88 KiB
AwoooP x Security Supply Chain 整合 Handoff
| 項目 | 內容 |
|---|---|
| 日期 | 2026-05-06 |
| 狀態 | 已同步給 AwoooP 主線,僅文件與契約整合,尚未做 runtime 變更;2026-05-12 開始第一波 read-only 工具化 |
| 目的 | 讓 AwoooP Session 與 Kali/GitHub/Codex/Gitea 資安供應鏈 Session 在同一條治理主線上推進 |
| 低摩擦 policy | docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md |
| Contract manifest | docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md |
| 原則 | 低摩擦分階段、雙 Session 推進、共享契約、AwoooP 做治理控制面,資安供應鏈做 evidence 與執行來源 |
0. 給 AwoooP Session 的立即同步訊息
統帥已批准本支線開始推進,並要求以下工作納入同一個資安工作項目:
- Kali
192.168.0.112建置完整資訊安全網。 - 開發主機
192.168.0.111、192.168.0.168納入 observe-only 資安資產。 - Code Review 後需要 coding 的工作串接 Codex。
- 長期改為 GitHub primary,Gitea 降級為本地 mirror / fallback。
- Gitea 目前所有專案版本都必須完整盤點並轉移/同步到 GitHub。
- 上述事項必須與 AwoooP 治理控制面整合,不可形成第二套資安流程。
本文件是給 AwoooP Session 的同步入口。請先把這份 handoff 視為共享契約,不要直接把 Kali 掃描、Codex patch 或 GitHub 遷移邏輯塞進 AwoooP runtime。
統帥補充原則:初期不要把資安等級一次拉太高。AwoooP 初期應先支援 mirror / observe / warn / approval candidate,而不是把所有 findings、repo 狀態或流程差異都變成阻擋條件。
0.1 2026-05-17 進度同步
目前跨 Session 共用進度採用 security_mirror_status_rollup_v1.progress_estimate:
| 面向 | 目前進度 | AwoooP 判讀 |
|---|---|---|
| 整體資安網 | 58% | 框架健康、尚未進入 runtime enforcement |
| 框架 / 治理 / 文件 / schema / read-only evidence | 80-85% | 可優先建立 read-only mirror 與 Audit evidence |
| runtime ingestion / owner response / GitHub primary / production landing | 35-40% | 只能顯示缺口與 approval candidate,不得新增執行按鈕 |
AwoooP 目前應同步顯示 S4.9-S4.13 owner response 缺口、Gitea authenticated inventory partial 狀態、GitHub primary ready 0/7、workflow / secret inventory complete 0,以及 Kali /execute block candidate。這些狀態只供治理與人工審查,不代表 scan、repo 建立、refs sync、workflow 修改、secret 搬移、runner 啟用或 GitHub primary cutover 已獲授權。
2026-05-19 補充:58% 是 headline progress,近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與 S4.11 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 屬於 framework detail,所以會列入 progress_delta_ledger,但 headline_percent_delta=0。headline 要再往上,需要 owner response received / accepted、redacted payload ingestion、active runtime gate、GitHub primary readiness 或 AwoooP production ingestion 等實質 evidence。
同步驗收時可先跑:
python3 scripts/security/security-mirror-progress-guard.py
此腳本只讀 committed snapshots,確認進度估算、contract count、owner response、runtime gate、GitHub primary 與 forbidden actions 仍維持 mirror-only 邊界。
Source-control owner response 缺口可另跑:
python3 scripts/security/source-control-owner-response-guard.py
此腳本只讀 S4.9 / S4.10 / S4.11 / S4.12 四包 response snapshots 與 S4.13 validation rollup / evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates,確認目前 response received / accepted 仍為 0、reviewer audit emitted 仍為 0,且 repo、refs、workflow、secret、runner、GitHub primary 與 runtime action 皆未授權。
AwoooP 顯示 S4.13 時,應把 missing_response_lanes 當成 Operator Console 的主要缺口摘要:4 條 lane、22 個 response templates、目前 received / accepted 皆為 0;同時顯示 6 條 owner_response_evidence_routing_rules、8 個 owner_response_validation_display_sections、7 條 owner_response_validation_state_transition_rules、9 個 owner_response_validation_reviewer_checklist items、7 條 owner_response_validation_reviewer_outcome_lanes 與 4 個 owner_response_validation_reviewer_audit_event_templates,讓 reviewer 知道 evidence pointer 應補證、隔離、拒收、送跨包 review 或只讀更新,UI 應如何固定顯示總覽、缺口、收件順序、下一個收件、checks、routing、quarantine 與本機驗證,以及 waiting / pending validation / read-only update / waiting runtime gate 的狀態語義,也讓 reviewer 能把結果歸到等待、補證、隔離、拒收、跨包 review、只讀候選或等待後續 runtime gate,並只用脫敏 metadata 形狀留痕。這只是在告訴 reviewer 下一步要補哪些 owner response、evidence 該如何安全路由、狀態應如何判讀、結果如何只讀分類與 audit metadata 如何脫敏,不代表可以建立 repo、sync refs、修改 workflow / secret、啟用 runner、寫入 production ingestion 或切 GitHub primary。
建議顯示 owner_response_collection_order 作為下一步收件順序:先 S4.9 Gitea scope / canonical owner,再 S4.10 GitHub target owner / visibility / canonical,再 S4.11 refs truth,最後 S4.12 workflow / secret name parity。這只是 review 順序,不是 approval queue 或 execution queue。
可同步顯示 next_collection_candidate,目前只指向 S4.9 Gitea owner attestation response:需要 5 個 Gitea coverage attestation items、received / accepted 皆為 0、顯示模式為 display_next_collection_item_only。這個欄位只提示下一包 response,不是 approval,也不代表 S4.10 / S4.11 / S4.12 可被提前接受。
S4.9 也提供 1 個 owner_response_request_packet:AwoooP 可直接顯示 owner 需要回覆的 5 個 template、允許欄位、脫敏 evidence 規則、禁止 payload 與允許提交模式。這只是收件提示,不是 approval、不授權 inventory、不授權 repo 建立、不授權 refs sync,也不授權切 GitHub primary。
S4.9 也提供 5 個 owner_response_template_statuses:逐 template 顯示 waiting_owner_response、request_ready_not_sent、received / accepted / rejected 皆為 0,以及下一步 owner action。這只是 status ledger,不是 approval queue,也不能讓 request ready 自動變成 request sent。
S4.9 也提供 3 個 owner_response_audit_event_templates:request shown、response received metadata、outcome classified。這些都維持 template_only_not_emitted、emitted_event_count=0,只描述未來可記錄的脫敏 metadata 欄位;不得保存 owner response raw body、token、secret、private key、cookie、session、DB dump、git object、repo archive 或 execution request payload,也不代表 AwoooP production ingestion 已啟用。
S4.9 也提供 5 個 owner_response_redaction_examples:既有文件引用、owner decision metadata、private URL metadata、API/export summary、quarantine pointer。這些都是 template_example_only,只用來教 AwoooP / owner 以脫敏 metadata 回覆;不得把 redaction example 當成 response received、accepted、production ingestion 或執行授權。
S4.9 也提供 8 個 owner_response_display_sections:summary、request packet、template ledger、audit templates、redaction examples、collection checks、preflight/outcome lanes、acceptance/rejection rules。這些都是 display_contract_only,只定義 Operator Console 顯示順序,不得新增 action button、不得標記 received / accepted,也不得觸發 repo、refs、workflow、secret、runner 或 primary 動作。
S4.9 也提供 6 個 owner_response_collection_checks:request packet 已顯示、read-only submission mode、五個 templates 分開追蹤、脫敏 evidence only、不得把回覆語意升級成批准、只記錄 audit metadata。AwoooP 應用它把 request sent、response received、response accepted 三種狀態分開,不得因為 request 已發出就增加 received / accepted count。
S4.9 也提供 6 個 intake_preflight_checks:已知 item、必填欄位、允許 decision、脫敏 evidence、不得夾帶執行要求、接受前覆蓋五個 items。AwoooP 只能用它判斷可收、補證、隔離或拒收,不得把 preflight pass 當成 inventory runtime、repo migration 或 primary approval。
同時顯示 5 個 intake_outcome_lanes:ready_for_owner_review、request_more_evidence、quarantine_sensitive_payload、reject_execution_request、keep_waiting_owner_response。這些 lanes 只決定 Operator Console 顯示與 audit 分類,不會讓 received / accepted count 自動增加,也不會解除 S4.13 的 waiting 狀態。
1. Session 分工
AwoooP 主線 Session
負責:
- Policy / EffectivePolicy。
- Approval gate。
- Channel Event。
- Operator Console。
- MCP Gateway。
- Run State / Audit Sink。
- Contract packages / validators。
- Governance event 與 exception policy。
不得直接接手:
- Kali scan 執行。
- exploit verification。
- production deploy。
- secret rotation。
- firewall / RBAC / NetworkPolicy 修改。
- GitHub/Gitea 主控切換。
Security Supply Chain Session
負責:
- Kali findings 與
security_finding_v1。 - Code Review findings 與
coding_task_v1。 - GitHub primary / Gitea mirror 遷移盤點。
- Gitea 全量版本轉移 inventory。
- Source control / CI/CD supply chain evidence。
- Codex patch-only / suggest-only 接力設計。
- 112/111/168 asset seed 與 observe-only scope。
不得直接接手:
- AwoooP DB migration。
- EffectivePolicy runtime enforcement。
- MCP Gateway runtime gate。
- Channel Hub runtime 實作。
- Operator Console 主線 UI。
2. 共享目標架構
Kali / Code Review / GitHub / Gitea / Codex
-> security_supply_chain_contract_manifest_v1
-> security_mirror_readiness_v1 / security_mirror_intake_plan_v1 / security_mirror_event_v1 / security_mirror_route_v1 / security_mirror_acceptance_v1 / security_mirror_quarantine_v1 / security_mirror_dry_run_v1 / security_mirror_status_rollup_v1 / security_finding_v1 / kali_scan_scope_approval_v1 / security_approval_queue_v1 / security_approval_gate_v1 / security_approval_decision_record_v1 / security_approval_review_packet_v1 / security_approval_state_transition_v1 / security_followup_runtime_gate_v1 / source_control_primary_readiness_gate_v1 / source_control_primary_rollback_adr_v1 / source_control_workflow_secret_name_inventory_v1 / source_control_workflow_secret_name_owner_response_v1 / source_control_owner_response_validation_rollup_v1 / coding_task_v1 / source_control_migration_event_v1 / gitea_repo_inventory_v1 / local_git_remote_inventory_v1 / github_target_probe_v1 / github_target_decision_v1 / github_target_owner_decision_response_v1 / github_target_repo_approval_package_v1 / security_rollout_policy_v1
