366 lines
19 KiB
JSON
366 lines
19 KiB
JSON
{
|
|
"schema_version": "1.0",
|
|
"product_id": "ewoooc",
|
|
"governance_profile": "global_product_governance_v2",
|
|
"updated_at": "2026-07-10T18:30:00+08:00",
|
|
"required_fields": [
|
|
"canonical_id",
|
|
"asset_type",
|
|
"owner_lane",
|
|
"source_truth",
|
|
"runtime_identity",
|
|
"signal_freshness",
|
|
"policy",
|
|
"executor",
|
|
"verifier",
|
|
"backup_restore",
|
|
"learning_targets"
|
|
],
|
|
"assets": [
|
|
{
|
|
"canonical_id": "product:ewoooc",
|
|
"asset_type": "product",
|
|
"owner_lane": "product-governance",
|
|
"source_truth": "Gitea main plus production health and protected product surfaces",
|
|
"runtime_identity": "https://mo.wooo.work",
|
|
"signal_freshness": {"source": "commit", "runtime_target": "/health", "max_age_minutes": 15},
|
|
"policy": ["global_product_governance_v2", "CONSTITUTION.md"],
|
|
"executor": "Gitea CD on ewoooc-host",
|
|
"verifier": "production version truth plus HTTP and UI smoke",
|
|
"backup_restore": "source in Gitea; runtime data handled by database and artifact lanes",
|
|
"learning_targets": ["security governance review", "AI automation smoke", "KM/PlayBook"]
|
|
},
|
|
{
|
|
"canonical_id": "repo:gitea:wooo/ewoooc",
|
|
"asset_type": "source_repository",
|
|
"owner_lane": "source-control",
|
|
"source_truth": "ssh://git@192.168.0.110:2222/wooo/ewoooc.git",
|
|
"runtime_identity": "Gitea repository wooo/ewoooc",
|
|
"signal_freshness": {"source": "git ls-remote", "runtime_target": "main/dev heads", "max_age_minutes": 30},
|
|
"policy": ["GitHub freeze", "protected main", "Gitea-only actions"],
|
|
"executor": "git over Gitea SSH or Gitea job token",
|
|
"verifier": "remote head readback and deploy marker",
|
|
"backup_restore": "Gitea repository backup and offsite checksum lane",
|
|
"learning_targets": ["source deploy runtime truth"]
|
|
},
|
|
{
|
|
"canonical_id": "pipeline:gitea-actions:ewoooc-cd",
|
|
"asset_type": "deployment_pipeline",
|
|
"owner_lane": "delivery",
|
|
"source_truth": ".gitea/workflows/cd.yaml",
|
|
"runtime_identity": "runner label ewoooc-host",
|
|
"signal_freshness": {"source": "workflow commit", "runtime_target": "latest Gitea Action run", "max_age_minutes": 60},
|
|
"policy": ["Gitea-only", "momo-db protected", "three app containers only"],
|
|
"executor": "Gitea act runner",
|
|
"verifier": "CD health, version, smoke and post-deploy review",
|
|
"backup_restore": "rollback by known-good Gitea commit and image",
|
|
"learning_targets": ["CD failure classification", "deployment playbook"]
|
|
},
|
|
{
|
|
"canonical_id": "host:lan:110",
|
|
"asset_type": "host_gateway",
|
|
"owner_lane": "platform",
|
|
"source_truth": "host and service runtime probes",
|
|
"runtime_identity": "192.168.0.110",
|
|
"signal_freshness": {"source": "SSH probe", "runtime_target": "gateway/Gitea/Nginx", "max_age_minutes": 15},
|
|
"policy": ["gateway and Gitea only", "cross-project isolation"],
|
|
"executor": "bounded SSH via approved operator lane",
|
|
"verifier": "independent service and public route probes",
|
|
"backup_restore": "host configuration backup and Gitea dump lane",
|
|
"learning_targets": ["host health", "routing incidents"]
|
|
},
|
|
{
|
|
"canonical_id": "host:lan:188",
|
|
"asset_type": "production_host",
|
|
"owner_lane": "runtime",
|
|
"source_truth": "Docker runtime receipts on 192.168.0.188",
|
|
"runtime_identity": "192.168.0.188",
|
|
"signal_freshness": {"source": "SSH/Docker probe", "runtime_target": "EwoooC containers", "max_age_minutes": 10},
|
|
"policy": ["not an Ollama node", "momo-db protected", "cross-project isolation"],
|
|
"executor": "Gitea CD bounded compose actions",
|
|
"verifier": "container health plus external /health",
|
|
"backup_restore": "database backup and application rollback lanes",
|
|
"learning_targets": ["runtime incidents", "capacity history"]
|
|
},
|
|
{
|
|
"canonical_id": "host:gcp:ollama-a",
|
|
