2001 lines
70 KiB
JSON
2001 lines
70 KiB
JSON
{
|
||
"acceptance_candidates": [
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:local_dev_compose",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "docker_compose_source",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "local_dev_only",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "AWOOOI local development compose",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "4a27bcde139b5aef6a9f3080187af5bec73d1efd9c09ed2752b0baaa5f507024",
|
||
"repo_source_path": "docker-compose.yml",
|
||
"request_id": "host_service_owner_request:local_dev_compose",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": false,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"web",
|
||
"api",
|
||
"postgres",
|
||
"redis"
|
||
],
|
||
"source_line_count": 137,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "local_dev_compose",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": false
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:monitoring_110_compose",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "docker_compose_source",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "192.168.0.110",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "110 monitoring docker compose",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "00126e9a5cb7a3cf2bf02cfddefea11f05849b46835a4e602eac4777fcb25281",
|
||
"repo_source_path": "k8s/monitoring/docker-compose-110.yml",
|
||
"request_id": "host_service_owner_request:monitoring_110_compose",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"cadvisor",
|
||
"prometheus",
|
||
"grafana",
|
||
"blackbox-exporter",
|
||
"alertmanager",
|
||
"github-exporter"
|
||
],
|
||
"source_line_count": 148,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "monitoring_110_compose",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": false
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:monitoring_exporters_188_compose",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "docker_compose_source",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "192.168.0.188",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "188 database exporters compose",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "3ffb3bd2e98091d18e60b74721904777c27f279c37ab6e873b82e6ef73eb87d4",
|
||
"repo_source_path": "ops/monitoring/docker-compose.exporters.yaml",
|
||
"request_id": "host_service_owner_request:monitoring_exporters_188_compose",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"postgres-exporter",
|
||
"redis-exporter"
|
||
],
|
||
"source_line_count": 69,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "monitoring_exporters_188_compose",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": false
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:sentry_110_reference_compose",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "docker_compose_reference",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "192.168.0.110",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "110 Sentry self-hosted reference compose",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "bba852dc0d73934998fa375130168615f9ac7611ce3f3efaa901e3b7e222eae3",
|
||
"repo_source_path": "ops/sentry-self-hosted/docker-compose.yml",
|
||
"request_id": "host_service_owner_request:sentry_110_reference_compose",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"sentry-placeholder-reference"
|
||
],
|
||
"source_line_count": 49,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "sentry_110_reference_compose",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": false
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:langfuse_110_compose",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "docker_compose_source",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "192.168.0.110",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "110 Langfuse compose",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "6c703a27525e62ef4d4d3c4cba8a89d64f646b01020782e35d22a3bf73f2dc83",
|
||
"repo_source_path": "infra/langfuse/docker-compose.yml",
|
||
"request_id": "host_service_owner_request:langfuse_110_compose",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"langfuse",