-> AWOOOI ingestion / asset_inventory / AIOps KPI / AOL
-> mirror 到 AwoooP Runtime State / Channel Event / Audit
-> AwoooP Policy / Approval / Exception / Operator Console
-> 人工批准後才進本地 deployment plane
初期只允許 mirror / read-only / suggest-only,不允許 AwoooP 直接觸發高風險執行。
3. 必須共享的事件契約
security_finding_v1
用途:承接 Kali、Trivy、ZAP、Semgrep、detect-secrets、kube posture 等 findings。
Schema:docs/schemas/security_finding_v1.schema.json
最小欄位:
{
"schema_version": "security_finding_v1",
"finding_id": "stable fingerprint",
"scan_run_id": "string",
"scanner": "kali|trivy|zap|semgrep|detect-secrets|kube-bench",
"asset_key": "string",
"target_type": "host|website|api_endpoint|container|package|repo|k8s_resource|tool",
"target": "redacted identifier",
"category": "exposure|cve|secret|misconfig|auth|tls|web|code|supply_chain|network",
"severity": "LOW|MEDIUM|HIGH|CRITICAL",
"confidence": "LOW|MEDIUM|HIGH",
"recommended_mode": "observe|warn|approve_required|block_candidate",
"evidence_ref": "redacted evidence pointer",
"summary": "繁體中文摘要",
"recommended_action": "繁體中文建議"
}
AwoooP 初期處理方式:mirror 成 Runtime State / Channel Event,不 enforcement。
kali_scan_scope_approval_v1
用途:定義 Kali 112、111/168 dev hosts、核心 runtime hosts、公開網站與 Kali high-risk path 的 scan scope、掃描深度與 approval gate。
Schema:docs/schemas/kali_scan_scope_approval_v1.schema.json
Snapshot:docs/security/kali-scan-scope-approval.snapshot.json
AwoooP 初期處理方式:只顯示 scope group 與 approval gate,可建立 approval candidate,但不得啟動 scan、不得呼叫 /execute、不得把 LOW / MEDIUM observation 變成 blocking gate。
security_approval_queue_v1
用途:集中整理 Security Supply Chain 現階段需要 AwoooP 顯示、排隊、等待人工決策的 pending approval / block candidate。
Schema:docs/schemas/security_approval_queue_v1.schema.json
Snapshot:docs/security/security-approval-queue.snapshot.json
目前 queue:8 items,7 個 pending approval,1 個 block candidate。建議先 review redacted Kali finding ingestion,再 review safe web crawl;Gitea lane 必須先顯示 S4.7 的 5 個 owner attestation items,owner scope decision 接受前不得進入 read-only inventory。
AwoooP 初期處理方式:只顯示 review order、blocked reason、required reviewers 與 evidence refs,可建立 approval candidate,但不得執行 queue item。
security_approval_gate_v1
用途:定義 S3 人工批准 gate 的決策語言、批准範圍、required reviewers、仍然禁止事項與 follow-up runtime gate。
Schema:docs/schemas/security_approval_gate_v1.schema.json
Snapshot:docs/security/security-approval-gate.snapshot.json
目前 gate:8 items,7 個 pending human decision,1 個 block candidate,0 個 approved。Gitea gate 已對齊 S4.7 owner coverage attestation 先行條件;批准後仍不得自動執行。
AwoooP 初期處理方式:只記錄人工決策、audit evidence 與批准範圍;不得把 gate item 接成 runner,不得在批准後自動啟動 scan、repo、refs、deploy 或 secret 類動作。
security_approval_decision_record_v1
用途:定義 S3 人工決策紀錄格式,保存 approve / reject / defer / request more evidence / keep blocked 的稽核資料。
Schema:docs/schemas/security_approval_decision_record_v1.schema.json
Snapshot:docs/security/security-approval-decision-record.snapshot.json
目前 decision records:0 筆;所有紀錄都必須維持 execution_authorized=false,且批准後仍需 follow-up runtime gate。
AwoooP 初期處理方式:只保存 reviewer、時間、evidence refs、批准範圍與決策結果;不得把 decision record 當成執行命令。
security_approval_review_packet_v1
用途:定義 S3 人工審查封包,將 approval queue 與 approval gate 包成 AwoooP 可顯示的 review packet。
Schema:docs/schemas/security_approval_review_packet_v1.schema.json
Snapshot:docs/security/security-approval-review-packet.snapshot.json
目前 review packets:8 筆;7 個 ready for human review、1 個 block candidate。Gitea review packet 必須顯示 S4.7 的 5 個 attestation items、received_attestation_count=0 與仍禁止事項;所有 packet 都必須維持 execution_authorized=false,且 action_buttons_allowed=false。
AwoooP 初期處理方式:只顯示 review order、review lane、required reviewers、requested decision、evidence refs 與 still forbidden;不得把 review packet 視為批准或執行授權。
security_approval_state_transition_v1
用途:定義 S3 人工決策後的只讀狀態轉移語義,避免 approve_scope 被誤解成可立即執行。
Schema:docs/schemas/security_approval_state_transition_v1.schema.json
Snapshot:docs/security/security-approval-state-transition.snapshot.json
目前 transition rules:5 筆,涵蓋 approve_scope、reject、defer、request_more_evidence、keep_blocked。所有 transition 都必須維持 execution_authorized=false。
AwoooP 初期處理方式:只顯示 next state,例如 scope_approved_waiting_runtime_gate、closed_rejected_no_action 或 blocked_by_default;不得把 transition rule 當成執行命令。
security_followup_runtime_gate_v1
用途:定義 S3.4 後續 runtime gate 的準備模板,讓 AwoooP 在 approve_scope 後知道未來若要進一步執行,必須先看到哪些 minimum evidence、preflight checks、rollback / disable requirement 與仍然禁止事項。
Schema:docs/schemas/security_followup_runtime_gate_v1.schema.json
Snapshot:docs/security/security-followup-runtime-gate.snapshot.json
目前 templates:8 筆,對應 redacted finding ingestion、safe web crawl、Gitea owner attestation + read-only inventory、GitHub target decisions、ref truth review、credentialed scan、Kali full-upgrade/reboot 與 Kali /execute block candidate。Gitea follow-up template 必須先檢查 S4.7 owner scope decision;ref truth follow-up template 必須先檢查 S4.11 owner response 驗收結果;active_runtime_gates=0、approved_scope_count=0、runtime_actions_authorized=false。
AwoooP 初期處理方式:只顯示準備條件與禁止事項,不新增 action button,不啟用 runtime gate,不執行 scan、repo、refs、deploy、secret、RBAC、NetworkPolicy 或 firewall 類動作。
source_control_primary_readiness_gate_v1
用途:定義 S4.0 GitHub primary readiness gate,讓 AwoooP 在任何 primary cutover 前能顯示 Gitea inventory、refs truth、workflow/runner/secret name parity、owner/visibility/canonical 與 rollback ADR 缺口。
Schema:docs/schemas/source_control_primary_readiness_gate_v1.schema.json
Snapshot:docs/security/source-control-primary-readiness-gate.snapshot.json
目前 readiness gate:8 個 candidate repos、7 個 in-scope blocked repos、1 個 external scope review、0 個 primary ready。所有 repo / refs / primary switch 動作都必須維持 disabled。
AwoooP 初期處理方式:只顯示 blockers、evidence refs 與 required review,不建立 GitHub repo、不修改 visibility、不 sync refs、不切 primary、不停用 Gitea。
source_control_ref_truth_owner_response_v1
用途:定義 S4.11 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,讓 AwoooP 在處理 source_control_ref_truth_classification_v1 前,先看到 owner 要回覆哪 5 類 refs truth 問題、各 template 是否仍 waiting、0 emitted 的脫敏 audit metadata 模板、安全回覆範例、request / received / accepted 分離檢查、只讀 preflight 分類,以及 main/dev truth、deprecated drift、release tag 與 GitHub-only refs 的 response 欄位、可接受決策、驗收規則與拒收規則。
Schema:docs/schemas/source_control_ref_truth_owner_response_v1.schema.json
Snapshot:docs/security/source-control-ref-truth-owner-response.snapshot.json
目前 response packet:5 個 response templates、8 個 acceptance checks、10 個 rejection rules;received_response_count=0、accepted_response_count=0、rejected_response_count=0。所有 refs sync / delete / force push / primary switch 動作都必須維持 disabled。
AwoooP 初期處理方式:只顯示 response templates、rejection rules 與 owner 補證缺口;收到 response 後只更新 read-only classification、draft reconcile plan 與 readiness blocker wording,不 fetch、不 push、不 delete refs、不 rewrite branch/tag、不切 GitHub primary。
source_control_primary_rollback_adr_v1
用途:定義 S4.4 GitHub primary rollback ADR 草案,讓 AwoooP 在任何 primary cutover 前能顯示 rollback owner、validation window、rollback triggers 與逐 repo owner review。
Schema:docs/schemas/source_control_primary_rollback_adr_v1.schema.json
Snapshot:docs/security/source-control-primary-rollback-adr.snapshot.json
目前 rollback ADR:7 個 in-scope repo rollback drafts、1 個 external scope review、0 個 owner approved、0 個 dry-run completed、0 個 active cutover。所有 rollback / primary switch / refs sync 動作都必須維持 disabled。
AwoooP 初期處理方式:只顯示 rollback ADR 草案、owner review、validation window 與仍然禁止事項,不執行 rollback、不切 GitHub primary、不停用 Gitea。
