{ "schema_version": "1.0", "product_id": "ewoooc", "governance_profile": "global_product_governance_v2", "updated_at": "2026-07-10T18:30:00+08:00", "required_fields": [ "canonical_id", "asset_type", "owner_lane", "source_truth", "runtime_identity", "signal_freshness", "policy", "executor", "verifier", "backup_restore", "learning_targets" ], "assets": [ { "canonical_id": "product:ewoooc", "asset_type": "product", "owner_lane": "product-governance", "source_truth": "Gitea main plus production health and protected product surfaces", "runtime_identity": "https://mo.wooo.work", "signal_freshness": {"source": "commit", "runtime_target": "/health", "max_age_minutes": 15}, "policy": ["global_product_governance_v2", "CONSTITUTION.md"], "executor": "Gitea CD on ewoooc-host", "verifier": "production version truth plus HTTP and UI smoke", "backup_restore": "source in Gitea; runtime data handled by database and artifact lanes", "learning_targets": ["security governance review", "AI automation smoke", "KM/PlayBook"] }, { "canonical_id": "repo:gitea:wooo/ewoooc", "asset_type": "source_repository", "owner_lane": "source-control", "source_truth": "ssh://git@192.168.0.110:2222/wooo/ewoooc.git", "runtime_identity": "Gitea repository wooo/ewoooc", "signal_freshness": {"source": "git ls-remote", "runtime_target": "main/dev heads", "max_age_minutes": 30}, "policy": ["GitHub freeze", "protected main", "Gitea-only actions"], "executor": "git over Gitea SSH or Gitea job token", "verifier": "remote head readback and deploy marker", "backup_restore": "Gitea repository backup and offsite checksum lane", "learning_targets": ["source deploy runtime truth"] }, { "canonical_id": "pipeline:gitea-actions:ewoooc-cd", "asset_type": "deployment_pipeline", "owner_lane": "delivery", "source_truth": ".gitea/workflows/cd.yaml", "runtime_identity": "runner label ewoooc-host", "signal_freshness": {"source": "workflow commit", "runtime_target": "latest Gitea Action run", "max_age_minutes": 60}, "policy": ["Gitea-only", "momo-db protected", "three app containers only"], "executor": "Gitea act runner", "verifier": "CD health, version, smoke and post-deploy review", "backup_restore": "rollback by known-good Gitea commit and image", "learning_targets": ["CD failure classification", "deployment playbook"] }, { "canonical_id": "host:lan:110", "asset_type": "host_gateway", "owner_lane": "platform", "source_truth": "host and service runtime probes", "runtime_identity": "192.168.0.110", "signal_freshness": {"source": "SSH probe", "runtime_target": "gateway/Gitea/Nginx", "max_age_minutes": 15}, "policy": ["gateway and Gitea only", "cross-project isolation"], "executor": "bounded SSH via approved operator lane", "verifier": "independent service and public route probes", "backup_restore": "host configuration backup and Gitea dump lane", "learning_targets": ["host health", "routing incidents"] }, { "canonical_id": "host:lan:188", "asset_type": "production_host", "owner_lane": "runtime", "source_truth": "Docker runtime receipts on 192.168.0.188", "runtime_identity": "192.168.0.188", "signal_freshness": {"source": "SSH/Docker probe", "runtime_target": "EwoooC containers", "max_age_minutes": 10}, "policy": ["not an Ollama node", "momo-db protected", "cross-project isolation"], "executor": "Gitea CD bounded compose actions", "verifier": "container health plus external /health", "backup_restore": "database backup and application rollback lanes", "learning_targets": ["runtime incidents", "capacity history"] }, { "canonical_id": "host:gcp:ollama-a", "asset_type": "model_host", "owner_lane": "ai-runtime", "source_truth": "Ollama host health receipts", "runtime_identity": "34.87.90.216:11434", "signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20}, "policy": ["Ollama primary", "no secret payload logging"], "executor": "services.ollama_service", "verifier": "host health and model availability readback", "backup_restore": "fallback to GCP-B then 111", "learning_targets": ["model latency", "fallback cause"] }, { "canonical_id": "host:gcp:ollama-b", "asset_type": "model_host", "owner_lane": "ai-runtime", "source_truth": "Ollama host health receipts", "runtime_identity": "34.21.145.224:11434", "signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20}, "policy": ["Ollama secondary", "embedding fallback"], "executor": "services.ollama_service", "verifier": "host