Files
awoooi/docs/security/security-mirror-status-rollup.snapshot.json

406 lines
23 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "security_mirror_status_rollup_v1",
"status": "draft",
"date": "2026-05-17",
"mode": "mirror_only",
"rollup_status": "framework_ready_waiting_approval",
"runtime_execution_authorized": false,
"source_indexes": [
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
"docs/security/security-mirror-readiness.snapshot.json",
"docs/security/security-mirror-intake-plan.snapshot.json",
"docs/security/security-mirror-route.snapshot.json",
"docs/security/security-mirror-acceptance.snapshot.json",
"docs/security/security-mirror-quarantine.snapshot.json",
"docs/security/security-mirror-dry-run.snapshot.json",
"docs/security/security-approval-queue.snapshot.json",
"docs/security/security-approval-gate.snapshot.json",
"docs/security/security-approval-decision-record.snapshot.json",
"docs/security/security-approval-review-packet.snapshot.json",
"docs/security/security-approval-state-transition.snapshot.json",
"docs/security/security-followup-runtime-gate.snapshot.json",
"docs/security/gitea-authenticated-inventory-export-request.snapshot.json",
"docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json",
"docs/security/gitea-inventory-coverage-attestation.snapshot.json",
"docs/security/gitea-inventory-owner-attestation-response.snapshot.json",
"docs/security/github-target-owner-decision-response.snapshot.json",
"docs/security/source-control-ref-truth-owner-response.snapshot.json",
"docs/security/source-control-primary-readiness-gate.snapshot.json",
"docs/security/source-control-primary-rollback-adr.snapshot.json",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json",
"docs/security/source-control-workflow-secret-name-export-request.snapshot.json",
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json",
"docs/security/source-control-owner-response-validation-rollup.snapshot.json",
"docs/security/security-rollout-policy.snapshot.json"
],
"summary": {
"total_contracts": 35,
"ready_for_mirror_count": 32,
"partial_ready_count": 2,
"contract_only_count": 1,
"blocked_count": 0,
"approval_queue_total": 8,
"approval_review_packet_total": 8,
"approval_state_transition_rule_total": 5,
"followup_runtime_gate_template_total": 8,
"active_runtime_gate_count": 0,
"gitea_inventory_status": "partial_waiting_authenticated_inventory",
"gitea_inventory_public_only_repo_count": 2,
"gitea_inventory_local_gitea_repo_count": 4,
"gitea_inventory_export_source_option_count": 2,
"gitea_inventory_token_value_collection_allowed": false,
"gitea_inventory_import_acceptance_status": "draft_waiting_redacted_inventory_payload",
"gitea_inventory_import_acceptance_payload_count": 0,
"gitea_inventory_import_acceptance_quarantine_required": true,
"gitea_inventory_import_acceptance_execution_authorized": false,
"gitea_inventory_coverage_attestation_status": "draft_waiting_owner_attestation",
"gitea_inventory_coverage_attestation_required_count": 5,
"gitea_inventory_coverage_attestation_received_count": 0,
"gitea_inventory_coverage_attestation_execution_authorized": false,
"primary_readiness_candidate_repo_count": 8,
"github_primary_ready_count": 0,
"ref_truth_owner_response_template_count": 5,
"ref_truth_owner_received_response_count": 0,
"ref_truth_owner_accepted_response_count": 0,
"ref_truth_owner_rejected_response_count": 0,
"ref_truth_refs_sync_authorized": false,
"ref_truth_refs_delete_authorized": false,
"ref_truth_force_push_authorized": false,
"primary_rollback_adr_repo_plan_count": 7,
"primary_rollback_adr_owner_approved_count": 0,
"primary_rollback_adr_dry_run_completed_count": 0,
"primary_rollback_execution_authorized": false,
"workflow_secret_inventory_candidate_repo_count": 8,
"workflow_secret_inventory_complete_count": 0,
