308 lines
14 KiB
JSON
308 lines
14 KiB
JSON
{
|
||
"basis": {
|
||
"gitea_main_commit": "57df61da",
|
||
"latest_logbook_commit": "57df61da",
|
||
"latest_runtime_deploy_marker": "166497ee",
|
||
"latest_tenants_redaction_commit": "94a9c612",
|
||
"production_verification_required_for_frontend_changes": true,
|
||
"source_control_rollup_date": "2026-06-13",
|
||
"source_control_rollup_templates": 24
|
||
},
|
||
"current_requirement_gaps": [
|
||
{
|
||
"current_state": "request_sent=false、received=0、accepted=0、rejected=0。",
|
||
"gap_id": "s49_owner_response_absent",
|
||
"priority": "P0",
|
||
"required_next_step": "只能等待人工送件與 owner 脫敏回覆;不得用 UI、LOGBOOK 或 AwoooP approval 補成 accepted。",
|
||
"requirement": "S4.9 必須收到完整 owner response metadata,且五題都通過 reviewer checklist。",
|
||
"status": "active_blocker"
|
||
},
|
||
{
|
||
"current_state": "audit event templates 存在,但 emitted_event_count=0。",
|
||
"gap_id": "s49_dispatch_audit_event_absent",
|
||
"priority": "P0",
|
||
"required_next_step": "送件前維持 0;送件後只保存 metadata,不保存 raw response body。",
|
||
"requirement": "request shown、request sent、owner response received、reviewer outcome 必須是分離 audit metadata。",
|
||
"status": "active_blocker"
|
||
},
|
||
{
|
||
"current_state": "尚無 owner response,reviewer outcome 仍是 template-only。",
|
||
"gap_id": "s49_reviewer_outcome_absent",
|
||
"priority": "P0",
|
||
"required_next_step": "補 reviewer outcome ledger,但不得因此開 runtime gate。",
|
||
"requirement": "任何 owner response 都要先分類為 waiting、supplement、quarantine、reject 或 read-only update candidate。",
|
||
"status": "active_blocker"
|
||
},
|
||
{
|
||
"current_state": "AwoooP 高可見頁已改用公開名稱 / SRC-###;仍需由 guard 固定 public surface redaction 規則。",
|
||
"gap_id": "public_surface_identity_leak_risk",
|
||
"priority": "P0",
|
||
"required_next_step": "持續跑 security mirror guard;新增頁面、API payload 或 client bundle 時一律先做 sensitive public-surface scan。",
|
||
"requirement": "前台與瀏覽器 API 不得顯示個人 namespace、外部 org namespace、工作視窗對話或內部 session 語句。",
|
||
"status": "mitigated_needs_guard"
|
||
},
|
||
{
|
||
"current_state": "部分 docs/security source-control evidence 仍有 raw repo identifiers,屬內部 evidence;需要明確 public/private boundary。",
|
||
"gap_id": "raw_namespace_internal_evidence_misroute_risk",
|
||
"priority": "P0",
|
||
"required_next_step": "所有前台資料源必須使用 redacted scope id 或 evidence ref,不直接讀 raw source-control evidence。",
|
||
"requirement": "內部 source-control evidence 可保留必要技術識別,但不得被路由到產品頁、public API、公開 bundle 或截圖文案。",
|
||
"status": "active_risk"
|
||
},
|
||
{
|
||
"current_state": "舊 MD / 產生器曾停在 2026-06-14 以前的 deploy marker;本 snapshot 將基準更新到最新 AwoooP 高可見頁脫敏正式驗證。",
|
||
"gap_id": "latest_basis_staleness_risk",
|
||
"priority": "P0",
|
||
"required_next_step": "每次推送前 fetch gitea 並更新 basis,不得沿用舊 commit 宣稱最新。",
|
||
"requirement": "S4.9 缺口稽核基準需跟上最新 gitea/main、deploy marker、production verification 與 LOGBOOK。",
|
||
"status": "remediated_by_this_snapshot"
|
||
},
|
||
{
|
||
"current_state": "本輪已 fetch 且 worktree 與 gitea/main 一致;仍需每次推送前重查。",
|
||
"gap_id": "parallel_session_conflict_risk",
|
||
"priority": "P0",
|
||
"required_next_step": "禁止 force push;若 gitea/main 前進,只能 fast-forward / rebase 正常收斂。",
|
||
"requirement": "另一個 AwoooP Session 與本 Session 的 commit、run、deploy marker、production evidence 必須同步。",
|
||
