Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Failing after 31s
CD Pipeline / build-and-deploy (push) Has been skipped
CD Pipeline / post-deploy-checks (push) Has been skipped
AI 技術雷達監控 / ai-technology-watch (push) Successful in 41s
334 lines
16 KiB
JSON
334 lines
16 KiB
JSON
{
|
||
"schema_version": "backup_dr_readiness_matrix_v1",
|
||
"generated_at": "2026-06-04T15:46:59+08:00",
|
||
"source_target_inventory_ref": "docs/evaluations/backup_dr_target_inventory_2026-06-04.json",
|
||
"source_refs": [
|
||
"docs/runbooks/BACKUP-STATUS.md",
|
||
"docs/evaluations/backup_dr_target_inventory_2026-06-04.json",
|
||
"scripts/backup/backup-status.sh",
|
||
"scripts/backup/verify-offsite-full-sync.sh",
|
||
"scripts/reboot-recovery/post-reboot-credential-escrow-intake-scorecard.py"
|
||
],
|
||
"program_status": {
|
||
"overall_completion_percent": 97,
|
||
"current_priority": "P1",
|
||
"current_task_id": "P1-102",
|
||
"next_task_id": "P1-201",
|
||
"read_only_mode": true
|
||
},
|
||
"rollups": {
|
||
"total_rows": 17,
|
||
"by_overall_readiness": {
|
||
"ready": 13,
|
||
"action_required": 2,
|
||
"blocked": 1,
|
||
"deferred": 1
|
||
},
|
||
"by_restore_drill_status": {
|
||
"approval_required": 14,
|
||
"blocked": 1,
|
||
"deferred": 1,
|
||
"not_applicable": 1
|
||
},
|
||
"by_offsite_status": {
|
||
"verified": 14,
|
||
"needs_metric_binding": 1,
|
||
"deferred": 1,
|
||
"not_applicable": 1
|
||
},
|
||
"blocked_row_ids": [
|
||
"credential_escrow_markers"
|
||
],
|
||
"action_required_row_ids": [
|
||
"signoz",
|
||
"velero_k8s_resources"
|
||
],
|
||
"credential_escrow_intake_scorecard_schema_version": "awoooi_post_reboot_credential_escrow_intake_scorecard_v1",
|
||
"credential_escrow_intake_scorecard_verifier": "scripts/reboot-recovery/post-reboot-credential-escrow-intake-scorecard.py --summary-file <summary.txt> --owner-packet-file <owner-packets.json> --response-file <owner-response.json> --offsite-report-file <offsite-report.txt> --escrow-status-file <escrow-status.txt> --json",
|
||
"credential_escrow_intake_status": "blocked_waiting_non_secret_credential_escrow_evidence",
|
||
"credential_escrow_active_gate_present": true,
|
||
"credential_escrow_preflight_status": "blocked_waiting_owner_response_content",
|
||
"credential_escrow_required_item_count": 5,
|
||
"credential_escrow_effective_missing_count": 5,
|
||
"credential_escrow_owner_response_received_count": 0,
|
||
"credential_escrow_owner_response_accepted_count": 0,
|
||
"credential_escrow_runtime_gate_count": 0,
|
||
"credential_escrow_secret_value_collection_allowed": false,
|
||
"credential_marker_write_authorized_count": 0,
|
||
"credential_escrow_forbidden_true_field_count": 0
|
||
},
|
||
"readiness_rows": [
|
||
{
|
||
"target_id": "gitea",
|
||
"display_name": "Gitea DB + repository dump",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "success 不即時洗版;failure / action-required 才通知。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-gitea.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 freshness / offsite ready 證據卡。"
|
||
},
|
||
{
|
||
"target_id": "momo_postgresql",
|
||
"display_name": "MOMO PostgreSQL",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-momo.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 188 pull freshness 與 SSH reachability。"
|
||
},
|
||
{
|
||
"target_id": "harbor",
|
||
"display_name": "Harbor registry + DB",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-harbor.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 registry readiness。"
|
||
},
|
||
{
|
||
"target_id": "awoooi_postgresql_daily",
|
||
"display_name": "AWOOOI PostgreSQL daily full",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "critical failure must alert;success 不即時洗版。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-awoooi.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 24h full backup 與 6h frequent backup。"
|
||
},
|
||
{
|
||
"target_id": "awoooi_postgresql_frequent",
|
||
"display_name": "AWOOOI PostgreSQL frequent core",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "critical failure must alert;success 不即時洗版。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-awoooi-frequent.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 6h RPO。"
|
||
},
|
||
{
|
||
"target_id": "langfuse",
|
||
"display_name": "Langfuse AI trace DB",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-langfuse.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 AI trace backup freshness。"
|
||
},
|
||
{
|
||
"target_id": "monitoring",
|
||
"display_name": "Prometheus / Grafana / Alertmanager",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-monitoring.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 monitoring backup 與 alert-rule coverage。"
|
||
},
|
||
{
|
||
"target_id": "signoz",
|
||
"display_name": "SignOz ClickHouse + SQLite",
|
||
"overall_readiness": "action_required",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "committed_script",
|
||
"evidence_refs": ["scripts/backup/backup-signoz.sh", "docs/runbooks/BACKUP-STATUS.md"],
|
||
"blocker_summary": "備份腳本會短暫停止 collector;Agent 不得任意觸發,UI 需標示 disruptive backup guard。",
|
||
"next_action": "P1-104 顯示 disruptive backup guard。"
|
||
},
|
||
{
|
||
"target_id": "open_webui",
|
||
"display_name": "Open-WebUI volume",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-open-webui.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 Open-WebUI readiness。"
|
||
},
|
||
{
|
||
"target_id": "clawbot_redis",
|
||
"display_name": "ClawBot Redis volume",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-clawbot.sh"],
|
||
"blocker_summary": "無 target-level blocker;restore 仍需人工批准。",
|
||
"next_action": "P1-104 顯示 Redis backup readiness。"
|
||
},
|
||
{
|
||
"target_id": "configs_capture",
|
||
"display_name": "Host / service / K8s configuration capture",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "action-required 必須告警;成功不即時洗版。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-configs.sh", "docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md"],
|
||
"blocker_summary": "2026-06-12 post-120 recovery and later backup status readbacks show config capture recovered; full DR remains gated by independent restore / escrow controls.",
|
||
"next_action": "Keep config capture on normal backup cadence; restore drill still requires approval."