"workflow_secret_inventory_local_evidence_repo_count": 4,
"workflow_secret_inventory_local_workflow_file_count": 31,
"workflow_secret_inventory_unique_secret_name_count": 43,
"workflow_secret_inventory_export_request_count": 7,
"workflow_secret_inventory_export_lane_count": 5,
"workflow_secret_owner_response_template_count": 5,
"workflow_secret_owner_received_response_count": 0,
"workflow_secret_owner_accepted_response_count": 0,
"workflow_secret_owner_rejected_response_count": 0,
"owner_response_validation_packet_count": 4,
"owner_response_validation_lane_count": 4,
"owner_response_validation_template_count": 22,
"owner_response_validation_received_count": 0,
"owner_response_validation_accepted_count": 0,
"owner_response_validation_rejected_count": 0,
"owner_response_validation_cross_packet_check_count": 10,
"owner_response_validation_quarantine_required": true,
"workflow_secret_inventory_write_token_allowed": false,
"workflow_secret_modification_authorized": false,
"workflow_secret_github_hosted_runner_enable_authorized": false,
"secret_value_collection_allowed": false,
"secret_value_detected": false,
"pending_approval_count": 7,
"block_candidate_count": 1,
"dry_run_status": "contract_defined_not_executed",
"runtime_actions_executed": false,
"payloads_ingested": false
},
"phase_status": [
{
"phase_id": "S0_contracts_and_boundaries",
"state": "completed",
"current_result": "Kali / Codex / GitHub / Gitea / AwoooP 邊界已文件化,核心 schema 草案已建立。",
"next_gate": "AwoooP 只讀 mirror 消費。"
},
{
"phase_id": "S1_readonly_inventory",
"state": "in_progress",
"current_result": "已完成多項 read-only evidenceS4.5 已補 Gitea authenticated/admin export requestS4.6 已補 redacted import acceptanceS4.7 已補 owner coverage attestation request但 private/internal 全量 repo list 仍需批准後補齊。",
"next_gate": "先取得 owner scope decision / coverage attestation再等待只讀 token 或 redacted admin export owner approval收到 payload 後先依 S4.6 驗收與隔離規則檢查,仍不得保存 token value。"
},
{
"phase_id": "S2_mirror_only_consumption",
"state": "draft_ready",
"current_result": "Mirror readiness、intake、event、route、acceptance、quarantine、dry-run 與 status rollup 契約已建立。",
"next_gate": "AwoooP 主線只建立 read-only / mirror-only UI 與 audit evidence不新增 execution router。"
},
{
"phase_id": "S3_approval_gate",
"state": "draft_ready",
"current_result": "Approval queue 已列出 8 個候選security_approval_gate_v1 已定義人工 gatesecurity_approval_decision_record_v1 已定義決策紀錄格式security_approval_review_packet_v1 已定義人工審查封包security_approval_state_transition_v1 已定義決策狀態轉移語義security_followup_runtime_gate_v1 已定義後續 runtime gate 準備模板S4.8 已把 Gitea queue/gate/review packet/follow-up gate 對齊 S4.7 owner attestation 先行。",
"next_gate": "先 review redacted finding ingestion、safe crawl 與 Gitea owner attestation + read-only inventoryreview packet、decision record、state transition 與 follow-up runtime gate template 都不等於執行授權。"
},
{
"phase_id": "S4_migration_execution",
"state": "not_started",
"current_result": "GitHub primary 是長期方向source_control_primary_readiness_gate_v1 已定義 8 個 candidate repos、7 個 in-scope blocked repos、0 個 primary readyS4.1 已定義 workflow / secret 名稱 inventory 契約S4.2 已補 local evidenceS4.3 已補 redacted export requestS4.4 已補 rollback ADR 草案S4.5 已補 Gitea authenticated inventory export requestS4.6 已補 redacted import acceptanceS4.7 已補 owner coverage attestation requestS4.9 已補 Gitea owner response intake packetS4.10 已補 GitHub target owner decision response intake packetS4.11 已補 refs truth owner response intake packetS4.12 已補 workflow / secret 名稱 owner response intake packetS4.13 已補四包 owner response validation rollup彙整 22 個 templates、received=0、accepted=0但 inventory status 仍 partialGitHub target / refs truth / workflow-secret response 仍 0 筆。",