"status": "active_risk"
|
||
},
|
||
{
|
||
"current_state": "此 release worktree 未包含 repo-local MEMORY.md。",
|
||
"gap_id": "release_worktree_memory_index_absent",
|
||
"priority": "P1",
|
||
"required_next_step": "把缺檔視為啟動程序缺口,不阻擋只讀工作,但不得聲稱已讀 repo-local MEMORY.md。",
|
||
"requirement": "Session 啟動必讀 MEMORY.md;若 release worktree 缺檔,必須改讀全域 memory 與 LOGBOOK,並記錄例外。",
|
||
"status": "active_process_gap"
|
||
}
|
||
],
|
||
"false_boundaries": {
|
||
"action_buttons_allowed": false,
|
||
"force_push_authorized": false,
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"raw_namespace_public_surface_allowed": false,
|
||
"redacted_payload_ingested": false,
|
||
"refs_sync_authorized": false,
|
||
"repo_creation_authorized": false,
|
||
"request_dispatch_authorized": false,
|
||
"request_sent": false,
|
||
"runner_enablement_authorized": false,
|
||
"runtime_execution_authorized": false,
|
||
"secret_value_collection_allowed": false,
|
||
"visibility_change_authorized": false,
|
||
"work_session_transcript_public_allowed": false,
|
||
"workflow_modification_authorized": false
|
||
},
|
||
"generated_at": "2026-06-15T07:50:00+08:00",
|
||
"git_commit": "57df61da",
|
||
"mode": "read_only_gap_audit_no_runtime_action",
|
||
"new_rules_required": [
|
||
{
|
||
"priority": "P0",
|
||
"rule": "前台、public API、HTML、bundle、messages 不得出現 raw owner namespace、個人識別或工作視窗對話。",
|
||
"rule_id": "public_surface_redaction_gate",
|
||
"verification": "security-mirror-progress-guard + production desktop/mobile sensitive scan。"
|
||
},
|
||
{
|
||
"priority": "P0",
|
||
"rule": "S4.9 現況缺口稽核不得只停在 MD,必須有 machine-readable snapshot 與 guard。",
|
||
"rule_id": "s49_gap_audit_snapshot_required",
|
||
"verification": "source-control-owner-response-guard 必須讀取本 snapshot。"
|
||
},
|
||
{
|
||
"priority": "P0",
|
||
"rule": "內部 source-control raw evidence 僅能留在 private docs / committed evidence,不得直接成為產品渲染來源。",
|
||
"rule_id": "raw_evidence_private_boundary",
|
||
"verification": "前台只讀 redacted scope id、evidence ref 或 aggregate count。"
|
||
},
|
||
{
|
||
"priority": "P0",
|
||
"rule": "owner response received / accepted / rejected 只能由 reviewer record 更新,不得由 request draft、UI 或 LOGBOOK 文字更新。",
|
||
"rule_id": "owner_response_counts_are_runtime_locked",
|
||
"verification": "所有 snapshot false boundaries 維持 0 / false。"
|
||
},
|
||
{
|
||
"priority": "P0",
|
||
"rule": "request ready、request sent、response received、response accepted、runtime approval 必須是五個獨立狀態。",
|
||
"rule_id": "dispatch_received_accepted_separation",
|
||
"verification": "summary counters 必須分離,且 runtime gate 永遠等待獨立批准。"
|
||
},
|
||
{
|
||
"priority": "P0",
|
||
"rule": "每次 commit / push 前必須 fetch gitea,並同步另一 Session 的 run / deploy / production evidence。",
|
||
"rule_id": "parallel_session_basis_refresh",
|
||
"verification": "LOGBOOK 必須記錄 basis、runs、deploy marker 與 gate 邊界。"
|
||
},
|
||
{
|
||
"priority": "P1",
|
||
"rule": "repo-local MEMORY.md 缺檔時,需記錄使用全域 memory 與 LOGBOOK 的替代讀取路徑。",
|
||
"rule_id": "memory_index_startup_exception",
|
||
"verification": "啟動記錄不得假稱 repo-local MEMORY.md 已讀。"
|
||
}
|
||
],
|
||
"next_safe_actions": [
|
||
"更新 S4.9 缺口稽核文件基準與 snapshot reference。",
|
||
"把本 snapshot 納入 source-control owner response guard。",
|
||
"繼續補 owner response acceptance ledger,但所有 request / received / accepted / runtime gate 維持 0 / false。"