|
||
"langfuse-db"
|
||
],
|
||
"source_line_count": 71,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "langfuse_110_compose",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": false
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:ansible_docker_compose_service_role",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "ansible_service_executor",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "multi_host",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "Ansible docker-compose-service role",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "cee214a8651f46c2d8be05054dddadc243a26bff51a64bd9cf42dd2ec0b7b1b3",
|
||
"repo_source_path": "infra/ansible/roles/docker-compose-service/tasks/main.yml",
|
||
"request_id": "host_service_owner_request:ansible_docker_compose_service_role",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"docker compose up -d"
|
||
],
|
||
"source_line_count": 18,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "ansible_docker_compose_service_role",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": true
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:repair_bot_110_whitelist",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "host_repair_whitelist",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "192.168.0.110",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "110 repair-bot compose whitelist",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "093d4f85c398806dee62c2831fa4fe7e1f8fddca6e3cfcc9dbe4d5e0d66cdf3b",
|
||
"repo_source_path": "scripts/repair-bot/repair-bot-110.sh",
|
||
"request_id": "host_service_owner_request:repair_bot_110_whitelist",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"sentry",
|
||
"harbor",
|
||
"gitea",
|
||
"gitea-runner",
|
||
"langfuse",
|
||
"alertmanager",
|
||
"signoz"
|
||
],
|
||
"source_line_count": 67,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "repair_bot_110_whitelist",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": true
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:repair_bot_188_whitelist",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "host_repair_whitelist",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "192.168.0.188",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "188 repair-bot compose/systemd whitelist",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "fb2eb786d04edbf5d5be581a53bbe188ac66f0895aa016328b031c72f6182918",
|
||
"repo_source_path": "scripts/repair-bot/repair-bot-188.sh",
|
||
"request_id": "host_service_owner_request:repair_bot_188_whitelist",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"openclaw",
|
||
"minio",
|
||
"signoz",
|
||
"redis",
|
||
"nginx",
|
||
"ollama"
|
||
],
|
||
"source_line_count": 85,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "repair_bot_188_whitelist",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": true
|
||
},
|
||
{
|
||
"acceptance_candidate_id": "host_service_owner_response_acceptance:config_backup_host_capture",
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"affected_scope": "pending_owner_response",
|
||
"ansible_apply_authorized": false,
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"cold_start_sequence_accepted": false,
|
||
"cold_start_sequence_ref": null,
|
||
"config_kind": "backup_capture_contract",
|
||
"config_source_of_truth_accepted": false,
|
||
"config_source_of_truth_ref": null,
|
||
"control_tier": "C1",
|
||
"daemon_runner_contention_accepted": false,
|
||
"daemon_runner_contention_ref": null,
|
||
"decision": "pending_owner_response",
|
||
"decision_reason": "pending_owner_response",
|
||
"disable_switch": "pending_owner_response",
|
||
"disable_switch_accepted": false,
|
||
"docker_compose_action_authorized": false,
|
||
"expected_host_scope": "110_188_120_121_cluster",
|
||
"followup_owner": "pending_owner_response",
|
||
"host_write_authorized": false,
|
||
"incident_recovery_evidence_accepted": false,
|
||
"incident_recovery_evidence_ref": null,
|
||
"label": "host config backup capture contract",
|
||
"live_config_hash_accepted": false,
|
||
"live_config_hash_ref": null,
|