health and model availability readback", "backup_restore": "fallback to 111 for approved non-batch traffic", "learning_targets": ["model latency", "fallback cause"] }, { "canonical_id": "host:lan:ollama-111", "asset_type": "model_host", "owner_lane": "ai-runtime", "source_truth": "Ollama host health receipts", "runtime_identity": "192.168.0.111:11434", "signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20}, "policy": ["third fallback", "no background embedding batches"], "executor": "services.ollama_service", "verifier": "host health and route policy readback", "backup_restore": "no further model host fallback", "learning_targets": ["fallback exhaustion"] }, { "canonical_id": "network:public:mo.wooo.work", "asset_type": "dns_tls_route", "owner_lane": "edge", "source_truth": "public DNS/TLS/HTTP readback", "runtime_identity": "https://mo.wooo.work", "signal_freshness": {"source": "Blackbox", "runtime_target": "/health", "max_age_minutes": 5}, "policy": ["TLS only for user traffic", "health endpoint is lightweight"], "executor": "Nginx on 110", "verifier": "external TLS and HTTP probe", "backup_restore": "versioned Nginx configuration and rollback", "learning_targets": ["TLS expiry", "routing drift"] }, { "canonical_id": "service:ewoooc:momo-app", "asset_type": "application_service", "owner_lane": "runtime", "source_truth": "Docker inspect plus /health", "runtime_identity": "momo-pro-system", "signal_freshness": {"source": "Docker health", "runtime_target": "container port 80", "max_age_minutes": 5}, "policy": ["Gunicorn gthread", "HUP sync reload", "no momo-db lifecycle action"], "executor": "Gitea CD momo-app lane", "verifier": "internal and external /health plus version truth", "backup_restore": "known-good image and Gitea commit rollback", "learning_targets": ["HTTP errors", "worker latency", "security events"] }, { "canonical_id": "service:ewoooc:scheduler", "asset_type": "scheduler_service", "owner_lane": "automation-runtime", "source_truth": "Docker health and scheduler receipts", "runtime_identity": "momo-scheduler", "signal_freshness": {"source": "job receipts", "runtime_target": "scheduler process", "max_age_minutes": 15}, "policy": ["EventRouter", "bounded retry", "no momo-db restart"], "executor": "run_scheduler.py", "verifier": "scheduled health summary and job receipts", "backup_restore": "restart scheduler only; replay durable queues", "learning_targets": ["job failure recurrence", "MTTR"] }, { "canonical_id": "service:ewoooc:telegram-bot", "asset_type": "notification_service", "owner_lane": "automation-runtime", "source_truth": "Telegram API receipt plus Docker health", "runtime_identity": "momo-telegram-bot", "signal_freshness": {"source": "delivery receipt", "runtime_target": "bot process", "max_age_minutes": 15}, "policy": ["authorized users/groups", "webhook secret target", "queue replay"], "executor": "run_telegram_bot.py and OpenClaw webhook", "verifier": "delivery receipt and callback readback", "backup_restore": "file queue replay and bot restart only", "learning_targets": ["delivery failure", "unauthorized attempt"] }, { "canonical_id": "database:ewoooc:postgresql", "asset_type": "database", "owner_lane": "data", "source_truth": "PostgreSQL durable receipts and migrations", "runtime_identity": "momo-db", "signal_freshness": {"source": "SQL health", "runtime_target": "PostgreSQL", "max_age_minutes": 5}, "policy": ["protected resource", "pgvector primary", "no destructive automatic action"], "executor": "SQLAlchemy and idempotent migrations", "verifier": "independent readback queries and schema checks", "backup_restore": "scheduled backup, checksum, offsite copy and restore drill", "learning_targets": ["query health", "migration drift", "restore evidence"] }, { "canonical_id": "data:ewoooc:pchome-sales", "asset_type": "business_dataset", "owner_lane": "sales-data", "source_truth": "PostgreSQL sales tables plus import receipts", "runtime_identity": "daily and monthly PChome sales records", "signal_freshness": {"source": "import job receipt", "runtime_target": "latest business date", "max_age_minutes": 180}, "policy": ["real data only", "Taipei time", "no mock values"], "executor": "Google Drive/import services", "verifier": "row count, business date and duplicate checks", "backup_restore": "database backup and source file replay", "learning_targets": ["import