"asset_type": "model_host",
|
|
"owner_lane": "ai-runtime",
|
|
"source_truth": "Ollama host health receipts",
|
|
"runtime_identity": "34.87.90.216:11434",
|
|
"signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20},
|
|
"policy": ["Ollama primary", "no secret payload logging"],
|
|
"executor": "services.ollama_service",
|
|
"verifier": "host health and model availability readback",
|
|
"backup_restore": "fallback to GCP-B then 111",
|
|
"learning_targets": ["model latency", "fallback cause"]
|
|
},
|
|
{
|
|
"canonical_id": "host:gcp:ollama-b",
|
|
"asset_type": "model_host",
|
|
"owner_lane": "ai-runtime",
|
|
"source_truth": "Ollama host health receipts",
|
|
"runtime_identity": "34.21.145.224:11434",
|
|
"signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20},
|
|
"policy": ["Ollama secondary", "embedding fallback"],
|
|
"executor": "services.ollama_service",
|
|
"verifier": "host health and model availability readback",
|
|
"backup_restore": "fallback to 111 for approved non-batch traffic",
|
|
"learning_targets": ["model latency", "fallback cause"]
|
|
},
|
|
{
|
|
"canonical_id": "host:lan:ollama-111",
|
|
"asset_type": "model_host",
|
|
"owner_lane": "ai-runtime",
|
|
"source_truth": "Ollama host health receipts",
|
|
"runtime_identity": "192.168.0.111:11434",
|
|
"signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20},
|
|
"policy": ["third fallback", "no background embedding batches"],
|
|
"executor": "services.ollama_service",
|
|
"verifier": "host health and route policy readback",
|
|
"backup_restore": "no further model host fallback",
|
|
"learning_targets": ["fallback exhaustion"]
|
|
},
|
|
{
|
|
"canonical_id": "network:public:mo.wooo.work",
|
|
"asset_type": "dns_tls_route",
|
|
"owner_lane": "edge",
|
|
"source_truth": "public DNS/TLS/HTTP readback",
|
|
"runtime_identity": "https://mo.wooo.work",
|
|
"signal_freshness": {"source": "Blackbox", "runtime_target": "/health", "max_age_minutes": 5},
|
|
"policy": ["TLS only for user traffic", "health endpoint is lightweight"],
|
|
"executor": "Nginx on 110",
|
|
"verifier": "external TLS and HTTP probe",
|
|
"backup_restore": "versioned Nginx configuration and rollback",
|
|
"learning_targets": ["TLS expiry", "routing drift"]
|
|
},
|
|
{
|
|
"canonical_id": "service:ewoooc:momo-app",
|
|
"asset_type": "application_service",
|
|
"owner_lane": "runtime",
|
|
"source_truth": "Docker inspect plus /health",
|
|
"runtime_identity": "momo-pro-system",
|
|
"signal_freshness": {"source": "Docker health", "runtime_target": "container port 80", "max_age_minutes": 5},
|
|
"policy": ["Gunicorn gthread", "HUP sync reload", "no momo-db lifecycle action"],
|
|
"executor": "Gitea CD momo-app lane",
|
|
"verifier": "internal and external /health plus version truth",
|
|
"backup_restore": "known-good image and Gitea commit rollback",
|
|
"learning_targets": ["HTTP errors", "worker latency", "security events"]
|
|
},
|
|
{
|
|
"canonical_id": "service:ewoooc:scheduler",
|
|
"asset_type": "scheduler_service",
|
|
"owner_lane": "automation-runtime",
|
|
"source_truth": "Docker health and scheduler receipts",
|
|
"runtime_identity": "momo-scheduler",
|
|
"signal_freshness": {"source": "job receipts", "runtime_target": "scheduler process", "max_age_minutes": 15},
|
|
"policy": ["EventRouter", "bounded retry", "no momo-db restart"],
|
|
"executor": "run_scheduler.py",
|
|
"verifier": "scheduled health summary and job receipts",
|
|
"backup_restore": "restart scheduler only; replay durable queues",
|
|
"learning_targets": ["job failure recurrence", "MTTR"]
|
|
},
|
|
{
|
|
"canonical_id": "service:ewoooc:telegram-bot",
|
|
"asset_type": "notification_service",
|
|
"owner_lane": "automation-runtime",
|
|
"source_truth": "Telegram API receipt plus Docker health",
|
|
"runtime_identity": "momo-telegram-bot",
|
|
"signal_freshness": {"source": "delivery receipt", "runtime_target": "bot process", "max_age_minutes": 15},
|
|