|
||
],
|
||
"priority_work_queue": [
|
||
{
|
||
"blocked_by": "尚未人工送件、尚未收到 owner response。",
|
||
"completion_percent": 70,
|
||
"next_validation": "source-control-owner-response-guard。",
|
||
"priority": "P0-1",
|
||
"work_item": "S4.9 owner response gate 收件前置"
|
||
},
|
||
{
|
||
"blocked_by": "後續新增頁面仍需 guard 持續保護。",
|
||
"completion_percent": 100,
|
||
"next_validation": "production desktop/mobile sensitive scan。",
|
||
"priority": "P0-2",
|
||
"work_item": "前台 / public API identity redaction"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 owner-provided live conf、rendered diff、nginx -t evidence、route smoke、maintenance window、rollback owner。",
|
||
"completion_percent": 86,
|
||
"next_validation": "public gateway acceptance snapshot + owner-provided evidence review。",
|
||
"priority": "P0-3",
|
||
"work_item": "Nginx public gateway owner response acceptance"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 ArgoCD health readback、rendered manifest diff、rollback revision、owner response。",
|
||
"completion_percent": 62,
|
||
"next_validation": "k8s-argocd owner response acceptance snapshot。",
|
||
"priority": "P0-4",
|
||
"work_item": "K8s / ArgoCD owner response acceptance"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 restore drill approval package、offsite owner、escrow owner、retention owner、validation plan。",
|
||
"completion_percent": 62,
|
||
"next_validation": "backup restore acceptance snapshot。",
|
||
"priority": "P0-5",
|
||
"work_item": "Backup / restore / escrow owner response acceptance"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 110 / 188 live hash、restart window、rollback owner、post-check 指標。",
|
||
"completion_percent": 50,
|
||
"next_validation": "host service owner request / future acceptance ledger。",
|
||
"priority": "P1-1",
|
||
"work_item": "Docker Compose / systemd / host service owner response"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 live access state、allowed source CIDR、host key pinning、firewall owner、NetworkPolicy / NodePort / WireGuard owner。",
|
||
"completion_percent": 58,
|
||
"next_validation": "ssh network acceptance snapshot。",
|
||
"priority": "P1-2",
|
||
"work_item": "SSH / firewall / network access owner response acceptance"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 live drift evidence、receiver owner、reload owner、route smoke、receipt proof。",
|
||
"completion_percent": 62,
|
||
"next_validation": "monitoring owner request / future acceptance ledger。",
|
||
"priority": "P1-3",
|
||
"work_item": "Monitoring / alerting / observability owner response"
|
||
},
|
||
{
|
||
"blocked_by": "尚缺 deployment boundary、external agent boundary、treasury owner、runtime gate owner。",
|
||
"completion_percent": 68,
|
||
"next_validation": "agent bounty owner request draft 與 future acceptance ledger。",
|
||
"priority": "P1-4",
|
||
"work_item": "agent-bounty-protocol C0 runtime / MCP / A2A / treasury owner response"
|
||
}
|
||
],
|
||
"public_surface_redaction_requirements": {
|
||
"allowed_display": [
|
||
"SRC-### scope id",
|
||
"aggregate count",
|
||
"risk tier",
|
||
"readiness state",
|
||
"redacted evidence ref"
|
||
],
|
||
"forbidden_display": [
|
||
"raw repository owner namespace",
|
||
