Files
awoooi/docs/security/S4-9-OWNER-RESPONSE-DISPATCH-PACKAGE.md

7.6 KiB
Raw Blame History

S4.9 Owner Response Dispatch Package

項目 內容
日期 2026-06-13
狀態 dispatch_package_ready_not_sent
對應 envelope docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md
對應 intake form docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md
對應 validation docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md
Snapshot docs/security/s4-9-owner-response-dispatch-package.snapshot.json
runtime gate 0

1. 核心結論

本包把 S4.9 owner response 從「表單與驗收規則已定義」推進到「可交給 owner 填寫的送件包」。它固定 owner 要回覆哪些題目、每題必填欄位、哪些 evidence 只能用脫敏參照,以及 reviewer 收件後如何分流。

本包仍不是正式送件紀錄,不是 owner response received不是 accepted不是 repo / refs / workflow / secret / runner / host / runtime 授權。

2. 必填 Canonical Envelope

每一題回覆都必須映射回六欄。缺任一欄,只能補件,不得增加 received / accepted count。

欄位 填寫要求 禁止誤用
owner_role_or_team 填角色、團隊或責任單位 不填私人帳密、token、session 或私人聯絡資訊
decision 只能填 confirmdeferrejectrequest_more_evidence confirm 不代表 runtime action approval
decision_reason 填脫敏理由摘要 不貼 raw log、raw API body、未脫敏截圖或內部聊天原文
affected_scope 填 repo 群、namespace、endpoint、host scope、legacy disposition 或 canonical owner 範圍 不夾帶 repo create、refs sync、visibility change 或 workflow 修改要求
redacted_evidence_refs 填文件路徑、snapshot id、ticket id、hash 或脫敏 metadata pointer 不收 secret value、partial token、private key、authorization header、runner token
followup_owner 填後續補證、審查或決策負責角色 / 團隊 不等於執行批准人,也不等於 runtime operator

3. S4.9 五題送件內容

順序 Template Owner 必須回答 合格 evidence refs
1 response-public-only-vs-local-gitea-gap 判定 wooo/clawbot-v5wooo/wooo-aiops 是否屬本輪 inventory / migration scope public probe snapshot、local inventory ref、owner note id
2 response-org-user-endpoint-identity 判定 wooo 應以 user、org 或兩者盤點,並指定 canonical endpoint endpoint probe summary、HTTP status metadata、owner note id
3 response-internal-110-adjacent-scope 逐項判定 bitan-pharmacyroot/momo-pro-systemtsenyang-websitewooo/wooo-infra-config 是否納入本輪 scope local repo / host scope snapshot、redacted owner note
4 response-repo-owner-canonical-scope 指定 in-scope repo 的 owner、canonical source、GitHub target candidate 與 visibility review owner refs truth summary、target probe summary、owner note id
5 response-legacy-or-inaccessible-disposition 指定 legacy / inaccessible / external repo 的 disposition、理由與後續 owner disposition note、archive candidate summary、ticket id

4. Owner 可回覆的形狀

template_id:
owner_role_or_team:
decision:
decision_reason:
affected_scope:
redacted_evidence_refs:
followup_owner:

若 owner 需要更多資訊,decision 應填 request_more_evidence,並在 decision_reason 說明缺哪一種脫敏 evidence。不得用口頭「同意」、「可以」、「批准」取代六欄回覆。

5. Reviewer 收件分流

Outcome 使用時機 Count 影響
keep_waiting_owner_response 尚未收到完整六欄,或只有空白 / 口頭同意 received / accepted 維持 0
request_more_evidence 欄位缺漏、scope 不清、evidence refs 不足 accepted 維持 0
quarantine_sensitive_payload 疑似含 token、secret、private key、cookie、session、authorization header、runner token、未脫敏截圖或 private URL credential 不保存 raw payload
reject_execution_request 夾帶 repo / refs / workflow / secret / runner / Kali / host / runtime 執行要求 不建立 action button
ready_for_reviewer_validation 五題完整、evidence refs 已脫敏、無執行要求 只進 reviewer checklist仍非 accepted

6. 高價值配置控管對齊

S4.9 owner response 是 source-control owner gate 的第一步。高價值配置控管仍需要獨立 owner response但應共用同一個六欄 envelope 與拒收邊界。

優先 類別 對應 owner lane 送件前仍缺
P0-1 Nginx / public gateway public_gateway_owner_response_required rendered diff、nginx -t evidence、route smoke、maintenance window、rollback owner
P0-2 K8s manifest / ArgoCD app gitops_owner_response_required GitOps diff、ArgoCD health readback、sync authorization、rollback revision
P0-3 Gitea workflow / runner / deploy key / webhook workflow_source_control_owner_response_required workflow diff、runner label owner、deploy key metadata only、webhook metadata only
P0-4 Registry / Harbor / TLS / certbot domain_tls_owner_response_required certificate path check、renewal window、ACME smoke、public HTTPS smoke
P0-5 Sentry / SigNoz / Alertmanager / Prometheus monitoring_owner_response_required live drift evidence、receiver owner、reload owner、route smoke、receipt proof
P0-6 Public gateway / frontend runtime config public_runtime_config_owner_response_required public URL check、frontend internal IP ban、CORS boundary、desktop / mobile smoke
P0-7 AI provider route ai_provider_route_owner_response_required provider route owner、fallback order evidence、cost boundary、rollback owner
P0-8 DB migration database_migration_owner_response_required migration diff、backup / rollback owner、post-migration verification plan
P0-9 Secrets injection / redaction secret_metadata_owner_response_required secret name parity、metadata-only check、rotation owner、no secret value check

這些 lane 可以共用 S4.9 的欄位與 quarantine-first 規則,但不能把 S4.9 回覆直接升級成 Nginx reload、ArgoCD sync、workflow 修改、registry change、alert reload、AI route switch、DB migration 或 secret rotation 授權。

7. 固定 0 / false 邊界

dispatch_authorized=false
request_sent=false
request_sent_count=0
received_response_count=0
accepted_response_count=0
rejected_response_count=0
owner_response_received_count=0
owner_response_accepted_count=0
redacted_payload_ingested=false
active_runtime_gate_count=0
runtime_execution_authorized=false
action_buttons_allowed=false
repo_creation_authorized=false
refs_sync_authorized=false
workflow_modification_authorized=false
github_primary_switch_authorized=false
host_update_authorized=false
active_scan_authorized=false
secret_value_collection_authorized=false
nginx_reload_authorized=false
argocd_sync_authorized=false
database_migration_authorized=false
ai_provider_route_change_authorized=false

8. 完成度

工作 完成度 說明
S4.9 dispatch package 70% 可送 owner 填寫的資料包已固定;尚未正式送件
S4.9 owner response gate 0% 尚未收到或接受 owner response
高價值配置 owner lane 對齊 55% 已共用六欄 envelope 與 P0 lane仍需各 lane owner 實際回覆
IwoooS overall 維持 64% 文件與資料包不調高整體進度
active runtime gate 0 不變