Files
awoooi/docs/security/security-approval-review-packet.snapshot.json
Your Name 58e760fae2
All checks were successful
CD Pipeline / tests (push) Successful in 1m25s
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / build-and-deploy (push) Successful in 4m2s
CD Pipeline / post-deploy-checks (push) Successful in 1m48s
feat(security): 擴充 S4.10 target owner response
2026-06-11 20:30:41 +08:00

413 lines
19 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "security_approval_review_packet_v1",
"status": "draft",
"date": "2026-05-17",
"mode": "approval_review_packet_only",
"runtime_execution_authorized": false,
"source_indexes": [
"docs/security/security-approval-queue.snapshot.json",
"docs/security/security-approval-gate.snapshot.json",
"docs/security/security-approval-decision-record.snapshot.json",
"docs/security/security-approval-state-transition.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json",
"docs/security/security-mirror-status-rollup.snapshot.json",
"docs/security/security-rollout-policy.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
"docs/security/source-control-ref-truth-owner-response.snapshot.json"
],
"summary": {
"total_review_packets": 8,
"ready_for_human_review_count": 7,
"block_candidate_count": 1,
"decision_records_created_count": 0,
"runtime_actions_authorized": false,
"action_buttons_allowed": false,
"raw_secret_storage_authorized": false
},
"review_packets": [
{
"packet_id": "review-packet-redacted-finding-ingestion-20260513",
"review_order": 1,
"gate_id": "gate-redacted-finding-ingestion-20260513",
"source_queue_item_id": "kali-finding-runtime-ingestion-approval-20260513",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": "是否允許先設計或建立 draft PR讓 AwoooP 未來可接收已脫敏 security_finding_v1 摘要與 evidence_ref。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/SECURITY-FINDING-CONTRACT.md",
"docs/security/security-finding-kali-sample.snapshot.json",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
"顯示 packet 與 evidence refs",
"要求 reviewer 補充 scope 或資料欄位",
"保留 sample snapshot mirror-only"
],
"allowed_after_decision_actions": [
"若 approve_scope只能進入設計或 draft PR",
"若 reject/defer/request_more_evidence寫入 decision record 並維持 blocked"
],
"still_forbidden": [
"保存 raw secret/token/cookie/private key/exploit payload",
"讓 AwoooP 直接啟動 scan",
"自動封鎖 deploy 或自動修復"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-safe-web-crawl-20260513",
"review_order": 2,
"gate_id": "gate-safe-web-crawl-20260513",
"source_queue_item_id": "kali-safe-web-crawl-approval-20260513",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "low_noise_scan_scope_review",
"requested_decision": "是否允許定義公開產品 domains 的 TLS、security header 與 basic crawl 低噪音 scope。",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/KALI-SECURITY-MESH-BLUEPRINT.md"
],
"allowed_pre_decision_actions": [
"顯示公開 web perimeter 候選範圍",
"要求補 scan window、頻率與排除清單",
"維持 observe-only"
],
"allowed_after_decision_actions": [
"若 approve_scope只能整理低噪音 scope 與 redacted finding 格式",
"任何實際掃描仍需 follow-up runtime gate"
],
"still_forbidden": [
"active DAST fuzz",
"auth flow 改狀態測試",
"credentialed scan",
"阻擋 release"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-gitea-readonly-inventory-20260513",
"review_order": 3,
"gate_id": "gate-gitea-readonly-inventory-20260513",
"source_queue_item_id": "gitea-private-internal-server-side-inventory-2026-05-12",
"risk": "MEDIUM",
"review_state": "ready_for_human_review",
"review_lane": "read_only_inventory_review",
"requested_decision": " owner S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / response S4.7 coverage attestation scope decision read-only token redacted admin export Gitea private/internal repo list",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md",
"docs/security/gitea-readonly-inventory-approval.snapshot.json",
"docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md",
"docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md",
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md",
"docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md"
],
"allowed_pre_decision_actions": [
" public-only blocked endpoint evidence",
" S4.7 5 owner attestation items received_attestation_count=0",
" S4.9 1 owner response request packet5 template statuses3 audit event templates5 redaction examples8 display sections6 collection checks5 owner response templates6 intake preflight checks5 outcome lanesreceived_response_count=0audit_events_emitted=0 rejection rules",
" owner read-only token redacted export ",
" token value"
],
"allowed_after_decision_actions": [
" approve_scope S4.9 request packet owner template status ledger / audit event templates / redaction examples / display sections / collection checks request / received / accepted preflight / outcome lane / S4.7 owner response attestation evidence scope decision",
" approve_scope read-only inventory redacted export",
" migration matrix repo decision table"
],
"still_forbidden": [
" token value",
"使 write-capable token",
" owner attestation inventory complete",
" owner attestation repo migration primary approval",
" S4.9 owner response request packettemplate status ledgeraudit event templatesredaction examplesdisplay sections response packet inventory ",
" GitHub repo",
"sync refs",
" GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-github-target-decisions-20260513",
"review_order": 4,
"gate_id": "gate-github-target-decisions-20260513",
"source_queue_item_id": "source-control-target-repo-approval-bundle-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": " S4.10 repo GitHub targetownervisibilitycanonical response refs reconcile review repo visibility",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-APPROVAL-BOARD.md",
"docs/security/source-control-approval-board.snapshot.json",
"docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md",
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md",
"docs/security/github-target-owner-decision-response.snapshot.json",
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json"
],
"allowed_pre_decision_actions": [
" 9 approval-required target",
