fix(telegram): route channel hub interim via gateway
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"generated_at": "2026-07-02T14:22:12+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"generated_at": "2026-07-02T18:47:50+08:00",
|
||||
"git_commit": "ae5844733",
|
||||
"status": "inventory_ready_no_runtime_action",
|
||||
"mode": "repo_only_scan_no_secret_value_no_telegram_send",
|
||||
"scan_roots": [
|
||||
@@ -11,13 +11,13 @@
|
||||
"apps/api/src"
|
||||
],
|
||||
"summary": {
|
||||
"scanned_file_count": 636,
|
||||
"direct_bot_api_file_count": 5,
|
||||
"direct_bot_api_call_count": 5,
|
||||
"scanned_file_count": 637,
|
||||
"direct_bot_api_file_count": 4,
|
||||
"direct_bot_api_call_count": 4,
|
||||
"workflow_direct_bot_api_call_count": 0,
|
||||
"ops_script_direct_bot_api_call_count": 4,
|
||||
"ci_script_direct_bot_api_call_count": 0,
|
||||
"api_direct_bot_api_call_count": 1,
|
||||
"api_direct_bot_api_call_count": 0,
|
||||
"gateway_normalized_callsite_count": 57,
|
||||
"gateway_final_exit_formatter_present_count": 1,
|
||||
"required_owner_field_count": 18,
|
||||
@@ -58,101 +58,6 @@
|
||||
"not_authorization": true
|
||||
},
|
||||
"direct_bot_api_calls": [
|
||||
{
|
||||
"egress_surface_id": "telegram_egress:api_direct_bot_api:apps/api/src/services/channel_hub.py:1138",
|
||||
"surface_kind": "api_direct_bot_api",
|
||||
"path": "apps/api/src/services/channel_hub.py",
|
||||
"line": 1138,
|
||||
"line_hash": "9e418fa74c83815a",
|
||||
"sanitized_excerpt": "f\"https://api.telegram.org/bot<redacted>/sendMessage\",",
|
||||
"required_owner_fields": [
|
||||
"egress_surface_id",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_plan",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"direct_bot_api_surface_identified",
|
||||
"owner_role_present",
|
||||
"target_route_is_sre_owned",
|
||||
"message_shape_is_ai_automation_card_or_documented_exception",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_path_present",
|
||||
"delivery_receipt_metadata_only",
|
||||
"dedup_or_fingerprint_present",
|
||||
"fallback_mode_does_not_leak_raw_payload",
|
||||
"secret_name_only_no_value",
|
||||
"workflow_or_script_change_requires_separate_approval",
|
||||
"telegram_send_not_executed_by_inventory",
|
||||
"no_false_green_claim",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"waiting_owner_response",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_plan",
|
||||
"request_redaction_contract",
|
||||
"request_delivery_receipt_metadata",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_notification_egress_review",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification_without_owner",
|
||||
"secret_value_collection",
|
||||
"secret_hash_collection",
|
||||
"partial_token_collection",
|
||||
"chat_id_collection_without_owner",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_workflow_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_route_200_as_delivery_receipt",
|
||||
"accept_cd_success_as_notification_acceptance",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_review",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"egress_surface_id": "telegram_egress:ops_script_direct_bot_api:scripts/ops/backup-from-110.sh:64",
|
||||
"surface_kind": "ops_script_direct_bot_api",
|
||||
|
||||
@@ -1,29 +1,29 @@
|
||||
{
|
||||
"schema_version": "telegram_notification_egress_migration_plan_draft_v1",
|
||||
"generated_at": "2026-07-02T14:24:46+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"generated_at": "2026-07-02T18:48:33+08:00",
|
||||
"git_commit": "ae5844733",
|
||||
"status": "migration_plan_draft_ready_no_runtime_action",
|
||||
"mode": "metadata_only_no_workflow_script_api_change_no_telegram_send",
|
||||
"source_snapshot": "docs/security/telegram-notification-egress-owner-request-draft.snapshot.json",
|
||||
"source_schema_version": "telegram_notification_egress_owner_request_draft_v1",
|
||||
"source_status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
|
||||
"summary": {
|
||||
"source_request_draft_count": 5,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"migration_candidate_count": 5,
|
||||
"source_request_draft_count": 4,
|
||||
"source_direct_bot_api_call_count": 4,
|
||||
"migration_candidate_count": 4,
|
||||
"workflow_migration_candidate_count": 0,
|
||||
"ops_script_migration_candidate_count": 4,
|
||||
"api_direct_migration_candidate_count": 1,
|
||||
"proposed_wave_count": 2,
|
||||
"api_direct_migration_candidate_count": 0,
|
||||
"proposed_wave_count": 1,
|
||||
"plan_field_count": 17,
|
||||
"reviewer_check_count": 15,
|
||||
"outcome_lane_count": 9,
|
||||
"blocked_action_count": 21,
|
||||
"owner_response_required_count": 5,
|
||||
"maintenance_window_required_count": 5,
|
||||
"rollback_owner_required_count": 5,
|
||||
"postcheck_required_count": 5,
|
||||
"delivery_receipt_required_count": 5,
|
||||
"owner_response_required_count": 4,
|
||||
