340 lines
19 KiB
JSON
340 lines
19 KiB
JSON
{
|
||
"schema_version": "security_mirror_status_rollup_v1",
|
||
"status": "draft",
|
||
"date": "2026-05-17",
|
||
"mode": "mirror_only",
|
||
"rollup_status": "framework_ready_waiting_approval",
|
||
"runtime_execution_authorized": false,
|
||
"source_indexes": [
|
||
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
|
||
"docs/security/security-mirror-readiness.snapshot.json",
|
||
"docs/security/security-mirror-intake-plan.snapshot.json",
|
||
"docs/security/security-mirror-route.snapshot.json",
|
||
"docs/security/security-mirror-acceptance.snapshot.json",
|
||
"docs/security/security-mirror-quarantine.snapshot.json",
|
||
"docs/security/security-mirror-dry-run.snapshot.json",
|
||
"docs/security/security-approval-queue.snapshot.json",
|
||
"docs/security/security-approval-gate.snapshot.json",
|
||
"docs/security/security-approval-decision-record.snapshot.json",
|
||
"docs/security/security-approval-review-packet.snapshot.json",
|
||
"docs/security/security-approval-state-transition.snapshot.json",
|
||
"docs/security/security-followup-runtime-gate.snapshot.json",
|
||
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
|
||
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
|
||
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
|
||
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json",
|
||
"docs/security/source-control-primary-readiness-gate.snapshot.json",
|
||
"docs/security/source-control-primary-rollback-adr.snapshot.json",
|
||
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
|
||
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
|
||
"docs/security/source-control-workflow-secret-name-export-request.snapshot.json",
|
||
"docs/security/security-rollout-policy.snapshot.json"
|
||
],
|
||
"summary": {
|
||
"total_contracts": 35,
|
||
"ready_for_mirror_count": 32,
|
||
"partial_ready_count": 2,
|
||
"contract_only_count": 1,
|
||
"blocked_count": 0,
|
||
"approval_queue_total": 8,
|
||
"approval_review_packet_total": 8,
|
||
"approval_state_transition_rule_total": 5,
|
||
"followup_runtime_gate_template_total": 8,
|
||
"active_runtime_gate_count": 0,
|
||
"gitea_inventory_status": "partial_waiting_authenticated_inventory",
|
||
"gitea_inventory_public_only_repo_count": 2,
|
||
"gitea_inventory_local_gitea_repo_count": 4,
|
||
"gitea_inventory_export_source_option_count": 2,
|
||
"gitea_inventory_token_value_collection_allowed": false,
|
||
"gitea_inventory_import_acceptance_status": "draft_waiting_redacted_inventory_payload",
|
||
"gitea_inventory_import_acceptance_payload_count": 0,
|
||
"gitea_inventory_import_acceptance_quarantine_required": true,
|
||
"gitea_inventory_import_acceptance_execution_authorized": false,
|
||
"gitea_inventory_coverage_attestation_status": "draft_waiting_owner_attestation",
|
||
"gitea_inventory_coverage_attestation_required_count": 5,
|
||
"gitea_inventory_coverage_attestation_received_count": 0,
|
||
"gitea_inventory_coverage_attestation_execution_authorized": false,
|
||
"primary_readiness_candidate_repo_count": 8,
|
||
"github_primary_ready_count": 0,
|
||
"primary_rollback_adr_repo_plan_count": 7,
|
||
"primary_rollback_adr_owner_approved_count": 0,
|
||
"primary_rollback_adr_dry_run_completed_count": 0,
|
||
"primary_rollback_execution_authorized": false,
|
||
"workflow_secret_inventory_candidate_repo_count": 8,