" S4.10 owner response request packettemplate status ledgeraudit event templatesredaction examplescollection checksintake preflight checksowner response templatesreceived_response_count=0 rejection rules",
" S4.12 workflow / secret owner response request packettemplate statusesaudit event templatesredaction examplescollection checksintake preflight checkstemplatesreceived_response_count=0 rejection rules",
" repo owner owner/visibility/canonical ",
" refs action disabled"
],
"allowed_after_decision_actions": [
" approve_scope S4.10 / S4.12 response workflow parity wordingdraft reconcile plan ADR",
" repo creation visibility change runtime gate"
],
"still_forbidden": [
" repo",
" visibility",
" S4.10 request packettemplate status ledgeraudit event templatesredaction examplescollection checksintake preflight checks response packet repo creation visibility approval",
" S4.12 request packettemplate status ledgeraudit event templatesredaction examplescollection checksintake preflight checks response packet secret value collectionworkflow modification runner enablement approval",
"push refs",
"delete refs",
" GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-ref-truth-review-20260513",
"review_order": 5,
"gate_id": "gate-ref-truth-review-20260513",
"source_queue_item_id": "source-control-ref-truth-review-bundle-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "design_or_draft_review",
"requested_decision": " repo / ref deprecated release tag GitHub-only refs S4.11 owner response",
"required_reviewers": [
"migration-engineer",
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md",
"docs/security/source-control-ref-truth-classification.snapshot.json",
"docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md",
"docs/security/source-control-ref-truth-owner-response.snapshot.json",
"docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md"
],
"allowed_pre_decision_actions": [
" 194 refs review items",
" S4.11 request packettemplate status ledgeraudit event templatesredaction examplescollection checksintake preflight checks owner response templates received_response_count=0",
" repo / branch / tag owner ",
" review checklist"
],
"allowed_after_decision_actions": [
" approve_scope S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks truth classification reconcile draft",
" refs sync/delete runtime gate"
],
"still_forbidden": [
" S4.11 request packettemplate status ledgeraudit event templatesredaction examplescollection checksintake preflight checks response packet refs sync/delete/force push approval",
"push refs",
"delete refs",
"force push",
" GitHub primary"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-credentialed-scan-20260513",
"review_order": 6,
"gate_id": "gate-credentialed-scan-20260513",
"source_queue_item_id": "kali-credentialed-scan-approval-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "manual_exception_review",
"requested_decision": " credentialed scan exceptioncredential sourcescopeaudit trail ",
"required_reviewers": [
"security-commander",
"vuln-verifier",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md"
],
"allowed_pre_decision_actions": [
" exception ",
" credential lifecyclescope ",
" credential value"
],
"allowed_after_decision_actions": [
" approve_scope exception audit trail",
" credentialed scan follow-up runtime gate "
],
"still_forbidden": [
" credential value",
"",
"",
" firewall/RBAC/NetworkPolicy"
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-kali-full-upgrade-reboot-20260513",
"review_order": 7,
"gate_id": "gate-kali-full-upgrade-reboot-20260513",
"source_queue_item_id": "kali-full-upgrade-reboot-approval-20260513",
"risk": "HIGH",
"review_state": "ready_for_human_review",
"review_lane": "manual_exception_review",
"requested_decision": " Kali 112 full-upgrade autoremove reboot snapshotrollback post-health gate",
"required_reviewers": [
"security-commander",
"human-owner"
],
"decision_options": [
"approve_scope",
"reject",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
" Kali update no reboot required ",
"snapshotrollback post-check",
" reboot"
],
"allowed_after_decision_actions": [
" approve_scope rollback ",
" full-upgrade/reboot follow-up runtime gate"
],
"still_forbidden": [
" reboot",
" snapshot full-upgrade",
" scanner health "
],
"followup_runtime_gate_required": true,
"execution_authorized": false
},
{
"packet_id": "review-packet-kali-execute-endpoint-20260513",
"review_order": 8,
"gate_id": "gate-kali-execute-endpoint-20260513",
"source_queue_item_id": "kali-execute-endpoint-approval-20260513",
"risk": "CRITICAL",
"review_state": "block_candidate",
"review_lane": "blocked_by_default_review",
"requested_decision": " Kali /execute blocked by default disableallowlistaudit gate exception",
"required_reviewers": [
"critic",
"security-commander",
"human-owner"
],
"decision_options": [
"keep_blocked",
"defer",
"request_more_evidence"
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md"
],
"allowed_pre_decision_actions": [
" blocked reason",
" disable/allowlist/audit gate ",
" AwoooP runtime "
],
"allowed_after_decision_actions": [
" keep_blocked decision record disabled posture",
" defer/request_more_evidence runtime"
],
"still_forbidden": [
"AwoooP runtime /execute",
" /execute MCP action",
" shell command ",
" command "
],
"followup_runtime_gate_required": true,
"execution_authorized": false
}
],
"packet_rules": [
"Review packet ",
" packet security_approval_gate_v1 gate item security_approval_queue_v1 queue item",
" security_approval_decision_record_v1",
" next state security_approval_state_transition_v1 ",
"使 decision=approve_scopeexecution_authorized false security_followup_runtime_gate_v1 runtime gate ",
"AwoooP packet scanexecutereporefsdeploysecret action button"
],
"forbidden_actions": [
"start_kali_scan",
"call_kali_execute_endpoint",
"run_credentialed_scan",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"switch_github_primary",
"auto_merge",
"production_deploy",
"store_secret_token_cookie_private_key_or_exploit_payload",
"treat_review_packet_as_approval",
"treat_review_packet_as_execution_authorization"
]
}