"personal namespace",
|
||
"external organization namespace when not explicitly public-safe",
|
||
"工作視窗對話內容",
|
||
"approval chat phrase",
|
||
"token / secret / private key / cookie / authorization header"
|
||
],
|
||
"required_fields_or_markers": [
|
||
"source_scope_id",
|
||
"source_namespace_redacted",
|
||
"repo_owner_namespace_redacted",
|
||
"raw_repository_namespace_visible",
|
||
"public_api_raw_repo_namespace_allowed"
|
||
],
|
||
"verification": [
|
||
"public API payload sensitive scan",
|
||
"production HTML sensitive scan",
|
||
"desktop browser sensitive scan",
|
||
"mobile browser sensitive scan",
|
||
"horizontal overflow check"
|
||
]
|
||
},
|
||
"rule_adjustments_required": [
|
||
{
|
||
"adjusted_rule": "低摩擦不代表延後修補即時資訊揭露;public surface leak 可先 source-control 止血,再補 owner gate。",
|
||
"adjustment_id": "low_friction_but_p0_stop_the_bleed",
|
||
"from_rule": "初期資安低摩擦、先只讀框架。",
|
||
"priority": "P0"
|
||
},
|
||
{
|
||
"adjusted_rule": "技術識別只能留在內部 evidence;產品頁只顯示 redacted scope id、風險等級、狀態與 evidence ref。",
|
||
"adjustment_id": "internal_evidence_not_product_copy",
|
||
"from_rule": "source-control evidence 可保留技術識別。",
|
||
"priority": "P0"
|
||
},
|
||
{
|
||
"adjusted_rule": "AwoooP approval、Runs、Work Items、Tenants 顯示全部只算狀態,不等於 IwoooS security acceptance。",
|
||
"adjustment_id": "awooop_approval_not_security_acceptance",
|
||
"from_rule": "AwoooP 可顯示 owner response / approval 候選。",
|
||
"priority": "P0"
|
||
},
|
||
{
|
||
"adjusted_rule": "Nginx / public gateway / DNS / TLS 是 C0,優先要求 source-of-truth、drift evidence、owner response、rollback 與 post-check。",
|
||
"adjustment_id": "nginx_config_control_first",
|
||
"from_rule": "高價值配置逐步納管。",
|
||
"priority": "P0"
|
||
},
|
||
{
|
||
"adjusted_rule": "即使 owner 文字包含同意、批准、OK,也只算 metadata decision,不自動授權 refs sync、reload、deploy 或 runtime action。",
|
||
"adjustment_id": "owner_response_language_not_execution",
|
||
"from_rule": "owner 可回覆 decision。",
|
||
"priority": "P0"
|
||
},
|
||
{
|
||
"adjusted_rule": "改前端或 public API 後必須做 production desktop/mobile sensitive scan、水平溢出檢查與關鍵卡片可見檢查。",
|
||
"adjustment_id": "public_verification_required_after_frontend_change",
|
||
"from_rule": "改前端後做 smoke。",
|
||
"priority": "P0"
|
||
},
|
||
{
|
||
"adjusted_rule": "agent-bounty-protocol 需以 C0 runtime / MCP / A2A / treasury 邊界管理,但保持獨立產品與 owner response。",
|
||
"adjustment_id": "agent_bounty_c0_runtime_boundary",
|
||
"from_rule": "agent-bounty-protocol 納入 IwoooS scope。",
|
||
"priority": "P1"
|
||
}
|
||
],
|
||
"schema_version": "s4_9_owner_response_gap_audit_v1",
|
||
"status": "gap_audit_ready_owner_gate_zero",
|
||
"summary": {
|
||
"active_blocker_count": 3,
|
||
"active_risk_or_process_gap_count": 3,
|
||
"current_requirement_gap_count": 8,
|
||
"mitigated_needs_guard_count": 1,
|
||
"new_rule_count": 7,
|
||
"owner_response_accepted_count": 0,
|
||
"owner_response_received_count": 0,
|
||
"owner_response_rejected_count": 0,
|
||
"priority_work_item_count": 9,
|
||
"public_surface_raw_namespace_allowed": false,
|
||
"public_surface_redaction_guard_ready": true,
|
||
"request_sent_count": 0,
|
||
"rule_adjustment_count": 7,
|
||
"runtime_gate_count": 0,
|
||
"s4_9_owner_response_gate_percent": 0,
|
||
"work_session_transcript_public_allowed": false
|
||
}
|
||
}
|