|
||
"workflow_secret_inventory_complete_count": 0,
|
||
"workflow_secret_inventory_local_evidence_repo_count": 4,
|
||
"workflow_secret_inventory_local_workflow_file_count": 31,
|
||
"workflow_secret_inventory_unique_secret_name_count": 43,
|
||
"workflow_secret_inventory_export_request_count": 7,
|
||
"workflow_secret_inventory_export_lane_count": 5,
|
||
"workflow_secret_inventory_write_token_allowed": false,
|
||
"secret_value_collection_allowed": false,
|
||
"secret_value_detected": false,
|
||
"pending_approval_count": 7,
|
||
"block_candidate_count": 1,
|
||
"dry_run_status": "contract_defined_not_executed",
|
||
"runtime_actions_executed": false,
|
||
"payloads_ingested": false
|
||
},
|
||
"phase_status": [
|
||
{
|
||
"phase_id": "S0_contracts_and_boundaries",
|
||
"state": "completed",
|
||
"current_result": "Kali / Codex / GitHub / Gitea / AwoooP 邊界已文件化,核心 schema 草案已建立。",
|
||
"next_gate": "AwoooP 只讀 mirror 消費。"
|
||
},
|
||
{
|
||
"phase_id": "S1_readonly_inventory",
|
||
"state": "in_progress",
|
||
"current_result": "已完成多項 read-only evidence;S4.5 已補 Gitea authenticated/admin export request,S4.6 已補 redacted import acceptance,S4.7 已補 owner coverage attestation request,但 private/internal 全量 repo list 仍需批准後補齊。",
|
||
"next_gate": "先取得 owner scope decision / coverage attestation,再等待只讀 token 或 redacted admin export owner approval;收到 payload 後先依 S4.6 驗收與隔離規則檢查,仍不得保存 token value。"
|
||
},
|
||
{
|
||
"phase_id": "S2_mirror_only_consumption",
|
||
"state": "draft_ready",
|
||
"current_result": "Mirror readiness、intake、event、route、acceptance、quarantine、dry-run 與 status rollup 契約已建立。",
|
||
"next_gate": "AwoooP 主線只建立 read-only / mirror-only UI 與 audit evidence,不新增 execution router。"
|
||
},
|
||
{
|
||
"phase_id": "S3_approval_gate",
|
||
"state": "draft_ready",
|
||
"current_result": "Approval queue 已列出 8 個候選,security_approval_gate_v1 已定義人工 gate,security_approval_decision_record_v1 已定義決策紀錄格式,security_approval_review_packet_v1 已定義人工審查封包,security_approval_state_transition_v1 已定義決策狀態轉移語義,security_followup_runtime_gate_v1 已定義後續 runtime gate 準備模板;S4.8 已把 Gitea queue/gate/review packet/follow-up gate 對齊 S4.7 owner attestation 先行。",
|
||
"next_gate": "先 review redacted finding ingestion、safe crawl 與 Gitea owner attestation + read-only inventory;review packet、decision record、state transition 與 follow-up runtime gate template 都不等於執行授權。"
|
||
},
|
||
{
|
||
"phase_id": "S4_migration_execution",
|
||
"state": "not_started",
|
||
"current_result": "GitHub primary 是長期方向;source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary ready;S4.1 已定義 workflow / secret 名稱 inventory 契約;S4.2 已補 local evidence;S4.3 已補 redacted export request;S4.4 已補 rollback ADR 草案;S4.5 已補 Gitea authenticated inventory export request;S4.6 已補 redacted import acceptance;S4.7 已補 owner coverage attestation request;S4.9 已補 Gitea owner response intake packet;S4.10 已補 GitHub target owner decision response intake packet,但 inventory status 仍 partial,GitHub target response 仍 0 筆。",
|
||
"next_gate": "依 S4.9 收到並驗收 S4.7 Gitea owner response、依 S4.10 收到並驗收 7 個 GitHub target owner / visibility / canonical response、authenticated inventory payload 通過 S4.6 驗收、refs truth、webhook / runner / deploy key / branch protection / repository secret parity redacted evidence、rollback ADR owner approval 與逐 repo 人工批准。"
|
||
}
|
||
],
|
||
"next_safe_actions": [
|
||
{
|
||