"maintenance_window_required_count": 4,
|
||||
"rollback_owner_required_count": 4,
|
||||
"postcheck_required_count": 4,
|
||||
"delivery_receipt_required_count": 4,
|
||||
"owner_response_received_count": 0,
|
||||
"owner_response_accepted_count": 0,
|
||||
"migration_authorized_count": 0,
|
||||
@@ -52,109 +52,9 @@
|
||||
"not_authorization": true
|
||||
},
|
||||
"proposed_waves": [
|
||||
"wave_2_ops_notification_wrapper",
|
||||
"wave_3_api_sender_gateway"
|
||||
"wave_2_ops_notification_wrapper"
|
||||
],
|
||||
"migration_candidates": [
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:apps/api/src/services/channel_hub.py",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
|
||||
"source_path": "apps/api/src/services/channel_hub.py",
|
||||
"surface_kind": "api_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"proposed_wave": "wave_3_api_sender_gateway",
|
||||
"proposed_target": "TelegramGateway final-exit formatter",
|
||||
"proposed_change_summary": "Route API interim sender through TelegramGateway or equivalent final-exit normalization and mirror contract.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:scripts/ops/backup-from-110.sh",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:scripts_ops_backup_from_110_sh",
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
{
|
||||
"schema_version": "telegram_notification_egress_owner_request_draft_v1",
|
||||
"generated_at": "2026-07-02T14:24:46+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"generated_at": "2026-07-02T18:48:33+08:00",
|
||||
"git_commit": "ae5844733",
|
||||
"status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
|
||||
"mode": "metadata_only_no_secret_value_no_telegram_send_no_workflow_change",
|
||||
"source_snapshot": "docs/security/telegram-notification-egress-inventory.snapshot.json",
|
||||
"source_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_status": "inventory_ready_no_runtime_action",
|
||||
"summary": {
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"source_direct_bot_api_file_count": 5,
|
||||
"request_draft_count": 5,
|
||||
"source_direct_bot_api_call_count": 4,
|
||||
"source_direct_bot_api_file_count": 4,
|
||||
"request_draft_count": 4,
|
||||
"workflow_request_draft_count": 0,
|
||||
"ops_script_request_draft_count": 4,
|
||||
"ci_script_request_draft_count": 0,
|
||||
"api_direct_request_draft_count": 1,
|
||||
"api_direct_request_draft_count": 0,
|
||||
"request_field_count": 27,
|
||||
"required_owner_field_count": 19,
|
||||
"preflight_check_count": 16,
|
||||
@@ -59,163 +59,6 @@
|
||||
"not_authorization": true
|
||||
},
|
||||
"request_drafts": [
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": "apps/api/src/services/channel_hub.py",
|
||||
"surface_kind": "api_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"line_refs": [
|
||||
1138
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"9e418fa74c83815a"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:scripts_ops_backup_from_110_sh",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schema_version": "telegram_notification_egress_owner_response_acceptance_v1",
|
||||
"generated_at": "2026-07-02T14:24:46+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"generated_at": "2026-07-02T18:48:33+08:00",
|
||||
"git_commit": "ae5844733",
|
||||
"status": "owner_response_acceptance_ledger_ready_no_runtime_action",
|
||||
"mode": "metadata_only_no_secret_value_no_telegram_send_no_workflow_script_api_change",
|
||||
"source_owner_request_snapshot": "docs/security/telegram-notification-egress-owner-request-draft.snapshot.json",
|
||||
@@ -12,13 +12,13 @@
|
||||
"source_migration_plan_status": "migration_plan_draft_ready_no_runtime_action",
|
||||
"message_readability_guard_snapshot": "docs/security/telegram-alert-readability-guard.snapshot.json",
|
||||
"summary": {
|
||||
"source_request_draft_count": 5,
|
||||
"source_migration_candidate_count": 5,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"acceptance_candidate_count": 5,
|
||||
"source_request_draft_count": 4,
|
||||
"source_migration_candidate_count": 4,
|
||||
"source_direct_bot_api_call_count": 4,
|
||||
"acceptance_candidate_count": 4,
|
||||
"workflow_acceptance_candidate_count": 0,
|
||||
"ops_script_acceptance_candidate_count": 4,
|
||||
"api_direct_acceptance_candidate_count": 1,
|
||||
"api_direct_acceptance_candidate_count": 0,
|
||||
"acceptance_field_count": 33,
|
||||
"required_owner_field_count": 19,
|
||||
"reviewer_check_count": 23,
|
||||
@@ -75,225 +75,6 @@
|
||||
"not_authorization": true
|
||||
},
|
||||
"acceptance_candidates": [
|
||||
{
|
||||
"acceptance_candidate_id": "telegram_notification_egress_owner_response_acceptance:apps/api/src/services/channel_hub.py",
|
||||
"status": "waiting_owner_response",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
|
||||
"source_migration_candidate_id": "telegram_notification_egress_migration:apps/api/src/services/channel_hub.py",