|
||
},
|
||
{
|
||
"target_id": "ai_artifacts",
|
||
"display_name": "AI artifacts / Ollama manifests",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-ai-artifacts.sh"],
|
||
"blocker_summary": "manifest-only policy;大型 model blobs 不預設備份。",
|
||
"next_action": "P1-104 顯示 manifest-only backup policy。"
|
||
},
|
||
{
|
||
"target_id": "public_routes",
|
||
"display_name": "Public routes / DNS / TLS evidence",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "failure-only escalation;success 由每日摘要承載。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-public-routes.sh"],
|
||
"blocker_summary": "provider token / TLS private key 不在此目標輸出。",
|
||
"next_action": "P1-104 顯示 public route reconstruction evidence。"
|
||
},
|
||
{
|
||
"target_id": "sentry",
|
||
"display_name": "Sentry backup repo",
|
||
"overall_readiness": "deferred",
|
||
"freshness_status": "deferred",
|
||
"integrity_status": "deferred",
|
||
"restore_drill_status": "deferred",
|
||
"offsite_status": "deferred",
|
||
"notification_policy": "deferred until service active。",
|
||
"gate_status": "deferred_until_service_active",
|
||
"evidence_level": "deferred",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-sentry.sh"],
|
||
"blocker_summary": "Sentry 目前未 active;重新部署後再評估。",
|
||
"next_action": "服務 active 後重新納入 P1-102 readiness。"
|
||
},
|
||
{
|
||
"target_id": "offsite_rclone_full_sync",
|
||
"display_name": "Google Drive / rclone offsite mirror",
|
||
"overall_readiness": "ready",
|
||
"freshness_status": "verified",
|
||
"integrity_status": "verified",
|
||
"restore_drill_status": "not_applicable",
|
||
"offsite_status": "verified",
|
||
"notification_policy": "offsite success 不即時洗版;verify failure 必須 action-required。",
|
||
"gate_status": "read_only_allowed",
|
||
"evidence_level": "runbook_live_refresh",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/sync-offsite-backups.sh", "scripts/backup/verify-offsite-full-sync.sh"],
|
||
"blocker_summary": "無 target-level blocker;sync execution 仍不可由 Agent 自動觸發。",
|
||
"next_action": "P1-104 顯示 latest-only remote verify。"
|
||
},
|
||
{
|
||
"target_id": "credential_escrow_markers",
|
||
"display_name": "Credential escrow evidence markers",
|
||
"overall_readiness": "blocked",
|
||
"freshness_status": "blocked",
|
||
"integrity_status": "not_applicable",
|
||
"restore_drill_status": "blocked",
|
||
"offsite_status": "not_applicable",
|
||
"notification_policy": "missing markers must stay action-required;不得成功洗版。",
|
||
"gate_status": "credential_approval_required",
|
||
"evidence_level": "blocked_live_evidence",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "scripts/backup/mark-credential-escrow-verified.sh", "scripts/backup/offsite-escrow-evidence-report.sh", "scripts/reboot-recovery/post-reboot-credential-escrow-intake-scorecard.py"],
|
||
"blocker_summary": "Five evidence markers missing;不得自動寫 marker、不得讀或暴露 credential value;可收斂 redacted non-secret evidence refs。",
|
||
"next_action": "用 credential escrow intake scorecard 收斂 no-secret evidence refs;preflight 通過前維持 marker write/runtime gate 為 0。"
|
||
},
|
||
{
|
||
"target_id": "velero_k8s_resources",
|
||
"display_name": "Velero K8s resource snapshots",
|
||
"overall_readiness": "action_required",
|
||
"freshness_status": "needs_metric_binding",
|
||
"integrity_status": "needs_metric_binding",
|
||
"restore_drill_status": "approval_required",
|
||
"offsite_status": "needs_metric_binding",
|
||
"notification_policy": "restore drill / Velero failure 必須 action-required。",
|
||
"gate_status": "restore_approval_required",
|
||
"evidence_level": "committed_script",
|
||
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "k8s/awoooi-prod/16-cronjob-backup-restore-test.yaml"],
|
||
"blocker_summary": "Velero / MinIO freshness 與 independent offsite 仍需 metric binding;restore drill 需人工批准。",
|
||
"next_action": "P1-104 顯示 Velero metric gap;P1-105 產生 restore drill 批准包。"
|
||
}
|
||
],
|
||
"operation_boundaries": {
|
||
"read_only_api_allowed": true,
|
||
"backup_execution_allowed": false,
|
||
"restore_execution_allowed": false,
|
||
"offsite_sync_execution_allowed": false,
|
||
"credential_marker_write_allowed": false,
|
||
"schedule_change_allowed": false,
|
||
"destructive_prune_allowed": false
|
||
},
|
||
"approval_boundaries": {
|
||
"sdk_installation_allowed": false,
|
||
"paid_api_call_allowed": false,
|
||
"shadow_or_canary_allowed": false,
|
||
"production_routing_allowed": false,
|
||
"destructive_operation_allowed": false
|
||
}
|
||
}
|