"action_id": "mirror_status_rollup_to_awooop",
|
||
"title": "AwoooP 顯示資安供應鏈總覽",
|
||
"mode": "observe",
|
||
"source_contract": "security_mirror_status_rollup_v1",
|
||
"allowed_processing": [
|
||
"顯示階段狀態、contract readiness、approval queue summary",
|
||
"顯示下一個 gate",
|
||
"寫入 audit evidence"
|
||
],
|
||
"blocked_processing": [
|
||
"把 rollup 當成 runtime authorization",
|
||
"新增 scan / execute / repo / refs action button",
|
||
"把 LOW / MEDIUM observation 變成 blocking gate"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "mirror_approval_review_packets",
|
||
"title": "AwoooP 顯示 8 個人工審查封包",
|
||
"mode": "approval_required",
|
||
"source_contract": "security_approval_review_packet_v1",
|
||
"allowed_processing": [
|
||
"顯示 review order、review lane、required reviewers 與 requested decision",
|
||
"顯示仍然禁止事項與 follow-up runtime gate",
|
||
"將人工決策另寫入 security_approval_decision_record_v1"
|
||
],
|
||
"blocked_processing": [
|
||
"把 review packet 當成批准",
|
||
"把 review packet 當成 execution authorization",
|
||
"新增 scan / execute / repo / refs action button"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "mirror_approval_state_transitions",
|
||
"title": "AwoooP 顯示人工決策後狀態轉移",
|
||
"mode": "approval_required",
|
||
"source_contract": "security_approval_state_transition_v1",
|
||
"allowed_processing": [
|
||
"顯示 approve/reject/defer/request_more_evidence/keep_blocked 的 next state",
|
||
"顯示 approve_scope 仍需 follow-up runtime gate",
|
||
"將實際決策另寫入 security_approval_decision_record_v1"
|
||
],
|
||
"blocked_processing": [
|
||
"把 state transition 當成執行命令",
|
||
"批准後立即執行 scan / execute / repo / refs 動作",
|
||
"把 LOW / MEDIUM observation 變成 blocking gate"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "mirror_followup_runtime_gate_templates",
|
||
"title": "AwoooP 顯示後續 runtime gate 準備模板",
|
||
"mode": "approval_required",
|
||
"source_contract": "security_followup_runtime_gate_v1",
|
||
"allowed_processing": [
|
||
"顯示 minimum evidence、preflight checks 與 rollback/disable requirement",
|
||
"顯示 active_runtime_gates=0",
|
||
"提醒 approve_scope 後仍需獨立 runtime gate"
|
||
],
|
||
"blocked_processing": [
|
||
"啟用 runtime gate",
|
||
"新增 scan / execute / repo / refs action button",
|
||
"把 template 當成執行授權"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "review_redacted_finding_ingestion",
|
||
"title": "先審 redacted finding ingestion adapter",
|
||
"mode": "approval_required",
|
||
"source_contract": "security_approval_queue_v1",
|
||
"allowed_processing": [
|
||
"依 security_approval_gate_v1 人工審查是否可設計 redacted security_finding_v1 ingestion",
|
||
"依 security_approval_decision_record_v1 記錄人工決策",
|
||
"維持只接收摘要與 evidence_ref",
|
||
"保留 patch-only / review gate"
|
||
],
|
||
"blocked_processing": [
|
||
"保存 raw secret/token/cookie/private key/exploit payload",
|
||
"讓 AwoooP 直接啟動 scan",
|
||
"自動修復或自動封鎖 deploy"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "review_gitea_readonly_inventory",
|
||
"title": "審查 Gitea private/internal 只讀 inventory",
|
||
"mode": "approval_required",
|
||
"source_contract": "gitea_repo_inventory_v1",
|
||
"allowed_processing": [
|
||
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation request 與 coverage gap",
|
||
"顯示 5 個 owner attestation items、received_attestation_count=0 與 accepted_attestation_count=0",
|
||
"顯示 S4.9 owner response templates、received_response_count=0 與 rejection rules",
|
||