||
"live_evidence_received": false,
|
||
"live_host_read_authorized": false,
|
||
"maintenance_window": "pending_owner_response",
|
||
"maintenance_window_accepted": false,
|
||
"not_approval": true,
|
||
"outcome_lanes": [
|
||
"waiting_owner_response",
|
||
"quarantine_secret_or_raw_payload",
|
||
"reject_execution_request",
|
||
"request_supplement",
|
||
"incident_recovery_backfill_required",
|
||
"ready_for_host_service_review",
|
||
"owner_review_only_update",
|
||
"waiting_runtime_gate"
|
||
],
|
||
"owner_response_accepted": false,
|
||
"owner_response_quarantined": false,
|
||
"owner_response_received": false,
|
||
"owner_response_ref": null,
|
||
"owner_response_rejected": false,
|
||
"owner_role_or_team": "pending_owner_response",
|
||
"port_binding_inventory_accepted": false,
|
||
"port_binding_inventory_ref": null,
|
||
"post_check_plan": "pending_owner_response",
|
||
"post_check_plan_accepted": false,
|
||
"recipient_confirmed": false,
|
||
"redacted_evidence_refs": [],
|
||
"repair_bot_execution_authorized": false,
|
||
"repo_sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e",
|
||
"repo_source_path": "scripts/backup/backup-configs.sh",
|
||
"request_id": "host_service_owner_request:config_backup_host_capture",
|
||
"request_sent": false,
|
||
"required_owner_fields": [
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"followup_owner",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref"
|
||
],
|
||
"requires_live_evidence": true,
|
||
"restart_window": "pending_owner_response",
|
||
"restart_window_accepted": false,
|
||
"reviewer_checks": [
|
||
"owner_identity_present",
|
||
"decision_reason_present",
|
||
"affected_scope_matches_surface",
|
||
"redacted_refs_only",
|
||
"secret_value_absent",
|
||
"live_config_hash_metadata_only",
|
||
"maintenance_window_present",
|
||
"restart_window_separate_from_action",
|
||
"rollback_owner_present",
|
||
"post_check_plan_present",
|
||
"disable_switch_present",
|
||
"config_source_of_truth_present",
|
||
"service_dependency_map_present",
|
||
"port_binding_inventory_present",
|
||
"cold_start_sequence_present",
|
||
"incident_recovery_evidence_present",
|
||
"daemon_runner_contention_reviewed",
|
||
"silent_restart_not_accepted",
|
||
"write_capable_requires_extra_review",
|
||
"no_runtime_request",
|
||
"counts_transition_safe"
|
||
],
|
||
"reviewer_outcome": "waiting_owner_response",
|
||
"rollback_owner": "pending_owner_response",
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_dependency_map_accepted": false,
|
||
"service_dependency_map_ref": null,
|
||
"service_scope": [
|
||
"systemd",
|
||
"docker",
|
||
"nginx",
|
||
"cron",
|
||
"k8s",
|
||
"host-configs"
|
||
],
|
||
"source_line_count": 359,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"status": "waiting_owner_response",
|
||
"sudo_action_authorized": false,
|
||
"supplement_requested": false,
|
||
"surface_id": "config_backup_host_capture",
|
||
"systemctl_action_authorized": false,
|
||
"write_capable_surface": false
|
||
}
|
||
],
|
||
"acceptance_fields": [
|
||
"acceptance_candidate_id",
|
||
"request_id",
|
||
"surface_id",
|
||
"label",
|
||
"expected_host_scope",
|
||
"config_kind",
|
||
"service_scope",
|
||
"control_tier",
|
||
"repo_source_path",
|
||
"repo_sha256",
|
||
"source_line_count",
|
||
"write_capable_surface",
|
||
"requires_live_evidence",
|
||
"owner_response_ref",
|
||
"owner_role_or_team",
|
||
"decision",
|
||
"decision_reason",
|
||
"affected_scope",
|
||
"redacted_evidence_refs",
|
||
"live_config_hash_ref",
|
||
"maintenance_window",
|
||
"restart_window",
|
||
"rollback_owner",
|
||
"post_check_plan",
|
||
"disable_switch",
|
||
"config_source_of_truth_ref",
|
||
"service_dependency_map_ref",
|
||
"port_binding_inventory_ref",
|
||
"cold_start_sequence_ref",
|
||
"incident_recovery_evidence_ref",
|
||
"daemon_runner_contention_ref",
|
||
"reviewer_outcome",
|
||
"followup_owner",
|
||
"not_approval"
|
||
],
|
||
"blocked_actions": [
|
||
"ssh_read",
|
||
"ssh_write",
|
||
"docker_compose_up",
|
||
"docker_compose_down",
|
||
"docker_compose_pull",
|
||
"systemctl_restart",
|
||
"systemctl_reload",
|
||
"repair_bot_execute",