errors", "freshness drift"] }, { "canonical_id": "data:ewoooc:market-intelligence", "asset_type": "business_dataset", "owner_lane": "market-intelligence", "source_truth": "source receipts, external_offers and guarded candidate artifacts", "runtime_identity": "market intel tables and receipt artifacts", "signal_freshness": {"source": "source receipt", "runtime_target": "offer freshness", "max_age_minutes": 1440}, "policy": ["provenance required", "PromotionGate", "no visual-only price write"], "executor": "market intel controlled apply lanes", "verifier": "identity matcher, PromotionGate and post-write readback", "backup_restore": "database backup and replayable evidence artifacts", "learning_targets": ["matcher quality", "false positive", "source barrier"] }, { "canonical_id": "integration:ewoooc:google-drive-import", "asset_type": "external_integration", "owner_lane": "sales-data", "source_truth": "Google Drive auth and import receipts", "runtime_identity": "auto_import service", "signal_freshness": {"source": "auth readiness", "runtime_target": "latest import job", "max_age_minutes": 180}, "policy": ["authenticated operator surface", "no credential exposure"], "executor": "services.google_drive_service", "verifier": "job status and database readback", "backup_restore": "replay source file without duplicate write", "learning_targets": ["auth expiry", "import parser failure"] }, { "canonical_id": "integration:ewoooc:telegram-webhook", "asset_type": "webhook", "owner_lane": "notification-security", "source_truth": "Telegram webhook configuration and request receipts", "runtime_identity": "/bot/telegram/webhook", "signal_freshness": {"source": "webhook info", "runtime_target": "secret verification", "max_age_minutes": 60}, "policy": ["secret token required target", "authorized user and group checks"], "executor": "OpenClaw Telegram webhook", "verifier": "invalid-secret rejection plus authorized callback canary", "backup_restore": "restore prior webhook URL and replay no pending updates", "learning_targets": ["auth failures", "duplicate updates"] }, { "canonical_id": "ai:ewoooc:ollama-router", "asset_type": "ai_runtime", "owner_lane": "ai-platform", "source_truth": "Ollama route and call receipts", "runtime_identity": "GCP-A -> GCP-B -> 111", "signal_freshness": {"source": "host probe", "runtime_target": "approved model route", "max_age_minutes": 20}, "policy": ["Ollama-first", "Gemini hard-disabled default", "188 forbidden"], "executor": "services.ollama_service", "verifier": "model route readback and fallback receipt", "backup_restore": "bounded fallback chain", "learning_targets": ["latency", "model error", "fallback rate"] }, { "canonical_id": "ai:ewoooc:mcp-router", "asset_type": "mcp_control_plane", "owner_lane": "ai-platform", "source_truth": "MCP registry plus live server health", "runtime_identity": "services.mcp_router and ports 3001-3004", "signal_freshness": {"source": "MCP smoke", "runtime_target": "tool server health", "max_age_minutes": 15}, "policy": ["known caller/tool allowlist", "Postgres/filesystem read-only"], "executor": "services.mcp_router", "verifier": "live health, call receipt and boundary tests", "backup_restore": "disable router and fall back to approved static/Ollama path", "learning_targets": ["tool success", "cache hit", "policy rejection"] }, { "canonical_id": "ai:ewoooc:rag-service", "asset_type": "rag_control_plane", "owner_lane": "ai-platform", "source_truth": "pgvector records and RAG query receipts", "runtime_identity": "services.rag_service", "signal_freshness": {"source": "RAG smoke", "runtime_target": "query/feedback logs", "max_age_minutes": 30}, "policy": ["pgvector only", "BGE-M3 signature", "PromotionGate"], "executor": "services.rag_service", "verifier": "candidate canary, signature and retrieval quality checks", "backup_restore": "disable retrieval and preserve structured DB truth", "learning_targets": ["hit rate", "feedback", "recurrence"] }, { "canonical_id": "ai:ewoooc:pixelrag", "asset_type": "visual_evidence_pipeline", "owner_lane": "market-intelligence", "source_truth": "screenshot, tile and replay receipts", "runtime_identity": "PixelRAG artifact lanes for 8 marketplaces", "signal_freshness": {"source": "artifact receipt", "runtime_target": "capture/replay readback", "max_age_minutes": 1440}, "policy": ["public evidence only", "blocked page is not product