"next_gate": "依 S4.13 先集中檢查四包 owner response validation 狀態,再依 S4.9 收到並驗收 S4.7 Gitea owner response、依 S4.10 收到並驗收 7 個 GitHub target owner / visibility / canonical response、依 S4.11 收到並驗收 5 個 refs truth owner response templates、依 S4.12 收到並驗收 5 個 workflow / secret 名稱 owner response templates、authenticated inventory payload 通過 S4.6 驗收、rollback ADR owner approval 與逐 repo 人工批准。"
}
],
"next_safe_actions": [
{
"action_id": "mirror_owner_response_validation_rollup",
"title": "AwoooP 顯示四包 owner response 驗收總覽",
"mode": "observe",
"source_contract": "source_control_owner_response_validation_rollup_v1",
"allowed_processing": [
"顯示 S4.9/S4.10/S4.11/S4.12 四個 response packets",
"顯示 22 個 templates、received=0、accepted=0、rejected=0",
"顯示 10 個 cross-packet acceptance checks 與 quarantine rules",
"只更新 read-only wording、matrix 或 readiness evidence"
],
"blocked_processing": [
"把 validation rollup 當成 approval",
"把 validation rollup 當成 runtime authorization",
"新增 repo / refs / workflow / secret / runner / primary action button"
]
},
{
"action_id": "mirror_status_rollup_to_awooop",
"title": "AwoooP 顯示資安供應鏈總覽",
"mode": "observe",
"source_contract": "security_mirror_status_rollup_v1",
"allowed_processing": [
"顯示階段狀態、contract readiness、approval queue summary",
"顯示下一個 gate",
"寫入 audit evidence"
],
"blocked_processing": [
"把 rollup 當成 runtime authorization",
"新增 scan / execute / repo / refs action button",
"把 LOW / MEDIUM observation 變成 blocking gate"
]
},
{
"action_id": "mirror_approval_review_packets",
"title": "AwoooP 顯示 8 個人工審查封包",
"mode": "approval_required",
"source_contract": "security_approval_review_packet_v1",
"allowed_processing": [
"顯示 review order、review lane、required reviewers 與 requested decision",
"顯示仍然禁止事項與 follow-up runtime gate",
"將人工決策另寫入 security_approval_decision_record_v1"
],
"blocked_processing": [
"把 review packet 當成批准",
"把 review packet 當成 execution authorization",
"新增 scan / execute / repo / refs action button"
]
},
{
"action_id": "mirror_approval_state_transitions",
"title": "AwoooP 顯示人工決策後狀態轉移",
"mode": "approval_required",
"source_contract": "security_approval_state_transition_v1",
"allowed_processing": [
"顯示 approve/reject/defer/request_more_evidence/keep_blocked 的 next state",
"顯示 approve_scope 仍需 follow-up runtime gate",
"將實際決策另寫入 security_approval_decision_record_v1"
],
"blocked_processing": [
"把 state transition 當成執行命令",
"批准後立即執行 scan / execute / repo / refs 動作",
"把 LOW / MEDIUM observation 變成 blocking gate"
]
},
{
"action_id": "mirror_followup_runtime_gate_templates",
"title": "AwoooP 顯示後續 runtime gate 準備模板",
"mode": "approval_required",
"source_contract": "security_followup_runtime_gate_v1",
"allowed_processing": [
"顯示 minimum evidence、preflight checks 與 rollback/disable requirement",
"顯示 active_runtime_gates=0",
"提醒 approve_scope 後仍需獨立 runtime gate"
],
"blocked_processing": [
"啟用 runtime gate",
"新增 scan / execute / repo / refs action button",
"把 template 當成執行授權"
]
},
{
"action_id": "review_redacted_finding_ingestion",
"title": "先審 redacted finding ingestion adapter",
"mode": "approval_required",
"source_contract": "security_approval_queue_v1",
"allowed_processing": [
"依 security_approval_gate_v1 人工審查是否可設計 redacted security_finding_v1 ingestion",
"依 security_approval_decision_record_v1 記錄人工決策",
"維持只接收摘要與 evidence_ref",
"保留 patch-only / review gate"
],
"blocked_processing": [
"保存 raw secret/token/cookie/private key/exploit payload",
"讓 AwoooP 直接啟動 scan",
"自動修復或自動封鎖 deploy"
]
},
{
"action_id": "review_gitea_readonly_inventory",
"title": "審查 Gitea private/internal 只讀 inventory",
"mode": "approval_required",
"source_contract": "gitea_repo_inventory_v1",
"allowed_processing": [
"顯示 S4.5 authenticated/admin export request、S4.6 redacted import acceptance、S4.7 owner coverage attestation request 與 coverage gap",
"顯示 5 個 owner attestation items、received_attestation_count=0 與 accepted_attestation_count=0",
"顯示 S4.9 owner response templates、received_response_count=0 與 rejection rules",