source_control_workflow_secret_name_inventory_v1
用途:定義 S4.1 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory gate,補上 GitHub primary 前不能缺的 CI/CD 與 secret hygiene evidence。
Schema:docs/schemas/source_control_workflow_secret_name_inventory_v1.schema.json
Snapshot:docs/security/source-control-workflow-secret-name-inventory.snapshot.json
目前 inventory:8 個 candidate repos、7 個 in-scope repos、1 個 external review;inventory_complete_count=0、missing_inventory_count=7、secret_value_collection_allowed=false。
S4.2 local evidence:已新增本機只讀 collector 與 snapshot,7 個 local repos visible、4 個 local evidence repos、31 個 workflow files、43 個 referenced secret names、5 個 runner labels、secret_value_detected=false。webhook、deploy key、branch protection 與 repository secret parity 仍需後續 redacted evidence。
S4.3 export request:已新增 source_control_workflow_secret_name_export_request_v1 supporting schema、snapshot 與人讀版;7 個 in-scope repos、5 類 export lanes:webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity。write_token_allowed=false、secret_value_collection_allowed=false。
S4.12 owner response:已新增 source_control_workflow_secret_name_owner_response_v1 supporting schema、snapshot 與人讀版;1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 response templates 對應 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity。received_response_count=0、accepted_response_count=0、audit_events_emitted=0、secret_value_collection_allowed=false、write_token_allowed=false。
AwoooP 初期處理方式:只顯示 inventory lane 缺口、S4.2 local evidence、S4.3 export request、S4.12 owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / templates、要求 redacted snapshot 與人工 review;不得收集 secret value、修改 workflow、rotate secret、啟用 GitHub hosted runner、sync refs 或切 GitHub primary。
security_mirror_readiness_v1
用途:集中整理 Security Supply Chain contracts 的 mirror readiness,讓 AwoooP 先知道哪些可 mirror、哪些 partial、哪些 contract-only。
Schema:docs/schemas/security_mirror_readiness_v1.schema.json
Snapshot:docs/security/security-mirror-readiness.snapshot.json
目前 readiness:35 個 contracts,32 個 ready for mirror,2 個 partial ready,1 個 contract-only,0 個 blocked。所有 contract 都是 execution_allowed=false。
AwoooP 初期處理方式:先 mirror readiness index,再依 readiness 分批 mirror 其他 snapshots;不得把 readiness 當 execution authorization。
security_mirror_intake_plan_v1
用途:定義 AwoooP 初期 mirror-only intake waves、destinations、allowed / blocked processing 與 acceptance gates。
Schema:docs/schemas/security_mirror_intake_plan_v1.schema.json
Snapshot:docs/security/security-mirror-intake-plan.snapshot.json
目前 intake plan:5 個 waves,從 index bootstrap、Kali visibility、source-control visibility、approval candidates 到 Codex patch-only backlog。所有 waves 都是 runtime_execution_authorized=false。
AwoooP 初期處理方式:照 wave 顯示與 mirror,不新增 scan / execute / repo / refs / deploy / secret 類執行按鈕。
security_mirror_event_v1
用途:AwoooP 鏡像資安供應鏈 contracts 時使用的統一事件信封,避免鏡像 evidence 被誤解成 execution authorization。
Schema:docs/schemas/security_mirror_event_v1.schema.json
範例:docs/security/security-mirror-event-sample.snapshot.json
必要邊界:每筆 event 都必須是 execution_authorized=false、action_buttons_allowed=false,並標示 redaction_status、source_contract、source_snapshot_path、destinations 與 blocked_actions。
AwoooP 初期處理方式:只把 mirror event 寫入 Operator Console / Runtime State / Channel Event / Audit / Approval Queue,不新增任何執行按鈕。
security_mirror_route_v1
用途:定義 AwoooP 消費資安供應鏈 contracts 時的只讀分流矩陣,包含目的地、channel policy 與 review lane。
Schema:docs/schemas/security_mirror_route_v1.schema.json
Snapshot:docs/security/security-mirror-route.snapshot.json
目前 route:5 個 route groups,涵蓋 35 個 contracts;所有 route 都是 runtime_execution_authorized=false。
AwoooP 初期處理方式:只依 route group 顯示 Operator Console / Runtime State / Channel Event / Audit / Approval Queue,不把 route 轉成 execution router。
security_mirror_acceptance_v1
用途:定義 AwoooP 接收 mirror-only 資安資料時的驗收 checks,避免 contract count、event envelope、route coverage 或 redaction 不一致。
Schema:docs/schemas/security_mirror_acceptance_v1.schema.json
Snapshot:docs/security/security-mirror-acceptance.snapshot.json
目前 acceptance:7 個 checks;其中 blocking checks 只阻擋不完整或未脫敏的鏡像資料,不阻擋 runtime。
AwoooP 初期處理方式:顯示驗收結果與失敗原因;不得把 acceptance contract 轉成 runtime blocker 或 execution queue。
security_mirror_quarantine_v1
用途:定義 AwoooP mirror-only 資安資料驗收失敗時的隔離 lane、recovery request 與 retry gate。
Schema:docs/schemas/security_mirror_quarantine_v1.schema.json
Snapshot:docs/security/security-mirror-quarantine.snapshot.json
目前 quarantine:5 個 lanes;同一份失敗 payload 不自動 retry,必須等新的 snapshot commit 後重新驗收。
AwoooP 初期處理方式:只隔離壞的 mirror payload、顯示原因與修復要求;不得轉成 runtime blocker 或 execution queue。
security_mirror_dry_run_v1
用途:定義 AwoooP mirror-only 接入演練時應回報的 dry-run 結果格式。
Schema:docs/schemas/security_mirror_dry_run_v1.schema.json
Snapshot:docs/security/security-mirror-dry-run.snapshot.json
目前 dry-run:8 個 steps,已包含 CHECK_PROGRESS_GUARD 與 CHECK_OWNER_RESPONSE_GUARD;dry_run_status=contract_defined_not_executed,尚未代表 AwoooP 已實際執行 dry-run或 production ingestion。
AwoooP 初期處理方式:只顯示 dry-run 報告與各 step 狀態;不得把 guard pass 當成 owner response 已收到,也不得轉成 production ingestion 或任何 runtime action。
security_mirror_status_rollup_v1
用途:定義 AwoooP 與 Security Supply Chain Session 的共同狀態摘要,彙整 S0-S4、contract readiness、approval queue summary、dry-run 狀態與下一個安全 gate。
Schema:docs/schemas/security_mirror_status_rollup_v1.schema.json
Snapshot:docs/security/security-mirror-status-rollup.snapshot.json
目前 rollup:framework_ready_waiting_approval;35 個 contracts、32 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆、primary ready 0 筆;S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;S4.10 GitHub target owner response request packet 1 筆、template statuses 7 筆、audit event templates 3 筆、redaction examples 5 筆、collection checks 6 筆、intake preflight checks 6 筆、owner decision response templates 7 筆、received response 0 筆、accepted response 0 筆;S4.11 refs truth owner response request packet 1 筆、template statuses 5 筆、audit event templates 3 筆、redaction examples 5 筆、collection checks 6 筆、intake preflight checks 6 筆、templates 5 筆、received response 0 筆、accepted response 0 筆、audit events emitted 0 筆;S4.13 owner response validation rollup 彙整 4 包、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、received response 0 筆、accepted response 0 筆、reviewer audit emitted 0 筆;Gitea inventory 目前 partial_waiting_authenticated_inventory,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、S4.9 owner response request packet 1 筆、template statuses 5 筆、audit event templates 3 筆、redaction examples 5 筆、display sections 8 筆、collection checks 6 筆、S4.9 owner response templates 5 筆、intake preflight checks 6 筆、outcome lanes 5 筆、received response 0 筆、audit events emitted 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆、S4.12 owner response request packet 1 筆、S4.12 template statuses 5 筆、S4.12 audit event templates 3 筆、S4.12 redaction examples 5 筆、S4.12 collection checks 6 筆、S4.12 intake preflight checks 6 筆、S4.12 owner response templates 5 筆、received response 0 筆、accepted response 0 筆、audit events emitted 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。
AwoooP 初期處理方式:只顯示階段狀態、下一個 gate 與禁止事項,可寫入 Audit evidence;不得把 rollup 當 runtime authorization。
security_rollout_policy_v1
用途:定義 Security Supply Chain 初期的低摩擦 rollout policy,避免把 observation 全部變成 blocking controls。
Schema:docs/schemas/security_rollout_policy_v1.schema.json
最小欄位:
{
"schema_version": "security_rollout_policy_v1",
"status": "draft",
"default_mode": "observe",
"enforcement_level": "mirror_only"
}
AwoooP 初期處理方式:只作為 read-only policy 與 Operator Console 顯示,不做 runtime enforcement。
security_supply_chain_contract_manifest_v1
用途:集中列出 Security Supply Chain 初期可供 AwoooP 消費的 schema、snapshot、人讀文件、允許動作與禁止動作。
Schema:docs/schemas/security_supply_chain_contract_manifest_v1.schema.json
最小欄位:
{
"schema_version": "security_supply_chain_contract_manifest_v1",
"status": "draft",