data", "no direct price write"], "executor": "PixelRAG capture and Ollama VLM workers", "verifier": "identity, PromotionGate, embedding signature and RAG canary", "backup_restore": "immutable artifact receipts and no-write terminal", "learning_targets": ["capture quality", "VLM confidence", "platform barrier"] }, { "canonical_id": "observability:ewoooc:security-runtime", "asset_type": "logs_metrics_traces_alerts", "owner_lane": "observability", "source_truth": "Prometheus, Grafana, logs, alerts, security runtime receipt and Telegram receipts", "runtime_identity": "/metrics plus AI automation smoke", "signal_freshness": {"source": "scrape and alert receipt", "runtime_target": "security/governance families", "max_age_minutes": 15}, "policy": ["no public operational logs", "lifecycle receipts", "freshness SLO"], "executor": "Prometheus/Blackbox/EventRouter", "verifier": "alert-chain and dashboard readback", "backup_restore": "metrics retention and durable incident receipts", "learning_targets": ["MTTA", "MTTR", "false positive", "rollback rate"] }, { "canonical_id": "backup:ewoooc:database-artifacts", "asset_type": "backup_restore", "owner_lane": "resilience", "source_truth": "backup checksum and restore drill receipts", "runtime_identity": "database and artifact backup lanes", "signal_freshness": {"source": "backup receipt", "runtime_target": "latest successful restore drill", "max_age_minutes": 10080}, "policy": ["checksum required", "offsite required", "restore drill required"], "executor": "backup services and controlled restore workflow", "verifier": "independent checksum plus isolated restore query", "backup_restore": "this asset owns the recovery evidence itself", "learning_targets": ["RPO", "RTO", "restore failure"] }, { "canonical_id": "supply-chain:ewoooc:python-container", "asset_type": "packages_images_sbom", "owner_lane": "software-supply-chain", "source_truth": "requirements, .dockerignore, source receipt, image digest, SBOM and vulnerability receipts", "runtime_identity": "EwoooC Python 3.11 container image", "signal_freshness": {"source": "CD security gate", "runtime_target": "deployed image digest", "max_age_minutes": 1440}, "policy": ["Gitea/internal sources", "secret-safe Docker context", "exact dependency lock target", "no GitHub action dependency"], "executor": "Gitea CD build lane", "verifier": "SAST, SCA, secret scan, SBOM and provenance checks", "backup_restore": "known-good immutable image digest", "learning_targets": ["CVE age", "dependency drift", "build provenance"] }, { "canonical_id": "quality:ewoooc:test-control-plane", "asset_type": "test_and_release_evidence", "owner_lane": "quality-governance", "source_truth": "pytest collection, deterministic release suite and runtime canary receipts", "runtime_identity": "Gitea release gate plus scheduled nightly and production smoke lanes", "signal_freshness": {"source": "governance/security_governance_review_baseline.json", "runtime_target": "latest Gitea and production verifier receipts", "max_age_minutes": 1440}, "policy": ["release tests deterministic", "nightly integration separated", "production canary read-only first"], "executor": "pytest and Gitea Actions", "verifier": "collection gate, focused security suites and post-deploy smoke", "backup_restore": "Gitea test source plus immutable test result receipt", "learning_targets": ["flake rate", "failure age", "collection drift", "runtime escape rate"] }, { "canonical_id": "surface:ewoooc:primary-ui-api", "asset_type": "product_surface", "owner_lane": "product-experience", "source_truth": "Flask route map, templates and production visual readback", "runtime_identity": "primary desktop and mobile user workflows", "signal_freshness": {"source": "sitewide visual QA", "runtime_target": "desktop/mobile screenshots", "max_age_minutes": 1440}, "policy": ["Traditional Chinese", "progressive disclosure", "authenticated operator surfaces", "no text walls"], "executor": "Flask/Jinja frontend", "verifier": "route, accessibility, responsive and visual smoke", "backup_restore": "Gitea commit and frontend asset rollback", "learning_targets": ["task completion", "error state", "text density"] } ], "reconciliation": { "status": "partial", "source_inventory_complete": true, "runtime_receipts_complete": false, "next_machine_action": "probe_all_assets_and_write_same-run_reconciliation_receipt" } }