"在 security_approval_queue_v1、security_approval_gate_v1、security_approval_review_packet_v1 與 security_followup_runtime_gate_v1 中顯示 S4.7 owner attestation 先行條件",
"使用 read-only token 或 redacted admin export 補齊 repo list",
"收到 payload 後只做 schema / redaction / coverage gap 驗收與隔離",
"只保存 token_present=true/false",
"更新 migration matrix 與 decision table"
],
"blocked_processing": [
"保存 token value",
"使用 write-capable token",
"未完成 S4.7 owner attestation 就標記 inventory complete",
"把 S4.9 owner response packet 當成 read-only inventory 已執行或 primary approval",
"把 S4.7 owner attestation request 當成 repo migration approval",
"把 S4.6 payload 驗收當成 primary approval",
"建立 GitHub repo 或 sync refs"
]
},
{
"action_id": "review_github_target_decisions",
"title": "逐 repo 審 GitHub target / owner / visibility / canonical",
"mode": "approval_required",
"source_contract": "source_control_approval_board_v1",
"allowed_processing": [
"顯示 S4.10 owner decision response templates、received_response_count=0 與 rejection rules",
"逐 repo 更新 owner / visibility / canonical decision",
"產生 draft reconcile plan 或 ADR",
"維持 refs action disabled"
],
"blocked_processing": [
"把 S4.10 response packet 當成 repo creation、visibility change、refs sync 或 primary approval",
"建立 repo",
"修改 visibility",
"push / delete refs",
"切 GitHub primary"
]
},
{
"action_id": "review_ref_truth_owner_responses",
"title": "審查 refs truth owner response 收件包",
"mode": "approval_required",
"source_contract": "source_control_ref_truth_classification_v1",
"allowed_processing": [
"顯示 S4.11 owner response templates、received_response_count=0 與 rejection rules",
"依 main/dev truth、deprecated drift、release tag、GitHub-only refs 分組給 owner 判定",
"response 通過後只更新 read-only classification、draft reconcile plan 與 readiness blocker wording",
"維持 refs action disabled"
],
"blocked_processing": [
"把 S4.11 response packet 當成 refs sync、delete、force push 或 primary approval",
"fetch / push / delete refs",
"rewrite branch 或 tag",
"切 GitHub primary"
]
},
{
"action_id": "review_github_primary_readiness_gate",
"title": "審查 GitHub primary readiness blockers",
"mode": "approval_required",
"source_contract": "source_control_primary_readiness_gate_v1",
"allowed_processing": [
"顯示 7 個 in-scope repos 仍 blocked",
"顯示 Gitea inventory、refs truth owner response、workflow/secret name parity 與 rollback ADR 缺口",
"要求 repo owner 補 owner / visibility / canonical 決策"
],
"blocked_processing": [
"建立 GitHub repo",
"sync refs",
"切 GitHub primary",
"停用或封存 Gitea repo"
]
},
{
"action_id": "review_github_primary_rollback_adr",
"title": "審查 GitHub primary rollback ADR 草案",
"mode": "approval_required",
"source_contract": "source_control_primary_rollback_adr_v1",
"allowed_processing": [
"顯示 7 個 in-scope repos 的 rollback ADR draft",
"顯示 owner_approved_count=0、dry_run_completed_count=0、active_cutover_count=0",
"顯示 rollback triggers、validation windows 與仍禁止事項"
],
"blocked_processing": [
"執行 rollback",
"切 GitHub primary",
"sync refs 或修改 webhook",
"停用 Gitea"
]
},
{
"action_id": "review_workflow_secret_name_inventory",
"title": "審查 workflow / secret 名稱 inventory 缺口",
"mode": "approval_required",
"source_contract": "source_control_workflow_secret_name_inventory_v1",
"allowed_processing": [
"顯示 8 個 candidate repos 的 inventory lanes、4 個 repos 的 local evidence 與 7 個 repos 的 redacted export request",
"顯示 S4.12 owner response templates、received_response_count=0 與 rejection rules",
"要求 repo owner 補 redacted workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 snapshot",
"顯示 GitHub hosted runner 額度風險與 self-hosted runner owner review lane",
"response 通過後只更新 read-only inventory、export request 與 readiness blocker wording",
"只保存 secret name、owner 與 present/absent metadata不保存 value"
],
"blocked_processing": [
"把 S4.12 response packet 當成 workflow 修改、secret 建立、runner 啟用或 primary approval",
"收集或保存 secret value",
"修改 workflow 或 webhook",
