8.6 KiB
agent-bounty-protocol Owner Request Draft
| 項目 | 內容 |
|---|---|
| 日期 | 2026-06-14 |
| 狀態 | owner_request_draft_ready_not_dispatched |
| 工具 | scripts/security/agent-bounty-owner-request-draft.py |
| Snapshot | docs/security/agent-bounty-owner-request-draft.snapshot.json |
| Source handoff | docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json |
| runtime gate | 0 |
1. 目的
本文件把 agent-bounty-protocol onboarding handoff 轉成人工送件前 owner request draft,讓 repo / refs、deployment、產品路由、MCP / A2A、cron / daemon、admin / treasury、webhook / traffic、資料分級與外部 agent 自主行為都能用同一套 owner 欄位收件。
本階段仍是 metadata-only request draft:不讀 agent-bounty-protocol .env、不改該 repo、不 push refs、不建立 GitHub repo、不改 workflow、不部署、不 restart compose、不跑 DB migration、不啟動 cron / daemon、不 claim、不 submit、不送外部 agent 訊息、不送 Telegram / Discord、不發 GitHub comment、不 payout、不 withdraw、不 staking、不改 webhook secret、不掃描、不寫 production。
2. 摘要
| 指標 | 目前值 | 說明 |
|---|---|---|
| request draft | 11 |
4 份 control boundary + 7 份 product surface |
| control boundary request | 4 |
repo / refs、deployment、data classification、external agent / treasury |
| product surface request | 7 |
public task、well-known metadata、MCP、A2A、cron、admin / treasury、webhook / traffic |
| write-capable request draft | 8 |
可能觸發 deploy、claim / submit、cron、webhook、admin 或 treasury 風險的 scope |
| treasury-related request draft | 4 |
settlement、staking、withdrawal、payout 或 treasury 相鄰 scope |
| MCP / A2A related request draft | 5 |
MCP tool、A2A protocol、cron / daemon 或 agent autonomy scope |
| live evidence required request | 11 |
每份 request 都需要 owner 提供脫敏 evidence ref |
| request field | 26 |
每份草稿固定欄位數 |
| required owner field | 22 |
owner 必須補齊的欄位數 |
| owner role field | 13 |
來源 handoff 已定義的 owner 角色欄位 |
| forbidden input | 25 |
驗收前拒收或隔離的輸入 |
| blocked action | 28 |
驗收前全部禁止 |
| request sent / recipient confirmed | 0 / 0 |
尚未送件,收件人也未確認 |
| owner response received / accepted | 0 / 0 |
不得假性拉高 |
| runtime gate / action button | 0 / 0 |
不開任何執行入口 |
3. Request Draft 類型
| 類型 | 範圍 | 目前邊界 |
|---|---|---|
| Repo / refs / workflow | canonical repo、dirty workspace disposition、workflow / runner / secret name owner | 不 push、不 sync refs、不建立 repo、不改 workflow |
| Production / compose / domain | https://agent.wooo.work、compose host、domain / TLS、health smoke |
不 deploy、不 restart、不 migration |
| Data classification | task、agent、MCP / A2A、webhook、traffic、treasury、admin、cron 資料分級 | 只收 metadata,不收 raw payload 或 secret |
| MCP / A2A / treasury | MCP tool、A2A negotiation、settlement、staking、withdrawal、payout、notification owner | 不 claim、不 submit、不 daemon、不 send、不 payout |
| Public task surface | marketplace、task、leaderboard、traffic、ICO 類公開面 | 不代表 bounty payout 或 external claim / submit 可執行 |
| Well-known metadata | agent-card、ai-plugin、mcp、openapi | 可作 route evidence;不授權 agent execution 或 credential exposure |
| Cron / automation | A2A discovery / dispatcher / swarm、judge、lead-gen、reaper、self-replicate、treasury alert | 不啟用 schedule、不跑 daemon、不 self-replicate |
| Admin / treasury | admin、traffic、treasury、withdraw、simulate | 需 RBAC / auth / financial owner response;不提款、不 payout |
| Webhook / traffic | traffic、GitHub / Stripe webhook、scout、intent stream、health | 只收 redacted metadata,不收 webhook secret 或 payload body |
4. Owner 必填欄位
| 欄位 | 說明 |
|---|---|
product_owner_role_or_team |
產品 owner 或 team |
security_owner_role_or_team |
資安 / abuse / 資料保護 owner |
source_control_owner_role_or_team |
repo / refs / workflow / secret name owner |
deployment_owner_role_or_team |
compose / domain / TLS / smoke owner |
data_classification_owner_role_or_team |
task、agent、webhook、traffic、treasury、admin 資料分級 owner |