"在 security_approval_queue_v1、security_approval_gate_v1、security_approval_review_packet_v1 與 security_followup_runtime_gate_v1 中顯示 S4.7 owner attestation 先行條件",
|
||
"使用 read-only token 或 redacted admin export 補齊 repo list",
|
||
"收到 payload 後只做 schema / redaction / coverage gap 驗收與隔離",
|
||
"只保存 token_present=true/false",
|
||
"更新 migration matrix 與 decision table"
|
||
],
|
||
"blocked_processing": [
|
||
"保存 token value",
|
||
"使用 write-capable token",
|
||
"未完成 S4.7 owner attestation 就標記 inventory complete",
|
||
"把 S4.9 owner response packet 當成 read-only inventory 已執行或 primary approval",
|
||
"把 S4.7 owner attestation request 當成 repo migration approval",
|
||
"把 S4.6 payload 驗收當成 primary approval",
|
||
"建立 GitHub repo 或 sync refs"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "review_github_target_decisions",
|
||
"title": "逐 repo 審 GitHub target / owner / visibility / canonical",
|
||
"mode": "approval_required",
|
||
"source_contract": "source_control_approval_board_v1",
|
||
"allowed_processing": [
|
||
"顯示 S4.10 owner decision response templates、received_response_count=0 與 rejection rules",
|
||
"逐 repo 更新 owner / visibility / canonical decision",
|
||
"產生 draft reconcile plan 或 ADR",
|
||
"維持 refs action disabled"
|
||
],
|
||
"blocked_processing": [
|
||
"把 S4.10 response packet 當成 repo creation、visibility change、refs sync 或 primary approval",
|
||
"建立 repo",
|
||
"修改 visibility",
|
||
"push / delete refs",
|
||
"切 GitHub primary"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "review_github_primary_readiness_gate",
|
||
"title": "審查 GitHub primary readiness blockers",
|
||
"mode": "approval_required",
|
||
"source_contract": "source_control_primary_readiness_gate_v1",
|
||
"allowed_processing": [
|
||
"顯示 7 個 in-scope repos 仍 blocked",
|
||
"顯示 Gitea inventory、refs truth、workflow/secret name parity 與 rollback ADR 缺口",
|
||
"要求 repo owner 補 owner / visibility / canonical 決策"
|
||
],
|
||
"blocked_processing": [
|
||
"建立 GitHub repo",
|
||
"sync refs",
|
||
"切 GitHub primary",
|
||
"停用或封存 Gitea repo"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "review_github_primary_rollback_adr",
|
||
"title": "審查 GitHub primary rollback ADR 草案",
|
||
"mode": "approval_required",
|
||
"source_contract": "source_control_primary_rollback_adr_v1",
|
||
"allowed_processing": [
|
||
"顯示 7 個 in-scope repos 的 rollback ADR draft",
|
||
"顯示 owner_approved_count=0、dry_run_completed_count=0、active_cutover_count=0",
|
||
"顯示 rollback triggers、validation windows 與仍禁止事項"
|
||
],
|
||
"blocked_processing": [
|
||
"執行 rollback",
|
||
"切 GitHub primary",
|
||
"sync refs 或修改 webhook",
|
||
"停用 Gitea"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "review_workflow_secret_name_inventory",
|
||
"title": "審查 workflow / secret 名稱 inventory 缺口",
|
||
"mode": "approval_required",
|
||
"source_contract": "source_control_workflow_secret_name_inventory_v1",
|
||
"allowed_processing": [
|
||
"顯示 8 個 candidate repos 的 inventory lanes、4 個 repos 的 local evidence 與 7 個 repos 的 redacted export request",
|
||
"要求 repo owner 補 redacted workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 snapshot",
|
||
"顯示 GitHub hosted runner 額度風險與 self-hosted runner owner review lane",
|
||
"只保存 secret name、owner 與 present/absent metadata,不保存 value"
|
||
],
|
||
"blocked_processing": [
|
||
"收集或保存 secret value",
|
||
"修改 workflow 或 webhook",
|
||
"rotate secret",
|