|
||||
"source_path": "apps/api/src/services/channel_hub.py",
|
||||
"surface_kind": "api_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"line_refs": [
|
||||
1138
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"9e418fa74c83815a"
|
||||
],
|
||||
"proposed_wave": "wave_3_api_sender_gateway",
|
||||
"proposed_target": "TelegramGateway final-exit formatter",
|
||||
"proposed_change_summary": "Route API interim sender through TelegramGateway or equivalent final-exit normalization and mirror contract.",
|
||||
"owner_response_ref": null,
|
||||
"owner_role_or_team": "pending_owner_response",
|
||||
"decision": "pending_owner_response",
|
||||
"decision_reason": "pending_owner_response",
|
||||
"affected_scope": "pending_owner_response",
|
||||
"redacted_evidence_refs": [],
|
||||
"message_shape_contract_ref": null,
|
||||
"message_readability_guard_ref": "docs/security/telegram-alert-readability-guard.snapshot.json",
|
||||
"redaction_contract_ref": null,
|
||||
"formatter_convergence_decision": "pending_owner_response",
|
||||
"gateway_or_alertmanager_target": "pending_owner_response",
|
||||
"break_glass_fallback_decision": "pending_owner_response",
|
||||
"delivery_receipt_ref": null,
|
||||
"dedup_or_fingerprint_plan": "pending_owner_response",
|
||||
"fallback_or_degraded_mode": "pending_owner_response",
|
||||
"migration_or_exception_reason": "pending_owner_response",
|
||||
"maintenance_window": "pending_owner_response",
|
||||
"rollback_owner": "pending_owner_response",
|
||||
"postcheck_evidence_ref": null,
|
||||
"no_secret_value_attestation": "pending_owner_response",
|
||||
"no_raw_payload_attestation": "pending_owner_response",
|
||||
"no_false_green_attestation": "pending_owner_response",
|
||||
"reviewer_outcome": "waiting_owner_response",
|
||||
"followup_owner": "pending_owner_response",
|
||||
"acceptance_fields": [
|
||||
"acceptance_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_migration_candidate_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"owner_response_ref",
|
||||
"owner_role_or_team",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"redacted_evidence_refs",
|
||||
"message_shape_contract_ref",
|
||||
"message_readability_guard_ref",
|
||||
"redaction_contract_ref",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"reviewer_outcome",
|
||||
"followup_owner",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_current",
|
||||
"source_migration_plan_current",
|
||||
"owner_identity_present",
|
||||
"decision_reason_present",
|
||||
"affected_scope_matches_source",
|
||||
"redacted_refs_only",
|
||||
"no_secret_or_token_value",
|
||||
"no_raw_message_payload",
|
||||
"message_shape_contract_present",
|
||||
"message_readability_guard_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_explicit",
|
||||
"gateway_or_alertmanager_target_valid",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_only",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_false_green_attested",
|
||||
"migration_authorization_separate",
|
||||
"counts_transition_safe",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"waiting_owner_response",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_execution_request",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"request_maintenance_or_rollback_supplement",
|
||||
"ready_for_migration_review",
|
||||
"owner_review_only_update",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"mark_owner_response_received_without_record",
|
||||
"mark_owner_response_accepted_without_reviewer_record",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"store_internal_work_window_transcript",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"accept_telegram_sent_without_delivery_receipt",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"skip_dedup_or_fingerprint_review",
|
||||
"skip_break_glass_fallback_review",
|
||||
"authorize_migration",
|
||||
"authorize_workflow_modification",
|
||||
"authorize_script_modification",
|
||||
"authorize_api_sender_refactor",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"not_authorization": true,
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"owner_response_rejected": false,
|
||||
"owner_response_quarantined": false,
|
||||
"supplement_requested": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"maintenance_window_accepted": false,
|
||||
"rollback_owner_accepted": false,
|
||||
"postcheck_evidence_accepted": false,
|
||||
"dedup_or_fingerprint_accepted": false,
|
||||
"no_false_green_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_dispatch_authorized": false,
|
||||
"production_deploy_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false
|
||||
},
|
||||
{
|
||||
"acceptance_candidate_id": "telegram_notification_egress_owner_response_acceptance:scripts/ops/backup-from-110.sh",
|
||||
"status": "waiting_owner_response",
|
||||
|
||||
Reference in New Issue
Block a user