external_agent_boundary_owner_role_or_team |
MCP / A2A / cron / daemon owner |
settlement_or_treasury_owner_role_or_team |
staking、withdrawal、payout、Stripe / wallet 風險 owner |
notification_owner_role_or_team |
Telegram、Discord、GitHub webhook / issue comment owner |
surface_scope |
本次納入 IwoooS 的 route、API、admin、cron、worker、webhook 範圍 |
decision |
owner 對此 scope 的判定 |
decision_reason |
決策理由摘要,不得包含機敏值 |
redacted_evidence_refs |
文件、snapshot、ticket、commit、hash 或脫敏 metadata pointer |
canonical_repo_ref |
canonical repo / remote / branch 的脫敏 ref |
repo_dirty_disposition |
dirty / untracked workspace 的 WIP 或 release candidate 判定 |
deployment_boundary_ref |
production host、compose directory、domain / TLS、health smoke 的脫敏 ref |
auth_abuse_boundary_ref |
auth、RBAC、abuse control、rate limit、anti-spam 的脫敏 ref |
external_agent_boundary_ref |
MCP / A2A / cron / daemon / external agent autonomy 的脫敏 ref |
settlement_treasury_boundary_ref |
settlement、staking、withdrawal、payout、Stripe / wallet 的脫敏 ref |
maintenance_window |
維護窗口或禁止窗口 |
rollback_owner |
rollback 負責人與 rollback ref |
validation_plan |
驗證與 post-check plan |
followup_owner |
後續補件或決策負責人 |
5. 禁止輸入
.env content
database URL value
API key value
MCP API key value
E2B API key value
Telegram bot token value
Telegram chat id value
Discord webhook value
GitHub token value
Stripe secret value
wallet private key
seed phrase
cookie
session
auth header
raw webhook payload
raw traffic payload
raw agent prompt or transcript
claim or submit execution request
payout or withdraw execution request
deploy command request
compose restart request
DB migration request
repo push request
refs sync request
6. 禁止動作
modify_agent_bounty_repo
commit_agent_bounty_changes
push_agent_bounty_refs
sync_refs
create_github_repo
change_workflow
collect_secret_value
read_env_file
deploy_production
restart_compose
run_db_migration
run_active_scan
run_credentialed_scan
start_daemon
enable_cron
auto_claim
auto_submit
send_external_agent_message
send_telegram_notification
send_discord_notification
post_github_comment
execute_payout
execute_withdrawal
share_database
share_session
bind_rbac
enable_runtime_gate
add_awooop_action_button
7. 指令
固定 committed snapshot 時間:
python3 scripts/security/agent-bounty-owner-request-draft.py \
--root . \
--handoff-report docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json \
--output docs/security/agent-bounty-owner-request-draft.snapshot.json \
--generated-at 2026-06-14T23:55:00+08:00
只讀 guard:
python3 scripts/security/security-mirror-progress-guard.py --root .
python3 scripts/security/source-control-owner-response-guard.py --root .
8. 完成度
| 工作 | 完成度 | 說明 |
|---|---|---|
| owner request draft artifact | 100% |
11 份 request draft 已由 committed onboarding handoff 產生 |
| request dispatch | 0% |
尚未送件,recipient 未確認 |
| owner response received / accepted | 0% |
尚未收到或接受任何 owner response |
| live evidence collection | 0% |
未讀 production host、compose、DB、webhook、MCP 或 treasury live state |
| source-control / deployment / financial action | 0% |
未 push、未 sync refs、未 deploy、未 payout |
| runtime / production write | 0% |
無 action button,無 production write |
9. 邊界
這份 owner request draft 不是資安批准、不是 deployment approval、不是 external agent autonomy approval、不是 treasury approval,也不是 live production truth。不得把 request draft、snapshot、IwoooS UI、AwoooP approval、LOGBOOK 或 onboarding handoff 解讀成 repo / refs / workflow 修改、secret 收集、production deploy、compose restart、DB migration、cron / daemon 啟動、MCP claim / submit、A2A dispatcher、self-replication、Telegram / Discord / GitHub send、Stripe / wallet 操作、payout、withdrawal、staking、active scan、host write 或 runtime gate 授權。