||
"sync refs 或切 GitHub primary"
|
||
]
|
||
},
|
||
{
|
||
"action_id": "keep_kali_execute_blocked",
|
||
"title": "Kali /execute 維持 block candidate",
|
||
"mode": "block_candidate",
|
||
"source_contract": "kali_scan_scope_approval_v1",
|
||
"allowed_processing": [
|
||
"只設計 disable / allowlist / audit gate",
|
||
"保留人工 exception 記錄",
|
||
"持續顯示 blocked reason"
|
||
],
|
||
"blocked_processing": [
|
||
"AwoooP runtime 直接呼叫 /execute",
|
||
"把 /execute 當成一般 MCP action",
|
||
"執行 shell command 自動修復"
|
||
]
|
||
}
|
||
],
|
||
"session_sync_notes": [
|
||
"本 rollup 是跨 Session 的共同讀取入口,避免 AwoooP 主線與 Security Supply Chain Session 對進度與 gate 判讀不一致。",
|
||
"S2/S3 目前仍屬框架期;狀態與人工 gate 可見,不代表 production ingestion、scan、repo migration 或 runtime enforcement 已啟用。",
|
||
"S3.1 只新增人工決策紀錄格式;決策紀錄仍維持 execution_authorized=false,不可直接跳到執行面。",
|
||
"S3.2 只新增人工審查封包格式;review packet 只讓 AwoooP 顯示與準備人審,不代表批准。",
|
||
"S3.3 只新增人工決策狀態轉移語義;approve_scope 只進入 waiting runtime gate,不代表可立即執行。",
|
||
"S3.4 只新增後續 runtime gate 準備模板;active_runtime_gates=0,不新增 action button。",
|
||
"S4.0 只新增 GitHub primary readiness gate;github_primary_ready_count=0,不新增 repo / refs / primary switch action。",
|
||
"S4.1 只新增 workflow / secret 名稱 inventory 契約;workflow_secret_inventory_complete_count=0,secret_value_collection_allowed=false,不新增 workflow、secret、repo、refs 或 primary switch action。",
|
||
"S4.2 只新增本機可見 workflow / CODEOWNERS / referenced secret name evidence;local_evidence_repo_count=4、workflow_file_count=31、unique_secret_name_count=43,secret_value_detected=false。",
|
||
"S4.3 只新增 redacted export request package;export_request_count=7、export_lane_count=5、write_token_allowed=false,不呼叫 API、不收 secret value、不修改 GitHub/Gitea 設定。",
|
||
"S4.4 只新增 GitHub primary rollback ADR 草案;repo_rollback_plan_count=7、owner_approved_count=0、dry_run_completed_count=0、rollback_execution_authorized=false,不切 primary、不執行 rollback。",
|
||
"S4.5 只新增 Gitea authenticated inventory export request;public_only_repo_count=2、local_gitea_unique_repo_count=4、export_source_option_count=2、token_value_collection_allowed=false,不使用 token、不寫入 Gitea、不 sync refs。",
|
||
"S4.6 只新增 Gitea redacted import acceptance;received_payload_count=0、accepted_payload_count=0,不匯入 DB dump/git object、不寫 Gitea、不切 primary。",
|
||
"S4.7 只新增 Gitea owner coverage attestation request;required_attestation_item_count=5、received_attestation_count=0,不把 attestation 當 migration approval。",
|
||
"S4.8 只把既有 Gitea approval queue/gate/review packet/follow-up gate 對齊 S4.7 先行條件;approval_queue_total 仍為 8、active_runtime_gates 仍為 0,不新增執行入口。",
|
||
"S4.9 只新增 Gitea owner attestation response 收件包;required_response_item_count=5、received_response_count=0、accepted_response_count=0,不把 response packet 當 inventory 執行或 primary approval。",
|
||
"S4.10 只新增 GitHub target owner decision response 收件包;response_template_count=7、received_response_count=0、accepted_response_count=0,不把 response packet 當 repo creation、visibility change、refs sync 或 GitHub primary approval。"
|
||
],
|
||
"forbidden_actions": [
|
||
"start_kali_scan",
|
||
"call_kali_execute_endpoint",
|
||
"run_credentialed_scan",
|
||
"create_github_repo",
|
||
"change_repo_visibility",
|
||
"sync_git_refs",
|
||
"switch_github_primary",
|
||
"auto_merge",
|
||
"production_deploy",
|
||
"store_secret_token_cookie_private_key_or_exploit_payload",
|
||
"turn_low_medium_observations_into_blocking_gates"
|
||
]
|
||
}
|