"policy": ["authorized users/groups", "webhook secret target", "queue replay"],
|
|
"executor": "run_telegram_bot.py and OpenClaw webhook",
|
|
"verifier": "delivery receipt and callback readback",
|
|
"backup_restore": "file queue replay and bot restart only",
|
|
"learning_targets": ["delivery failure", "unauthorized attempt"]
|
|
},
|
|
{
|
|
"canonical_id": "database:ewoooc:postgresql",
|
|
"asset_type": "database",
|
|
"owner_lane": "data",
|
|
"source_truth": "PostgreSQL durable receipts and migrations",
|
|
"runtime_identity": "momo-db",
|
|
"signal_freshness": {"source": "SQL health", "runtime_target": "PostgreSQL", "max_age_minutes": 5},
|
|
"policy": ["protected resource", "pgvector primary", "no destructive automatic action"],
|
|
"executor": "SQLAlchemy and idempotent migrations",
|
|
"verifier": "independent readback queries and schema checks",
|
|
"backup_restore": "scheduled backup, checksum, offsite copy and restore drill",
|
|
"learning_targets": ["query health", "migration drift", "restore evidence"]
|
|
},
|
|
{
|
|
"canonical_id": "data:ewoooc:pchome-sales",
|
|
"asset_type": "business_dataset",
|
|
"owner_lane": "sales-data",
|
|
"source_truth": "PostgreSQL sales tables plus import receipts",
|
|
"runtime_identity": "daily and monthly PChome sales records",
|
|
"signal_freshness": {"source": "import job receipt", "runtime_target": "latest business date", "max_age_minutes": 180},
|
|
"policy": ["real data only", "Taipei time", "no mock values"],
|
|
"executor": "Google Drive/import services",
|
|
"verifier": "row count, business date and duplicate checks",
|
|
"backup_restore": "database backup and source file replay",
|
|
"learning_targets": ["import errors", "freshness drift"]
|
|
},
|
|
{
|
|
"canonical_id": "data:ewoooc:market-intelligence",
|
|
"asset_type": "business_dataset",
|
|
"owner_lane": "market-intelligence",
|
|
"source_truth": "source receipts, external_offers and guarded candidate artifacts",
|
|
"runtime_identity": "market intel tables and receipt artifacts",
|
|
"signal_freshness": {"source": "source receipt", "runtime_target": "offer freshness", "max_age_minutes": 1440},
|
|
"policy": ["provenance required", "PromotionGate", "no visual-only price write"],
|
|
"executor": "market intel controlled apply lanes",
|
|
"verifier": "identity matcher, PromotionGate and post-write readback",
|
|
"backup_restore": "database backup and replayable evidence artifacts",
|
|
"learning_targets": ["matcher quality", "false positive", "source barrier"]
|
|
},
|
|
{
|
|
"canonical_id": "integration:ewoooc:google-drive-import",
|
|
"asset_type": "external_integration",
|
|
"owner_lane": "sales-data",
|
|
"source_truth": "Google Drive auth and import receipts",
|
|
"runtime_identity": "auto_import service",
|
|
"signal_freshness": {"source": "auth readiness", "runtime_target": "latest import job", "max_age_minutes": 180},
|
|
"policy": ["authenticated operator surface", "no credential exposure"],
|
|
"executor": "services.google_drive_service",
|
|
"verifier": "job status and database readback",
|
|
"backup_restore": "replay source file without duplicate write",
|
|
"learning_targets": ["auth expiry", "import parser failure"]
|
|
},
|
|
{
|
|
"canonical_id": "integration:ewoooc:telegram-webhook",
|
|
"asset_type": "webhook",
|
|
"owner_lane": "notification-security",
|
|
"source_truth": "Telegram webhook configuration and request receipts",
|
|
"runtime_identity": "/bot/telegram/webhook",
|
|
"signal_freshness": {"source": "webhook info", "runtime_target": "secret verification", "max_age_minutes": 60},
|
|
"policy": ["secret token required target", "authorized user and group checks"],
|
|
"executor": "OpenClaw Telegram webhook",
|
|
"verifier": "invalid-secret rejection plus authorized callback canary",
|
|
"backup_restore": "restore prior webhook URL and replay no pending updates",
|
|
"learning_targets": ["auth failures", "duplicate updates"]
|
|
},
|
|
{
