worker、webhook 範圍 |
|
||
| `decision` | owner 對此 scope 的判定 |
|
||
| `decision_reason` | 決策理由摘要,不得包含機敏值 |
|
||
| `redacted_evidence_refs` | 文件、snapshot、ticket、commit、hash 或脫敏 metadata pointer |
|
||
| `canonical_repo_ref` | canonical repo / remote / branch 的脫敏 ref |
|
||
| `repo_dirty_disposition` | dirty / untracked workspace 的 WIP 或 release candidate 判定 |
|
||
| `deployment_boundary_ref` | production host、compose directory、domain / TLS、health smoke 的脫敏 ref |
|
||
| `auth_abuse_boundary_ref` | auth、RBAC、abuse control、rate limit、anti-spam 的脫敏 ref |
|
||
| `external_agent_boundary_ref` | MCP / A2A / cron / daemon / external agent autonomy 的脫敏 ref |
|
||
| `settlement_treasury_boundary_ref` | settlement、staking、withdrawal、payout、Stripe / wallet 的脫敏 ref |
|
||
| `maintenance_window` | 維護窗口或禁止窗口 |
|
||
| `rollback_owner` | rollback 負責人與 rollback ref |
|
||
| `validation_plan` | 驗證與 post-check plan |
|
||
| `followup_owner` | 後續補件或決策負責人 |
|
||
|
||
## 5. 禁止輸入
|
||
|
||
```text
|
||
.env content
|
||
database URL value
|
||
API key value
|
||
MCP API key value
|
||
E2B API key value
|
||
Telegram bot token value
|
||
Telegram chat id value
|
||
Discord webhook value
|
||
GitHub token value
|
||
Stripe secret value
|
||
wallet private key
|
||
seed phrase
|
||
cookie
|
||
session
|
||
auth header
|
||
raw webhook payload
|
||
raw traffic payload
|
||
raw agent prompt or transcript
|
||
claim or submit execution request
|
||
payout or withdraw execution request
|
||
deploy command request
|
||
compose restart request
|
||
DB migration request
|
||
repo push request
|
||
refs sync request
|
||
```
|
||
|
||
## 6. 禁止動作
|
||
|
||
```text
|
||
modify_agent_bounty_repo
|
||
commit_agent_bounty_changes
|
||
push_agent_bounty_refs
|
||
sync_refs
|
||
create_github_repo
|
||
change_workflow
|
||
collect_secret_value
|
||
read_env_file
|
||
deploy_production
|
||
restart_compose
|
||
run_db_migration
|
||
run_active_scan
|
||
run_credentialed_scan
|
||
start_daemon
|
||
enable_cron
|
||
auto_claim
|
||
auto_submit
|
||
send_external_agent_message
|
||
send_telegram_notification
|
||
send_discord_notification
|
||
post_github_comment
|
||
execute_payout
|
||
execute_withdrawal
|
||
share_database
|
||
share_session
|
||
bind_rbac
|
||
enable_runtime_gate
|
||
add_awooop_action_button
|
||
```
|
||
|
||
## 7. 指令
|
||
|
||
固定 committed snapshot 時間:
|
||
|
||
```bash
|
||
python3 scripts/security/agent-bounty-owner-request-draft.py \
|
||
--root . \
|
||
--handoff-report docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json \
|
||
--output docs/security/agent-bounty-owner-request-draft.snapshot.json \
|
||
--generated-at 2026-06-14T23:55:00+08:00
|
||
```
|
||
|
||
只讀 guard:
|
||
|
||
```bash
|
||
python3 scripts/security/security-mirror-progress-guard.py --root .
|
||
python3 scripts/security/source-control-owner-response-guard.py --root .
|
||
```
|
||
|
||
## 8. 完成度
|
||
|
||
| 工作 | 完成度 | 說明 |
|
||
|------|--------|------|
|
||
| owner request draft artifact | `100%` | 11 份 request draft 已由 committed onboarding handoff 產生 |
|
||
| request dispatch | `0%` | 尚未送件,recipient 未確認 |
|
||
| owner response received / accepted | `0%` | 尚未收到或接受任何 owner response |
|
||
| live evidence collection | `0%` | 未讀 production host、compose、DB、webhook、MCP 或 treasury live state |
|
||
| source-control / deployment / financial action | `0%` | 未 push、未 sync refs、未 deploy、未 payout |
|
||
| runtime / production write | `0%` | 無 action button,無 production write |
|
||
|
||
## 9. 邊界
|
||
|
||
這份 owner request draft 不是資安批准、不是 deployment approval、不是 external agent autonomy approval、不是 treasury approval,也不是 live production truth。不得把 request draft、snapshot、IwoooS UI、AwoooP approval、LOGBOOK 或 onboarding handoff 解讀成 repo / refs / workflow 修改、secret 收集、production deploy、compose restart、DB migration、cron / daemon 啟動、MCP claim / submit、A2A dispatcher、self-replication、Telegram / Discord / GitHub send、Stripe / wallet 操作、payout、withdrawal、staking、active scan、host write 或 runtime gate 授權。
|