"啟用 GitHub hosted runner 或消耗 GitHub Actions 額度",
"rotate secret",
"sync refs 或切 GitHub primary"
]
},
{
"action_id": "keep_kali_execute_blocked",
"title": "Kali /execute 維持 block candidate",
"mode": "block_candidate",
"source_contract": "kali_scan_scope_approval_v1",
"allowed_processing": [
"只設計 disable / allowlist / audit gate",
"保留人工 exception 記錄",
"持續顯示 blocked reason"
],
"blocked_processing": [
"AwoooP runtime 直接呼叫 /execute",
"把 /execute 當成一般 MCP action",
"執行 shell command 自動修復"
]
}
],
"session_sync_notes": [
"本 rollup 是跨 Session 的共同讀取入口,避免 AwoooP 主線與 Security Supply Chain Session 對進度與 gate 判讀不一致。",
"S2/S3 目前仍屬框架期;狀態與人工 gate 可見,不代表 production ingestion、scan、repo migration 或 runtime enforcement 已啟用。",
"S3.1 只新增人工決策紀錄格式;決策紀錄仍維持 execution_authorized=false不可直接跳到執行面。",
"S3.2 只新增人工審查封包格式review packet 只讓 AwoooP 顯示與準備人審,不代表批准。",
"S3.3 只新增人工決策狀態轉移語義approve_scope 只進入 waiting runtime gate不代表可立即執行。",
"S3.4 只新增後續 runtime gate 準備模板active_runtime_gates=0不新增 action button。",
"S4.0 只新增 GitHub primary readiness gategithub_primary_ready_count=0不新增 repo / refs / primary switch action。",
"S4.1 只新增 workflow / secret 名稱 inventory 契約workflow_secret_inventory_complete_count=0secret_value_collection_allowed=false不新增 workflow、secret、repo、refs 或 primary switch action。",
"S4.2 只新增本機可見 workflow / CODEOWNERS / referenced secret name evidencelocal_evidence_repo_count=4、workflow_file_count=31、unique_secret_name_count=43secret_value_detected=false。",
"S4.3 只新增 redacted export request packageexport_request_count=7、export_lane_count=5、write_token_allowed=false不呼叫 API、不收 secret value、不修改 GitHub/Gitea 設定。",
"S4.4 只新增 GitHub primary rollback ADR 草案repo_rollback_plan_count=7、owner_approved_count=0、dry_run_completed_count=0、rollback_execution_authorized=false不切 primary、不執行 rollback。",
"S4.5 只新增 Gitea authenticated inventory export requestpublic_only_repo_count=2、local_gitea_unique_repo_count=4、export_source_option_count=2、token_value_collection_allowed=false不使用 token、不寫入 Gitea、不 sync refs。",
"S4.6 只新增 Gitea redacted import acceptancereceived_payload_count=0、accepted_payload_count=0不匯入 DB dump/git object、不寫 Gitea、不切 primary。",
"S4.7 只新增 Gitea owner coverage attestation requestrequired_attestation_item_count=5、received_attestation_count=0不把 attestation 當 migration approval。",
"S4.8 只把既有 Gitea approval queue/gate/review packet/follow-up gate 對齊 S4.7 先行條件approval_queue_total 仍為 8、active_runtime_gates 仍為 0不新增執行入口。",
"S4.9 只新增 Gitea owner attestation response 收件包required_response_item_count=5、received_response_count=0、accepted_response_count=0不把 response packet 當 inventory 執行或 primary approval。",
"S4.10 只新增 GitHub target owner decision response 收件包response_template_count=7、received_response_count=0、accepted_response_count=0不把 response packet 當 repo creation、visibility change、refs sync 或 GitHub primary approval。",
"S4.11 只新增 refs truth owner response 收件包response_template_count=5、received_response_count=0、accepted_response_count=0不把 response packet 當 refs sync、delete、force push 或 GitHub primary approval。",
"S4.12 只新增 workflow / secret 名稱 owner response 收件包response_template_count=5、received_response_count=0、accepted_response_count=0不把 response packet 當 secret value collection、workflow modification、GitHub hosted runner enablement 或 GitHub primary approval。",
"S4.13 只新增 owner response validation rollupresponse_packet_count=4、template_count=22、received_response_count=0、accepted_response_count=0、cross_packet_check_count=10不把 rollup 當 approval、runtime gate 或 execution authorization。"
],
"forbidden_actions": [
"start_kali_scan",
"call_kali_execute_endpoint",
"run_credentialed_scan",
"create_github_repo",
"change_repo_visibility",
"sync_git_refs",
"switch_github_primary",
"auto_merge",
"production_deploy",
"store_secret_token_cookie_private_key_or_exploit_payload",
"turn_low_medium_observations_into_blocking_gates"
]
}