"default_enforcement_level": "mirror_only",
"contract_count": 35
}
AwoooP 初期處理方式:作為 contract registry 與 Operator Console 入口,只路由 mirror/read-only/approval queue,不作 execution router。
coding_task_v1
用途:承接 Code Review 後需要 Codex coding 的項目。
Schema:docs/schemas/coding_task_v1.schema.json
最小欄位:
{
"schema_version": "coding_task_v1",
"source": "github_code_review|gitea_code_review|codex_security|manual_review",
"repo": "string",
"branch": "string",
"base_sha": "string",
"head_sha": "string",
"risk": "LOW|MEDIUM|HIGH|CRITICAL",
"summary": "繁體中文摘要",
"allowed_actions": ["create_patch", "add_tests", "open_draft_pr"],
"blocked_actions": ["auto_merge", "production_deploy", "force_push", "secret_rotation", "network_policy_change"],
"required_reviewers": ["critic", "vuln-verifier"]
}
AwoooP 初期處理方式:作為 approval-ready work item,不自動執行。
source_control_migration_event_v1
用途:追蹤 Gitea 全量版本轉移到 GitHub 的供應鏈安全證據。
Schema:docs/schemas/source_control_migration_event_v1.schema.json
最小欄位:
{
"schema_version": "source_control_migration_event_v1",
"gitea_repo": "string",
"github_repo": "string",
"branch_count_gitea": 0,
"branch_count_github": 0,
"tag_count_gitea": 0,
"tag_count_github": 0,
"latest_sha_gitea": "string",
"latest_sha_github": "string",
"workflows_mapped": true,
"webhooks_mapped": true,
"secrets_inventory_only": true,
"status": "inventory|mirrored|verified|blocked",
"blocking_reason": "繁體中文說明"
}
AwoooP 初期處理方式:作為 supply chain governance evidence,不觸發 deploy。
gitea_repo_inventory_v1
用途:追蹤 Gitea org/user repo list 的全量盤點,作為「所有 Gitea 專案版本轉移到 GitHub」的前置 evidence。
Schema:docs/schemas/gitea_repo_inventory_v1.schema.json
最小欄位:
{
"schema_version": "gitea_repo_inventory_v1",
"base_url": "http://192.168.0.110:3001",
"org": "wooo",
"query_mode": "user",
"visibility_scope": "public_only",
"github_owner": "owenhytsai",
"token_present": false,
"http_status": 200,
"status": "partial",
"repo_count": 2,
"repos": [
{
"gitea_repo": "wooo/awoooi",
"name": "awoooi",
"owner": "wooo",
"private": false,
"empty": false,
"archived": false,
"default_branch": "main",
"clone_url_redacted": "http://192.168.0.110:3001/wooo/awoooi.git",
"ssh_url_redacted": "ssh://localhost:2222/wooo/awoooi.git",
"github_repo_candidate": "owenhytsai/awoooi"
},
{
"gitea_repo": "wooo/ewoooc",
"name": "ewoooc",
"owner": "wooo",
"private": false,
"empty": false,
"archived": false,
"default_branch": "main",
"clone_url_redacted": "http://192.168.0.110:3001/wooo/ewoooc.git",
"ssh_url_redacted": "ssh://localhost:2222/wooo/ewoooc.git",
"github_repo_candidate": "owenhytsai/ewoooc"
}
]
}
AwoooP 初期處理方式:作為 migration matrix 的 read-only evidence;partial 只代表 public-only 可見範圍,不得觸發 repo 建立、刪除、封存或 GitHub primary 切換。
S4.5 支援性請求:已新增 docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json、docs/security/gitea-authenticated-inventory-export-request.snapshot.json 與 docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md。此請求不新增第 36 個主 contract,而是補強 gitea_repo_inventory_v1:目前未認證公開範圍可見 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個;允許的來源只有只讀 token API 清冊或已脫敏管理匯出清冊;token_value_collection_allowed=false、write_token_allowed=false、repo_write_allowed=false、refs_sync_allowed=false、github_primary_switch_authorized=false。
S4.6 支援性驗收:已新增 docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json、docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json 與 docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md。此驗收仍不新增第 36 個主 contract,只定義 owner / 管理者提供脫敏 payload 後的 schema、redaction、coverage gap、quarantine 與 allowed output;目前 received_payload_count=0、accepted_payload_count=0、runtime_execution_authorized=false,不得把驗收格式視為 inventory 已完成或 primary cutover approval。
S4.7 支援性 owner attestation:已新增 docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json、docs/security/gitea-inventory-coverage-attestation.snapshot.json 與 docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md。此 attestation 仍不新增第 36 個主 contract,只定義 public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible disposition 的 owner decision;目前 required_attestation_item_count=5、received_attestation_count=0、accepted_attestation_count=0、runtime_execution_authorized=false,不得把 attestation request 視為 repo migration approval。
S4.9 支援性 owner response request packet 與收件包:已新增 docs/schemas/gitea_inventory_owner_attestation_response_v1.schema.json、docs/security/gitea-inventory-owner-attestation-response.snapshot.json 與 docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md。此 response packet 仍不新增第 36 個主 contract,只定義 AwoooP 可顯示給 owner 的回覆請求、template status ledger、audit event templates、redaction examples、display sections、collection checks、owner 回覆 S4.7 五個 items 時的必填欄位、intake preflight checks、outcome lanes、驗收規則、拒收規則與 allowed output;目前 owner_response_request_packet_count=1、owner_response_template_status_count=5、owner_response_audit_event_template_count=3、owner_response_redaction_example_count=5、owner_response_display_section_count=8、owner_response_collection_check_count=6、required_response_item_count=5、intake_preflight_check_count=6、intake_outcome_lane_count=5、received_response_count=0、accepted_response_count=0、runtime_execution_authorized=false,不得把 request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks 或 response packet 視為 read-only inventory 已執行、audit production ingestion、repo migration approval 或 GitHub primary approval。
local_git_remote_inventory_v1
用途:在 Gitea API 受阻時,盤點本機可見 Git working tree 的 remote URL,找出仍指向 Gitea、GitHub、110 內部 Git 或 GitLab 類 remote 的專案。
Schema:docs/schemas/local_git_remote_inventory_v1.schema.json
最小欄位:
{
"schema_version": "local_git_remote_inventory_v1",
"status": "partial",
"repo_count": 13,
"gitea_linked_count": 6,
"github_linked_count": 6,
"internal_110_only_count": 3
}
AwoooP 初期處理方式:作為 migration matrix 的輔助 evidence;不得把它視為 Gitea server 全量清單。
local_repo_canonical_probe_v1
用途:在多個本機 working tree 名稱相近但 remote/HEAD 不一致時,提供 read-only lineage evidence,避免自動把不同歷史誤合併。
Schema:docs/schemas/local_repo_canonical_probe_v1.schema.json
最小欄位:
{
"schema_version": "local_repo_canonical_probe_v1",
"group_name": "ewoooc-momo-pro-system",
"status": "unrelated",
"repo_count": 3,
"comparison_count": 3
}
AwoooP 初期處理方式:只作為 canonical decision evidence;不得觸發 merge、repo creation、repo deletion 或 mirror。
git_remote_refs_probe_v1
用途:對指定本機 repo 的 remote refs 做 read-only 探測,確認本機 HEAD 是否與 remote branch 對齊。
Schema:docs/schemas/git_remote_refs_probe_v1.schema.json
最小欄位:
{
"schema_version": "git_remote_refs_probe_v1",
"group_name": "internal-110-bitan-tsenyang",
"status": "ok",
"repo_count": 2,
"aligned_current_branch_count": 2
}
AwoooP 初期處理方式:只作為 source-control readiness evidence;不得觸發 fetch、push、mirror、repo creation 或 primary switch。
github_target_probe_v1
用途:對候選 GitHub repo 做 read-only 可見性與 refs probe,區分已存在、不可見、或外部 scope。
Schema:docs/schemas/github_target_probe_v1.schema.json
最小欄位:
{
"schema_version": "github_target_probe_v1",
"status": "ok",
"candidate_count": 8,
"exists_count": 5,
"not_found_or_private_count": 3
}
AwoooP 初期處理方式:只作為 migration target evidence;not_found_or_private 不等同確認不存在,不得自動建立 repo。
github_target_decision_v1
用途:追蹤候選 GitHub repo 的建立、可見性、封存或待判定決策,讓 target ownership 與 approval 狀態可被 AwoooP mirror。
Schema:docs/schemas/github_target_decision_v1.schema.json
最小欄位:
{
"schema_version": "github_target_decision_v1",
"status": "draft",
"decision_count": 8,
"approval_required_count": 7
}
AwoooP 初期處理方式:作為 approval candidate 與 migration target evidence;需同時顯示 S4.10 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、owner decision response templates、received_response_count=0 與 rejection rules;不得直接建立 GitHub repo、修改 visibility、同步 refs 或切 GitHub primary。
github_target_owner_decision_response_v1
用途:定義 7 個 approval-required GitHub targets 的 owner / visibility / canonical response request packet、收件欄位、驗收規則與拒收規則。
Schema:docs/schemas/github_target_owner_decision_response_v1.schema.json
最小欄位:
{
"schema_version": "github_target_owner_decision_response_v1",
"status": "draft_waiting_owner_response",
"owner_response_request_packet_count": 1,
"owner_response_template_status_count": 7,
"owner_response_audit_event_template_count": 3,
"response_template_count": 7,
"received_response_count": 0,
"accepted_response_count": 0
}
AwoooP 初期處理方式:mirror 成 owner response request / status / review lane。request packet 只顯示要請 owner 回覆哪 7 個 target 與不得貼什麼,template status ledger 只逐項顯示 waiting / request ready,audit event templates 只定義 0 emitted 的脫敏 metadata,redaction examples 只示範脫敏 metadata shape,collection checks 只維持 request / received / accepted 分離;response 通過後只更新 read-only decision table、approval package、approval board 與 primary readiness gate;不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 repo creation、visibility change、refs sync 或 GitHub primary approval。
github_target_repo_approval_package_v1
用途:把 github_target_decision_v1 中需要人工批准的 target 拆成逐 repo approval package,降低一次性審批的複雜度。
Schema:docs/schemas/github_target_repo_approval_package_v1.schema.json
最小欄位:
{
"schema_version": "github_target_repo_approval_package_v1",
"status": "draft",
"package_count": 7,
"approval_items": []
}
AwoooP 初期處理方式:mirror 成 approval queue draft,並連到 S4.10 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / response 收件包。低摩擦原則下,read-only evidence 不被阻擋;只有 repo creation、visibility change、refs sync、primary switch 等高風險執行才需要 approval。
approval_required_event_v1
用途:把高風險資安修補、Codex patch、source control 主控切換送進 AwoooP approval。
Schema:docs/schemas/approval_required_event_v1.schema.json
必須進 approval 的情況:
severity=HIGH|CRITICAL。- 會改 secrets、RBAC、NetworkPolicy、firewall、CORS。
- 會改 production deploy controller。
- 會切換 GitHub primary / Gitea mirror 主控面。
- 會啟用 credentialed scan 或 active DAST。
- 會使用 Gitea read-only token 或匯入管理匯出補 private/internal repo list。
- 會讓 Codex patch 自動合併或自動部署。
4. AwoooP 整合順序
Phase S0:文件與契約同步
狀態:本文件建立後即完成第一步同步。
交付:
- 本 handoff。
- LOGBOOK 條目。
security_supply_chain_contract_manifest_v1、security_finding_v1、coding_task_v1、source_control_migration_event_v1、gitea_repo_inventory_v1、local_git_remote_inventory_v1、github_target_probe_v1、github_target_decision_v1、github_target_repo_approval_package_v1、security_rollout_policy_v1、local_repo_canonical_probe_v1、git_remote_refs_probe_v1、approval_required_event_v1JSON Schema 草案。
Phase S1:Mirror-only
目標:讓 AwoooP 看見事件,但不改變行為。
允許:
- 將 security findings mirror 成 Runtime State。
- 將 coding tasks mirror 成 approval candidate。
- 將 source control migration inventory mirror 成 supply chain evidence。
- 將 Gitea repo inventory mirror 成 migration matrix evidence。
- 將本機 Git remote inventory mirror 成 source-control coverage evidence。
- 將 GitHub target 決策 mirror 成 approval candidate。
- 將 GitHub target repo-by-repo package mirror 成 approval queue draft。
- 將低摩擦 rollout policy mirror 成 read-only policy。
- 將 contract manifest mirror 成 contract registry。
- 將 status rollup mirror 成跨 Session 共同狀態入口。
- 將 workflow / secret 名稱 inventory gate mirror 成 source-control review evidence。
禁止:
- 直接 enforcement。
- 直接啟動 scan。
- 直接呼叫 Codex patch runner。
- 直接切 GitHub/Gitea 主控。
- 直接刪除、封存或建立 repo。
- 直接修改 GitHub repo visibility。
Phase S2:Read-only Policy
目標:AwoooP 只計算 policy,不執行。
範例:
security_finding_v1進來後,AwoooP 回傳observe|warn|approve_required建議。coding_task_v1進來後,AwoooP 回傳是否需要critic/vuln-verifier。source_control_migration_event_v1進來後,AwoooP 回傳是否缺 branch/tag/workflow/webhook/permission evidence。local_git_remote_inventory_v1進來後,AwoooP 回傳是否仍有 local-only / internal-110-only source-control risk。github_target_decision_v1進來後,AwoooP 回傳是否需要 owner / visibility / canonical approval。github_target_repo_approval_package_v1進來後,AwoooP 回傳逐 repo approval queue draft,不阻擋 read-only evidence。security_rollout_policy_v1進來後,AwoooP 回傳 observe / warn / approve_required 建議,不做 enforcement。security_supply_chain_contract_manifest_v1進來後,AwoooP 回傳可消費 contract 清單,不新增 execution router。source_control_workflow_secret_name_inventory_v1進來後,AwoooP 回傳缺哪些 redacted workflow / secret name evidence,並顯示 S4.3 export request 的 webhook / runner / deploy key / branch protection / repository secret parity lanes;不收集 secret value、不修改 workflow。
Phase S3:Approval Gate
目標:高風險行為必須經 AwoooP approval。
先納入:
- Codex patch 合併前。
- HIGH/CRITICAL findings 修補前。
- GitHub primary 切換前。
- credentialed scan 前。
Phase S4:Operator Console
目標:讓操作者在 AwoooP Console 看見:
- 資安 posture。
- open findings。
- coding task 狀態。
- GitHub/Gitea migration matrix。
- approval queue。
- accepted risk / false positive / exception。
Console 初期不提供高風險執行按鈕。
5. 兩邊 Session 的衝突邊界
| 區域 | AwoooP Session | Security Supply Chain Session | 衝突避免 |
|---|---|---|---|
| Contract schema | 主責 | 提供草案與需求 | AwoooP 決定 canonical package |
| DB migration | 主責 | 不碰 | findings 先文件化,不建表 |
| Runtime enforcement | 主責 | 不碰 | 先 mirror/read-only |
| Kali scan | 不直接執行 | 主責規劃 | AwoooP 只管 approval/policy |
| Codex patch | 不直接執行 | 主責規劃 | AwoooP 只管 approval/audit |
| GitHub/Gitea 遷移 | 治理 gate | inventory 與遷移設計 | 主控切換需雙方 handoff |
| MCP Gateway | 主責 | 只提出 access needs | 不新增 direct tool bypass |
| Channel Event | 主責 | 提供事件需求 | Channel adapter 不做 policy |
6. AwoooP Session 需要消費的工作項
請 AwoooP 主線在後續規劃時預留:
- Runtime State 可容納
security_finding_v1mirror。 - Approval model 可容納
coding_task_v1與source_control_migration_event_v1。 - EffectivePolicy 可判斷
observe|warn|approve_required|block_candidate。 - Channel Event 可承載資安 findings 與供應鏈遷移事件。
- Audit Sink 必須脫敏,不可儲存 raw secret、token、cookie、exploit payload。
- Operator Console 需要 supply chain / security posture 視圖,但初期不要高風險 action。
- MCP Gateway 後續要能限制 Codex/Kali/GitHub 工具權限。
- Migration matrix 可容納
gitea_repo_inventory_v1,但初期只讀。 - Migration matrix 可容納
local_git_remote_inventory_v1,但不得視為 server 全量。 - Approval queue 可容納
github_target_decision_v1與github_target_repo_approval_package_v1,但不得直接建立 repo 或改 visibility。 - Read-only policy 可容納
security_rollout_policy_v1,但初期不得把它變成 runtime blocking rule。 - Contract registry 可容納
security_supply_chain_contract_manifest_v1,但初期不得把它變成 direct tool router。 - Source-control review 可容納
source_control_workflow_secret_name_inventory_v1與 S4.3 redacted export request,但只能顯示 workflow / secret 名稱缺口、owner export lanes 與 hosted runner 額度風險,不得收集 value 或修改 workflow。 - Source-control review 可容納 S4.13
source_control_owner_response_validation_rollup_v1,集中顯示 S4.9 / S4.10 / S4.11 / S4.12 四包 owner response validation 狀態、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes 與 reviewer audit event templates;不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes 或 reviewer audit templates 當成 approval、runtime gate、production ingestion 或 execution authorization。
7. Security Supply Chain Session 下一步
已批准開始推進後,本支線第一波只做:
- Gitea/GitHub 全量版本盤點設計。
coding_task_v1schema 文件化。security_finding_v1schema 文件化。source_control_migration_event_v1schema 文件化。gitea_repo_inventory_v1schema 文件化。local_git_remote_inventory_v1schema 文件化。github_target_probe_v1schema 文件化。local_repo_canonical_probe_v1schema 文件化。git_remote_refs_probe_v1schema 文件化。github_target_decision_v1schema 文件化。approval_required_event_v1schema 文件化。- 112/111/168 observe-only asset mapping。
- Codex patch-only handoff prompt。
- AwoooP mirror-only integration notes。
第一版 inventory 已建立於 docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md。目前只完成 awoooi repo read-only 初步盤點,已確認 GitHub / Gitea 存在 branches、tags 與 main SHA 差異,因此主控切換必須保持 blocked,直到全量同步驗證完成。
第一版 observe-only host mapping 已建立於 docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md。第一版 Codex patch-only handoff prompt 已建立於 docs/security/CODEX-PATCH-ONLY-HANDOFF-PROMPT.md。
2026-05-12 更新:已新增 scripts/security/source-control-migration-inventory.py,並產出 docs/security/gitea-github-awoooi-inventory.snapshot.json。目前 source_control_migration_event_v1.status=blocked,因 Gitea heads 117、GitHub heads 2、Gitea tags 2、GitHub tags 0,且 main SHA 不一致。AwoooP Session 應將此視為 supply-chain evidence,不得視為可切 GitHub primary。