|
||
"ansible_apply",
|
||
"sudo_action",
|
||
"host_file_write",
|
||
"firewall_change",
|
||
"secret_value_collection",
|
||
"active_scan",
|
||
"live_host_read",
|
||
"raw_live_config_storage",
|
||
"restart_without_window",
|
||
"rollback_without_owner",
|
||
"accept_silent_restart",
|
||
"treat_service_healthy_as_config_accepted",
|
||
"skip_config_source_of_truth_review",
|
||
"skip_service_dependency_map",
|
||
"skip_port_binding_review",
|
||
"skip_cold_start_sequence",
|
||
"hide_daemon_runner_contention",
|
||
"runtime_gate_open",
|
||
"add_action_button"
|
||
],
|
||
"execution_boundaries": {
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"ansible_apply_authorized": false,
|
||
"docker_compose_action_authorized": false,
|
||
"host_write_authorized": false,
|
||
"live_host_read_authorized": false,
|
||
"not_authorization": true,
|
||
"owner_response_accepted": false,
|
||
"repair_bot_execution_authorized": false,
|
||
"request_dispatch_authorized": false,
|
||
"runtime_execution_authorized": false,
|
||
"secret_value_collection_allowed": false,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"sudo_action_authorized": false,
|
||
"systemctl_action_authorized": false
|
||
},
|
||
"generated_at": "2026-06-15T14:45:00+08:00",
|
||
"git_commit": "a77317fe",
|
||
"next_steps": [
|
||
"等待 owner 以脫敏 metadata ref 回覆 live config hash、maintenance / restart window、rollback owner、post-check plan、disable switch、source of truth、依賴圖、port binding、cold-start sequence、incident recovery evidence 與 daemon / runner contention review。",
|
||
"收到回覆後先做欄位完整性、敏感 payload 隔離與 execution request 拒收,不得直接 host read、restart、repair-bot 或 Ansible apply。",
|
||
"write-capable 或事故回補 surface 必須額外 reviewer review,且 runtime gate 需獨立人工批准、rollback、dependency / port / cold-start 與 post-check 成立。"
|
||
],
|
||
"outcome_lanes": [
|
||
{
|
||
"lane_id": "waiting_owner_response",
|
||
"meaning": "尚未收到 owner response;所有 accepted / runtime count 維持 0。"
|
||
},
|
||
{
|
||
"lane_id": "quarantine_secret_or_raw_payload",
|
||
"meaning": "收到 secret、env dump、raw compose、raw systemd unit 或未脫敏 host config 時隔離。"
|
||
},
|
||
{
|
||
"lane_id": "reject_execution_request",
|
||
"meaning": "夾帶 SSH、docker compose、systemctl、repair-bot、Ansible、sudo 或 host write 要求時拒收。"
|
||
},
|
||
{
|
||
"lane_id": "request_supplement",
|
||
"meaning": "欄位不足、scope 不清、live hash ref / rollback / post-check 缺失時要求補件。"
|
||
},
|
||
{
|
||
"lane_id": "incident_recovery_backfill_required",
|
||
"meaning": "涉及服務異常、靜默重啟、端口事故或 cold-start recovery 時,必須進事故回補,不得直接 accepted。"
|
||
},
|
||
{
|
||
"lane_id": "ready_for_host_service_review",
|
||
"meaning": "metadata 合格後,只能進 host service reviewer review。"
|
||
},
|
||
{
|
||
"lane_id": "owner_review_only_update",
|
||
"meaning": "只允許更新只讀 owner review ledger,不得改 compose、systemd、repair-bot 或 Ansible。"
|
||
},
|
||
{
|
||
"lane_id": "waiting_runtime_gate",
|
||
"meaning": "即使 owner response accepted,runtime gate 仍等待獨立人工批准。"
|
||
}
|
||
],
|
||
"reviewer_checks": [
|
||
{
|
||
"check_id": "owner_identity_present",
|
||
"instruction": "owner role / team 必須可追溯。"
|
||
},
|
||
{
|
||
"check_id": "decision_reason_present",
|
||
"instruction": "decision 與 decision reason 必須同時存在。"
|
||
},
|
||
{
|
||
"check_id": "affected_scope_matches_surface",
|
||
"instruction": "affected scope 必須能對回 committed surface_id。"
|
||
},
|
||
{
|
||
"check_id": "redacted_refs_only",
|
||
"instruction": "evidence 只能是脫敏 ref、hash、ticket、commit 或 artifact pointer。"
|
||
},
|
||
{
|
||
"check_id": "secret_value_absent",
|
||
"instruction": "不得出現 token、password、cookie、private key、env dump 或 partial secret。"
|
||
},
|
||
{
|
||
"check_id": "live_config_hash_metadata_only",
|
||
"instruction": "live config hash 只能是 owner-provided metadata ref,不得貼 raw live config。"
|
||
},
|
||
{
|
||
"check_id": "maintenance_window_present",
|
||
"instruction": "未來 host read、restart、repair-bot 或 Ansible 動作需獨立維護窗口。"
|
||
},
|
||
{
|
||
"check_id": "restart_window_separate_from_action",
|
||
"instruction": "restart window 與 docker / systemctl action 必須分離,不得自動執行。"
|
||
},
|
||
{
|
||
"check_id": "rollback_owner_present",
|
||
"instruction": "rollback owner、rollback ref 或 disable path 必須存在。"