2026-05-12 追加:已新增 scripts/security/gitea-repo-inventory.py、docs/schemas/gitea_repo_inventory_v1.schema.json,並產出 docs/security/gitea-repo-inventory.snapshot.json。目前 gitea_repo_inventory_v1.status=partial,因未提供 token 時只能取得 public-only wooo/awoooi 與 wooo/ewoooc;完整全量仍需只讀 token 或管理匯出。
2026-05-12 Gitea endpoint 判定追加:已新增 docs/security/gitea-org-repo-inventory-blocked.snapshot.json 與 docs/security/GITEA-ORG-REPO-INVENTORY-BLOCKED-SNAPSHOT.md,保留 orgs/wooo/repos 未認證 404 evidence;後續 server-side inventory 以 users/wooo/repos、只讀 token 或管理匯出為主。
2026-05-12 server-side inventory runbook 追加:已新增 docs/security/GITEA-SERVER-SIDE-INVENTORY-RUNBOOK.md,定義 public-only、只讀 token、管理匯出 JSON 三種路徑。AwoooP 可 mirror runbook 狀態,但不得要求 Security Supply Chain Session 提供 token value。
2026-05-12 Gitea approval package 追加:已新增 docs/security/GITEA-READONLY-INVENTORY-APPROVAL-PACKAGE.md 與 docs/security/gitea-readonly-inventory-approval.snapshot.json,用 approval_required_event_v1 描述 run_gitea_readonly_inventory 的人工 gate。AwoooP 可建立 approval candidate,但不得保存 token value 或觸發任何 repo 建立、visibility 修改、refs sync。
2026-05-12 再追加:已新增 scripts/security/local-git-remote-inventory.py、docs/schemas/local_git_remote_inventory_v1.schema.json,並產出 docs/security/local-git-remote-inventory.snapshot.json。目前 local_git_remote_inventory_v1.status=partial,找到本機可見 working trees 13 個,其中 Gitea linked 6、GitHub linked 6、110 internal-only 3;此結果只作為 Gitea API 受阻時的輔助 evidence。
2026-05-12 矩陣追加:已新增 docs/security/SOURCE-CONTROL-MIGRATION-MATRIX.md,將本機可見 source-control targets 拆成 P0/P1/P2。AwoooP 可 mirror 此矩陣作為 migration planning evidence,但不得依此自動建立、刪除、同步 repo 或切換 primary。
2026-05-12 refs diff 追加:已新增 docs/security/source-control-clawbot-v5.snapshot.json、docs/security/source-control-wooo-aiops.snapshot.json。wooo/clawbot-v5 與 wooo/wooo-aiops 目前都為 source_control_migration_event_v1.status=blocked,不得視為 GitHub primary ready。
2026-05-12 draft reconcile plan 追加:已新增 scripts/security/source-control-reconcile-plan.py、docs/schemas/source_control_reconcile_plan_v1.schema.json,並產出 docs/security/source-control-reconcile-plan.snapshot.json 與 docs/security/SOURCE-CONTROL-RECONCILE-PLAN.md。此 plan 只涵蓋 awoooi、clawbot-v5、wooo-aiops 三個 refs-blocked mapped repos,狀態為 draft_blocked;AwoooP 可 mirror 成 approval candidate,但不得 push refs、force push、刪 refs、切 GitHub primary。
2026-05-13 branch/tag detail diff 追加:已新增 scripts/security/source-control-ref-detail-diff.py、docs/schemas/source_control_ref_detail_diff_v1.schema.json,並產出 docs/security/source-control-ref-detail-diff.snapshot.json 與 docs/security/SOURCE-CONTROL-REF-DETAIL-DIFF.md。最新 read-only diff 忽略本 PR 分支後,awoooi 仍有 Gitea-only branches 115、Gitea-only tags 2、main SHA 不一致;clawbot-v5 main SHA 不一致且 GitHub 缺 Gitea tag;wooo-aiops GitHub 有 1 條額外 branch 與 19 個 GitHub-only tags。AwoooP 可 mirror 此 evidence,但不得 fetch、push、delete refs 或切 primary。
2026-05-13 ref truth classification 追加:已新增 scripts/security/source-control-ref-truth-classification.py、docs/schemas/source_control_ref_truth_classification_v1.schema.json,並產出 docs/security/source-control-ref-truth-classification.snapshot.json 與 docs/security/SOURCE-CONTROL-REF-TRUTH-CLASSIFICATION.md。目前 141 個 refs review items 已拆成 4 個 manual_truth_required、114 個 manual_review_deprecated_candidate、3 個 manual_review_release_tag、20 個 manual_review_github_only。AwoooP 可建立 repo owner review queue,但不得把分類結果直接執行成 refs sync、delete、force push 或 GitHub primary switch。
2026-05-17 S4.11 ref truth owner response 追加,2026-05-18 至 2026-05-19 補 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks:已新增 docs/schemas/source_control_ref_truth_owner_response_v1.schema.json、docs/security/source-control-ref-truth-owner-response.snapshot.json 與 docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md。目前 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 response templates 對應 main/dev truth、deprecated drift、release tag retention 與 GitHub-only refs review;received / accepted response 皆為 0,audit events emitted 仍為 0。AwoooP 可 mirror 成 owner response intake queue,但不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 refs sync、delete、force push 或 GitHub primary approval。
2026-05-12 public search / canonical 追加:Gitea public search 在未提供 token 時可見 wooo/awoooi、wooo/ewoooc。已新增 docs/security/SOURCE-CONTROL-CANONICAL-DECISION-TABLE.md,其中 wooo/ewoooc、root/momo-pro-system、momo-pro-system、momo_pro_system 仍需人工判定 canonical 關係,不得自動合併。
2026-05-12 GitHub target probe 追加:已新增 scripts/security/github-target-probe.py、docs/schemas/github_target_probe_v1.schema.json 與 docs/security/github-target-probe.snapshot.json。8 個候選中 5 個可讀,owenhytsai/ewoooc、owenhytsai/bitan-pharmacy、owenhytsai/tsenyang-website 為 not_found_or_private。
2026-05-12 canonical lineage 追加:已新增 scripts/security/local-repo-canonical-probe.py、docs/schemas/local_repo_canonical_probe_v1.schema.json 與 docs/security/local-repo-canonical-ewoooc-momo.snapshot.json。ewoooc-momo-pro-system 群組目前為 unrelated,三個本機 working tree 在 sample 內沒有共同 commit,不得自動合併。
2026-05-12 internal refs 追加:已新增 scripts/security/git-remote-refs-probe.py、docs/schemas/git_remote_refs_probe_v1.schema.json 與 docs/security/git-remote-refs-bitan-tsenyang.snapshot.json。bitan-pharmacy、tsenyang-website 的本機 main 與 110 remote main 對齊,但 GitHub target 仍未確認。另新增 docs/security/git-remote-refs-wooo-infra-config.snapshot.json;wooo-infra-config 的 GitHub remote 與本機 main 對齊,110 internal remote 目前不可讀。
2026-05-12 GitHub target 決策追加:已新增 docs/schemas/github_target_decision_v1.schema.json、docs/security/github-target-decision.snapshot.json 與 docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md。8 個 target 候選中 7 個需人工批准;AwoooP 只能 mirror 為 approval candidate,不得自動建立 repo、修改 visibility、同步 refs 或切 GitHub primary。
2026-05-12 GitHub target repo-by-repo approval package 追加:已新增 docs/schemas/github_target_repo_approval_package_v1.schema.json、docs/security/github-target-repo-approval-package.snapshot.json 與 docs/security/GITHUB-TARGET-REPO-APPROVAL-PACKAGE.md。7 個 approval-required targets 已拆成逐 repo pending package;依統帥提醒採低摩擦分階段,不把 read-only evidence 變成阻擋條件。
2026-05-17 S4.10 GitHub target owner decision response 收件包追加,2026-05-18 補 request packet、template status ledger、audit event templates、redaction examples、collection checks 與 intake preflight checks:已新增 docs/schemas/github_target_owner_decision_response_v1.schema.json、docs/security/github-target-owner-decision-response.snapshot.json 與 docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md。AwoooP 可顯示 1 個 owner response request packet、7 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、7 個 response templates、8 個 acceptance checks 與 10 個 rejection rules;目前收到 response 0 筆、接受 0 筆,仍不得建立 repo、修改 visibility、sync refs、切 GitHub primary 或停用 Gitea。
2026-05-12 低摩擦 rollout policy 追加:已新增 docs/schemas/security_rollout_policy_v1.schema.json、docs/security/security-rollout-policy.snapshot.json 與 docs/security/SECURITY-LOW-FRICTION-ROLLOUT-POLICY.md。AwoooP 初期應採 observe-first / mirror-only,不把 LOW / MEDIUM observation 變成 blocking controls。
2026-05-12 contract manifest 追加:已新增 docs/schemas/security_supply_chain_contract_manifest_v1.schema.json、docs/security/security-supply-chain-contract-manifest.snapshot.json 與 docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md。AwoooP 應先讀 manifest 作為 mirror-only contract registry,不把 manifest 當 execution router。
2026-05-13 mirror route 追加:已新增 docs/schemas/security_mirror_route_v1.schema.json、docs/security/security-mirror-route.snapshot.json 與 docs/security/SECURITY-MIRROR-ROUTE.md。AwoooP 可依 5 個 route groups 將 35 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue;route 只決定目的地、channel policy 與 review lane,不是 execution router。
2026-05-13 mirror acceptance 追加,2026-05-18 已對齊 progress guard:已新增 docs/schemas/security_mirror_acceptance_v1.schema.json、docs/security/security-mirror-acceptance.snapshot.json 與 docs/security/SECURITY-MIRROR-ACCEPTANCE.md。AwoooP 可用 8 個 acceptance checks 驗收 mirror ingestion;blocking checks 只針對 contract count mismatch、缺 event envelope、route coverage 不完整、未脫敏 evidence 或進度估算被誤當授權,不得阻擋 runtime 流程。
2026-05-13 mirror quarantine 追加:已新增 docs/schemas/security_mirror_quarantine_v1.schema.json、docs/security/security-mirror-quarantine.snapshot.json 與 docs/security/SECURITY-MIRROR-QUARANTINE.md。AwoooP 可用 5 個 quarantine lanes 隔離驗收失敗 payload,顯示 owner、recovery request 與 retry gate;不得自動重試、不得猜測缺漏 contract、不得阻擋 runtime 流程。
2026-05-13 mirror dry-run 追加,2026-05-18 已對齊 progress guard 與 owner response guard:已新增 docs/schemas/security_mirror_dry_run_v1.schema.json、docs/security/security-mirror-dry-run.snapshot.json 與 docs/security/SECURITY-MIRROR-DRY-RUN.md。AwoooP 未來可用 8 個 dry-run steps 回報接入演練結果;本 snapshot 狀態為 contract_defined_not_executed,不得視為 production ingestion 已啟用。
2026-05-13 mirror status rollup 追加,2026-05-18 補 progress display policy / delta ledger:已新增 docs/schemas/security_mirror_status_rollup_v1.schema.json、docs/security/security-mirror-status-rollup.snapshot.json 與 docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md。AwoooP 與 Security Supply Chain Session 可用同一份 rollup 同步 S0-S4、35 個 contracts、approval queue summary、review packet summary、state transition summary、follow-up runtime gate template summary、GitHub primary readiness summary、rollback ADR summary、workflow / secret name inventory summary、58% headline progress、micro progress delta ledger 與下一個安全 gate;本契約不授權任何 runtime action。
2026-05-13 S3 approval gate 追加:已新增 docs/schemas/security_approval_gate_v1.schema.json、docs/security/security-approval-gate.snapshot.json 與 docs/security/SECURITY-APPROVAL-GATE.md。AwoooP 可用 8 個 gate items 記錄人工批准、拒絕、延後或補 evidence;批准後仍需 follow-up runtime gate,不得直接執行。
2026-05-13 S3 decision record 追加:已新增 docs/schemas/security_approval_decision_record_v1.schema.json、docs/security/security-approval-decision-record.snapshot.json 與 docs/security/SECURITY-APPROVAL-DECISION-RECORD.md。AwoooP 可保存人工決策稽核紀錄;目前 0 筆 decision records,所有紀錄都必須 execution_authorized=false。
2026-05-13 S3 review packet 追加:已新增 docs/schemas/security_approval_review_packet_v1.schema.json、docs/security/security-approval-review-packet.snapshot.json 與 docs/security/SECURITY-APPROVAL-REVIEW-PACKET.md。AwoooP 可顯示 8 個人工審查封包、review lane、required reviewers 與 still forbidden;review packet 不代表批准,也不授權執行。
2026-05-13 S3 state transition 追加:已新增 docs/schemas/security_approval_state_transition_v1.schema.json、docs/security/security-approval-state-transition.snapshot.json 與 docs/security/SECURITY-APPROVAL-STATE-TRANSITION.md。AwoooP 可顯示 5 個人工決策後 next state;approve_scope 只進入 scope_approved_waiting_runtime_gate,仍不得直接執行 scan、repo、refs、deploy 或 secret 類動作。
2026-05-13 S3 follow-up runtime gate 準備追加:已新增 docs/schemas/security_followup_runtime_gate_v1.schema.json、docs/security/security-followup-runtime-gate.snapshot.json 與 docs/security/SECURITY-FOLLOWUP-RUNTIME-GATE.md。AwoooP 可顯示 8 個後續 runtime gate 準備模板、minimum evidence、preflight checks 與 rollback / disable requirement;目前 active_runtime_gates=0,不得新增 action button 或啟用 runtime gate。
2026-05-13 S4.0 GitHub primary readiness gate 追加:已新增 docs/schemas/source_control_primary_readiness_gate_v1.schema.json、docs/security/source-control-primary-readiness-gate.snapshot.json 與 docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md。AwoooP 可顯示 8 個 candidate repos、7 個 in-scope blocked repos、Gitea inventory、refs truth、workflow/runner/secret name parity 與 rollback ADR 缺口;目前 primary_ready_count=0,不得建立 repo、sync refs、切 GitHub primary 或停用 Gitea。
2026-05-13 S4.1 workflow / secret name inventory 追加:已新增 docs/schemas/source_control_workflow_secret_name_inventory_v1.schema.json、docs/security/source-control-workflow-secret-name-inventory.snapshot.json 與 docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md。AwoooP 可顯示 8 個 candidate repos 的 workflow / webhook / runner / deploy key / branch protection / CODEOWNERS / secret 名稱 inventory 缺口;目前 inventory_complete_count=0、secret_value_collection_allowed=false,不得收集 secret value、修改 workflow、rotate secret、sync refs 或切 GitHub primary。
2026-05-13 S4.2 workflow / secret name local evidence 追加:已新增 scripts/security/source-control-workflow-secret-name-local-inventory.py、docs/schemas/source_control_workflow_secret_name_local_evidence_v1.schema.json、docs/security/source-control-workflow-secret-name-local-evidence.snapshot.json 與 docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-LOCAL-EVIDENCE.md。本輪只從本機 working tree 的 .github/workflows、.gitea/workflows 與 CODEOWNERS 萃取名稱級 metadata:7 個 local repos visible、4 個 local evidence repos、31 個 workflow files、43 個 referenced secret names、secret_value_detected=false;不得視為 GitHub primary ready。
2026-05-13 S4.3 workflow / secret name redacted export request 追加:已新增 docs/schemas/source_control_workflow_secret_name_export_request_v1.schema.json、docs/security/source-control-workflow-secret-name-export-request.snapshot.json 與 docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-EXPORT-REQUEST.md。本輪只定義 7 個 in-scope repos、5 類 export lanes 的 owner / read-only export 欄位與拒收規則:webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity;write_token_allowed=false、secret_value_collection_allowed=false,不得呼叫 API 或修改 GitHub/Gitea。
2026-05-17 S4.12 workflow / secret name owner response 追加,2026-05-19 補 request packet、template status ledger、audit event templates、redaction examples 與 collection checks:已新增 docs/schemas/source_control_workflow_secret_name_owner_response_v1.schema.json、docs/security/source-control-workflow-secret-name-owner-response.snapshot.json 與 docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md。目前 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks 與 5 個 response templates 對應 webhook、runner、deploy key、branch protection / CODEOWNERS 與 repository secret name parity;received / accepted response 皆為 0、audit events emitted 仍為 0。AwoooP 可 mirror 成 owner response intake queue,但不得把 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 或 response packet 當成 secret value collection、workflow modification、GitHub hosted runner enablement 或 GitHub primary approval。
2026-05-17 S4.13 owner response validation rollup 追加:已新增 docs/schemas/source_control_owner_response_validation_rollup_v1.schema.json、docs/security/source-control-owner-response-validation-rollup.snapshot.json 與 docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md。目前彙整 S4.9 / S4.10 / S4.11 / S4.12 四包 response packets,22 個 response templates、received / accepted / rejected response 皆為 0、cross-packet checks 10 個;2026-05-19 再補 6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes 與 4 個 reviewer audit event templates,讓 AwoooP 只讀判斷補證、隔離、拒收、跨包 review 或只讀更新,固定 Operator Console 顯示順序,顯示 waiting、pending validation、read-only update 與 waiting runtime gate 的狀態語義,提供人工審查順序,把 reviewer 結果只讀分類成等待、補證、隔離、拒收、跨包 review、只讀候選或等待後續 runtime gate,並定義未來可留痕的脫敏 metadata 形狀;目前 reviewer audit emitted 仍為 0。AwoooP 可 mirror 成只讀驗收總覽,但不得把 rollup、routing、sections、transition rules、reviewer checklist、reviewer outcome lanes 或 reviewer audit templates 當成 approval、runtime gate、production ingestion、repo / refs / workflow / secret / runner 執行授權或 GitHub primary approval。
2026-05-13 S4.4 GitHub primary rollback ADR 追加:已新增 docs/schemas/source_control_primary_rollback_adr_v1.schema.json、docs/security/source-control-primary-rollback-adr.snapshot.json 與 docs/security/SOURCE-CONTROL-PRIMARY-ROLLBACK-ADR.md。本輪只定義 7 個 in-scope repos 的 rollback ADR 草案、precondition、trigger、validation window 與 owner review;owner_approved_count=0、dry_run_completed_count=0、active_cutover_count=0,不得切 GitHub primary、不得執行 rollback、不得停用 Gitea。