|
||
},
|
||
{
|
||
"check_id": "post_check_plan_present",
|
||
"instruction": "post-check 必須列服務健康、route、queue、log 與 rollback 停止條件。"
|
||
},
|
||
{
|
||
"check_id": "disable_switch_present",
|
||
"instruction": "repair-bot、Ansible role 或 service config 需有 disable switch 或 freeze rule。"
|
||
},
|
||
{
|
||
"check_id": "config_source_of_truth_present",
|
||
"instruction": "必須提供 repo source、live source、runner source 與 backup source 的真相來源 ref;不得只用口頭描述。"
|
||
},
|
||
{
|
||
"check_id": "service_dependency_map_present",
|
||
"instruction": "必須提供服務依賴 ref,涵蓋上游、下游、資料庫、queue、registry、AI provider 與 public route 影響。"
|
||
},
|
||
{
|
||
"check_id": "port_binding_inventory_present",
|
||
"instruction": "必須提供 port binding / exposure inventory ref,避免 host port、container port、proxy 與防火牆狀態彼此漂移。"
|
||
},
|
||
{
|
||
"check_id": "cold_start_sequence_present",
|
||
"instruction": "必須提供 cold-start / recovery sequence ref,明確列出 Docker daemon、compose stack、systemd unit、runner 與 post-check 順序。"
|
||
},
|
||
{
|
||
"check_id": "incident_recovery_evidence_present",
|
||
"instruction": "若回覆涉及服務異常、重啟或端口事故,必須提供恢復時間、服務健康、route health 與 operator notice ref。"
|
||
},
|
||
{
|
||
"check_id": "daemon_runner_contention_reviewed",
|
||
"instruction": "必須說明 Docker daemon、iptables / xtables、runner、repair-bot、backup job 或 compose action 是否可能互相競爭。"
|
||
},
|
||
{
|
||
"check_id": "silent_restart_not_accepted",
|
||
"instruction": "不得接受沒有 actor、原因、依賴圖、port inventory、回滾與 post-check 的靜默 restart / reload。"
|
||
},
|
||
{
|
||
"check_id": "write_capable_requires_extra_review",
|
||
"instruction": "write-capable surface 必須進額外 reviewer review,不得直接 accepted。"
|
||
},
|
||
{
|
||
"check_id": "no_runtime_request",
|
||
"instruction": "夾帶 SSH、Docker、systemctl、repair-bot、Ansible、sudo 或 host write 要求時拒收。"
|
||
},
|
||
{
|
||
"check_id": "counts_transition_safe",
|
||
"instruction": "只有 reviewer record 可更新 received / accepted / rejected;不得同時開 runtime gate。"
|
||
}
|
||
],
|
||
"schema_version": "host_service_owner_response_acceptance_v1",
|
||
"source_inventory_schema_version": "host_service_config_inventory_v1",
|
||
"source_inventory_status": "repo_only_inventory_ready",
|
||
"source_owner_request_schema_version": "host_service_owner_request_draft_v1",
|
||
"source_owner_request_status": "owner_request_draft_ready_not_dispatched",
|
||
"status": "owner_response_acceptance_ledger_ready_no_runtime_action",
|
||
"summary": {
|
||
"acceptance_candidate_count": 9,
|
||
"acceptance_field_count": 34,
|
||
"action_button_count": 0,
|
||
"active_scan_authorized_count": 0,
|
||
"ansible_apply_authorized_count": 0,
|
||
"blocked_action_count": 27,
|
||
"cold_start_sequence_accepted_count": 0,
|
||
"config_source_of_truth_accepted_count": 0,
|
||
"daemon_runner_contention_accepted_count": 0,
|
||
"disable_switch_accepted_count": 0,
|
||
"docker_compose_action_authorized_count": 0,
|
||
"host_write_authorized_count": 0,
|
||
"incident_recovery_evidence_accepted_count": 0,
|
||
"live_config_hash_accepted_count": 0,
|
||
"live_evidence_received_count": 0,
|
||
"live_evidence_required_candidate_count": 8,
|
||
"live_host_read_authorized_count": 0,
|
||
"maintenance_window_accepted_count": 0,
|
||
"outcome_lane_count": 8,
|
||
"owner_response_accepted_count": 0,
|
||
"owner_response_quarantined_count": 0,
|
||
"owner_response_received_count": 0,
|
||
"owner_response_rejected_count": 0,
|
||
"port_binding_inventory_accepted_count": 0,
|
||
"post_check_plan_accepted_count": 0,
|
||
"recipient_confirmed_count": 0,
|
||
"repair_bot_execution_authorized_count": 0,
|
||
"request_sent_count": 0,
|
||
"required_owner_field_count": 18,
|
||
"restart_window_accepted_count": 0,
|
||
"reviewer_check_count": 21,
|
||
"rollback_owner_accepted_count": 0,
|
||
"runtime_gate_count": 0,
|
||
"secret_value_collection_allowed_count": 0,
|
||
"service_dependency_map_accepted_count": 0,
|
||
"source_owner_request_count": 9,
|
||
"ssh_read_authorized_count": 0,
|
||
"ssh_write_authorized_count": 0,
|
||
"sudo_action_authorized_count": 0,
|
||
"supplement_requested_count": 0,
|
||
"systemctl_action_authorized_count": 0,
|
||
"write_capable_acceptance_candidate_count": 3
|
||
}
|
||
}
|