2026-05-13 S4.5 Gitea 認證清冊匯出請求追加:已新增 docs/schemas/gitea_authenticated_inventory_export_request_v1.schema.json、docs/security/gitea-authenticated-inventory-export-request.snapshot.json 與 docs/security/GITEA-AUTHENTICATED-INVENTORY-EXPORT-REQUEST.md。本輪只定義 Gitea 私有 / 內部全量清冊的脫敏匯出請求;目前未認證公開範圍 repo 2 個、本機可見 Gitea unique repo 4 個、覆蓋缺口 2 個、匯出來源選項 2 類;不得保存 token value、不得使用 write token、不得寫入 Gitea、不得建立或刪除 repo、不得 sync refs、不得切 GitHub primary。
2026-05-13 S4.6 Gitea 認證清冊匯入驗收追加:已新增 docs/schemas/gitea_authenticated_inventory_import_acceptance_v1.schema.json、docs/security/gitea-authenticated-inventory-import-acceptance.snapshot.json 與 docs/security/GITEA-AUTHENTICATED-INVENTORY-IMPORT-ACCEPTANCE.md。本輪只定義 owner / 管理者提供脫敏 payload 後的驗收、拒收與隔離規則;目前收到 payload 0 筆、接受 0 筆、拒收 0 筆;不得保存 token value、不得匯入 DB dump 或 git object、不得寫 Gitea、不得 sync refs、不得切 GitHub primary。
2026-05-17 S4.7 Gitea 清冊覆蓋 owner attestation 追加:已新增 docs/schemas/gitea_inventory_coverage_attestation_v1.schema.json、docs/security/gitea-inventory-coverage-attestation.snapshot.json 與 docs/security/GITEA-INVENTORY-COVERAGE-ATTESTATION.md。本輪只定義 5 個 owner scope decision items:public-only / local remote gap、org/user endpoint、110 internal adjacent source、canonical owner 與 legacy/inaccessible repo disposition;目前收到 attestation 0 筆、接受 0 筆;不得保存 token value、不得寫 Gitea、不得建立 GitHub repo、不得 sync refs、不得切 GitHub primary。
2026-05-17 S4.8 Gitea owner attestation approval lane 對齊追加:已更新既有 security_approval_queue_v1、security_approval_gate_v1、security_approval_review_packet_v1 與 security_followup_runtime_gate_v1 的 Gitea lane,要求 AwoooP 先顯示 S4.7 的 5 個 owner attestation items 與 scope decision evidence。queue / review packet / follow-up template 數量維持 8 / 8 / 8,active_runtime_gates=0,不得新增 action button、不得執行 read-only inventory、不得把 owner attestation 視為 repo migration approval 或 GitHub primary approval。
2026-05-17 S4.9 Gitea owner attestation response 收件包追加,2026-05-18 補 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 與 collection checks:已新增 docs/schemas/gitea_inventory_owner_attestation_response_v1.schema.json、docs/security/gitea-inventory-owner-attestation-response.snapshot.json 與 docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md。AwoooP 可顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、8 個 display sections、6 個 collection checks、5 個 response templates、6 個 intake preflight checks、5 個 outcome lanes、8 個 acceptance checks 與 10 個 rejection rules;目前收到 response 0 筆、接受 0 筆、audit events emitted 0 筆,仍不得保存 token value、不得寫 Gitea、不得 sync refs、不得切 GitHub primary,也不得把 audit template、redaction example 或 display section 當成 production ingestion。
2026-05-13 Kali 112 live 整合狀態追加:已在授權下登入 192.168.0.112 做 read-only 盤點與低風險更新,並新增 docs/schemas/kali_integration_status_v1.schema.json、docs/security/kali-integration-status.snapshot.json 與 docs/security/KALI-INTEGRATION-STATUS.md。Kali Scanner API /health healthy、kali-scanner.service active/enabled、node-exporter 與 wg-easy container up;已 targeted update nmap、nikto、nuclei、curl、openssl、CA 套件,安裝 jq,時區改為 Asia/Taipei,更新後無 reboot required。AwoooP 可 mirror health / update / gap evidence,但不得直接啟動 scan、credentialed scan 或 /execute。
本波仍不做:
- runtime DB migration。
- API endpoint。
- K8s / NetworkPolicy / RBAC / firewall。
- production deploy。
- GitHub 主控切換。
- Gitea 刪除或停用。
- Codex API 自動長任務。
8. 參考文件
- Kali 資訊安全網藍圖
- Kali 資訊安全網開工準備
- Kali 112 整合狀態與更新紀錄
- kali_integration_status_v1 snapshot
- Code Review 接 Codex 與 Gitea 推版優化藍圖
- Gitea 到 GitHub 全量版本轉移 Inventory
- Gitea / GitHub migration snapshot
- source_control_migration_event_v1 snapshot
- clawbot-v5 source_control_migration_event_v1 snapshot
- wooo-aiops source_control_migration_event_v1 snapshot
- source-control inventory script
- Gitea repo inventory snapshot
- gitea_repo_inventory_v1 snapshot
- Gitea org endpoint blocked snapshot
- Gitea org endpoint blocked JSON
- Gitea server-side inventory runbook
- Gitea read-only inventory approval package
- Gitea read-only inventory approval snapshot
- Gitea 認證清冊匯出請求
- gitea_authenticated_inventory_export_request_v1 snapshot
- Gitea 認證清冊匯入驗收契約
- gitea_authenticated_inventory_import_acceptance_v1 snapshot
- Gitea 清冊覆蓋 owner attestation
- gitea_inventory_coverage_attestation_v1 snapshot
- Gitea 清冊 owner attestation response 收件包
- gitea_inventory_owner_attestation_response_v1 snapshot
- Gitea admin export redaction checklist
- Gitea public repo search snapshot
- gitea public repo search JSON
- gitea repo inventory script
- 本機 Git remote inventory snapshot
- local_git_remote_inventory_v1 snapshot
- 本機 Git remote inventory script
- GitHub target probe snapshot
- github_target_probe_v1 snapshot
- GitHub target probe script
- GitHub target 決策表
- github_target_decision_v1 snapshot
- GitHub target owner decision response 收件包
- github_target_owner_decision_response_v1 snapshot
- GitHub target repo-by-repo approval package
- github_target_repo_approval_package_v1 snapshot
- 低摩擦資安 rollout policy
- security_rollout_policy_v1 snapshot
- Security Supply Chain contract manifest
- security_supply_chain_contract_manifest_v1 snapshot
- 資安鏡像狀態彙整契約
- security_mirror_status_rollup_v1 snapshot
- 資安人工批准 Gate 契約
- security_approval_gate_v1 snapshot
- 資安人工決策紀錄契約
- security_approval_decision_record_v1 snapshot
- Source Control ref truth classification
- source_control_ref_truth_classification_v1 snapshot
- Source Control ref truth owner response
- source_control_ref_truth_owner_response_v1 snapshot
- Source Control GitHub primary rollback ADR
- source_control_primary_rollback_adr_v1 snapshot
- Source Control workflow / secret name inventory
- source_control_workflow_secret_name_inventory_v1 snapshot
- Source Control workflow / secret name local evidence
- source_control_workflow_secret_name_local_evidence_v1 snapshot
- Source Control workflow / secret name redacted export request
- source_control_workflow_secret_name_export_request_v1 snapshot
- Source Control workflow / secret name owner response
- source_control_workflow_secret_name_owner_response_v1 snapshot
- Source Control owner response validation rollup
- source_control_owner_response_validation_rollup_v1 snapshot
- source-control workflow / secret name local collector
- 本機 repo canonical lineage snapshot
- local_repo_canonical_probe_v1 snapshot
- 本機 repo canonical lineage script
- Internal 110 refs snapshot
- git_remote_refs_probe_v1 snapshot
- wooo-infra-config refs snapshot
- wooo-infra-config git_remote_refs_probe_v1 snapshot
- Git remote refs probe script
- Source Control 遷移矩陣
- Source Control Canonical Repo 判定表
- AwoooP Mirror-only 消費清單
- 112 / 111 / 168 Observe-only 資產 Mapping
- Codex Patch-only Handoff Prompt
- AwoooP x Monitoring / Alerting Convergence Map
- AwoooP Master Workplan
- security_finding_v1 schema
- kali_integration_status_v1 schema
- coding_task_v1 schema
- source_control_migration_event_v1 schema
- gitea_repo_inventory_v1 schema
- gitea_authenticated_inventory_export_request_v1 schema
- gitea_authenticated_inventory_import_acceptance_v1 schema
- gitea_inventory_coverage_attestation_v1 schema
- local_git_remote_inventory_v1 schema
- github_target_probe_v1 schema
- github_target_decision_v1 schema
- github_target_owner_decision_response_v1 schema
- github_target_repo_approval_package_v1 schema
- security_rollout_policy_v1 schema
- security_supply_chain_contract_manifest_v1 schema
- security_mirror_status_rollup_v1 schema
- security_approval_gate_v1 schema
- security_approval_decision_record_v1 schema
- source_control_ref_truth_classification_v1 schema
- source_control_ref_truth_owner_response_v1 schema
- source_control_primary_rollback_adr_v1 schema
- source_control_workflow_secret_name_inventory_v1 schema
- source_control_workflow_secret_name_local_evidence_v1 schema
- source_control_workflow_secret_name_export_request_v1 schema
- source_control_workflow_secret_name_owner_response_v1 schema
- source_control_owner_response_validation_rollup_v1 schema
- local_repo_canonical_probe_v1 schema
- git_remote_refs_probe_v1 schema
- approval_required_event_v1 schema