|
|
"canonical_id": "ai:ewoooc:ollama-router",
|
|
"asset_type": "ai_runtime",
|
|
"owner_lane": "ai-platform",
|
|
"source_truth": "Ollama route and call receipts",
|
|
"runtime_identity": "GCP-A -> GCP-B -> 111",
|
|
"signal_freshness": {"source": "host probe", "runtime_target": "approved model route", "max_age_minutes": 20},
|
|
"policy": ["Ollama-first", "Gemini hard-disabled default", "188 forbidden"],
|
|
"executor": "services.ollama_service",
|
|
"verifier": "model route readback and fallback receipt",
|
|
"backup_restore": "bounded fallback chain",
|
|
"learning_targets": ["latency", "model error", "fallback rate"]
|
|
},
|
|
{
|
|
"canonical_id": "ai:ewoooc:mcp-router",
|
|
"asset_type": "mcp_control_plane",
|
|
"owner_lane": "ai-platform",
|
|
"source_truth": "MCP registry plus live server health",
|
|
"runtime_identity": "services.mcp_router and ports 3001-3004",
|
|
"signal_freshness": {"source": "MCP smoke", "runtime_target": "tool server health", "max_age_minutes": 15},
|
|
"policy": ["known caller/tool allowlist", "Postgres/filesystem read-only"],
|
|
"executor": "services.mcp_router",
|
|
"verifier": "live health, call receipt and boundary tests",
|
|
"backup_restore": "disable router and fall back to approved static/Ollama path",
|
|
"learning_targets": ["tool success", "cache hit", "policy rejection"]
|
|
},
|
|
{
|
|
"canonical_id": "ai:ewoooc:rag-service",
|
|
"asset_type": "rag_control_plane",
|
|
"owner_lane": "ai-platform",
|
|
"source_truth": "pgvector records and RAG query receipts",
|
|
"runtime_identity": "services.rag_service",
|
|
"signal_freshness": {"source": "RAG smoke", "runtime_target": "query/feedback logs", "max_age_minutes": 30},
|
|
"policy": ["pgvector only", "BGE-M3 signature", "PromotionGate"],
|
|
"executor": "services.rag_service",
|
|
"verifier": "candidate canary, signature and retrieval quality checks",
|
|
"backup_restore": "disable retrieval and preserve structured DB truth",
|
|
"learning_targets": ["hit rate", "feedback", "recurrence"]
|
|
},
|
|
{
|
|
"canonical_id": "ai:ewoooc:pixelrag",
|
|
"asset_type": "visual_evidence_pipeline",
|
|
"owner_lane": "market-intelligence",
|
|
"source_truth": "screenshot, tile and replay receipts",
|
|
"runtime_identity": "PixelRAG artifact lanes for 8 marketplaces",
|
|
"signal_freshness": {"source": "artifact receipt", "runtime_target": "capture/replay readback", "max_age_minutes": 1440},
|
|
"policy": ["public evidence only", "blocked page is not product data", "no direct price write"],
|
|
"executor": "PixelRAG capture and Ollama VLM workers",
|
|
"verifier": "identity, PromotionGate, embedding signature and RAG canary",
|
|
"backup_restore": "immutable artifact receipts and no-write terminal",
|
|
"learning_targets": ["capture quality", "VLM confidence", "platform barrier"]
|
|
},
|
|
{
|
|
"canonical_id": "observability:ewoooc:security-runtime",
|
|
"asset_type": "logs_metrics_traces_alerts",
|
|
"owner_lane": "observability",
|
|
"source_truth": "Prometheus, Grafana, logs, alerts, security runtime receipt and Telegram receipts",
|
|
"runtime_identity": "/metrics plus AI automation smoke",
|
|
"signal_freshness": {"source": "scrape and alert receipt", "runtime_target": "security/governance families", "max_age_minutes": 15},
|
|
"policy": ["no public operational logs", "lifecycle receipts", "freshness SLO"],
|
|
"executor": "Prometheus/Blackbox/EventRouter",
|
|
"verifier": "alert-chain and dashboard readback",
|
|
"backup_restore": "metrics retention and durable incident receipts",
|
|
"learning_targets": ["MTTA", "MTTR", "false positive", "rollback rate"]
|
|
},
|
|
{
|
|
"canonical_id": "backup:ewoooc:database-artifacts",
|
|
"asset_type": "backup_restore",
|
|
"owner_lane": "resilience",
|
|
"source_truth": "backup checksum and restore drill receipts",
|
|
"runtime_identity": "database and artifact backup lanes",
|
|
"signal_freshness": {"source": "backup receipt", "runtime_target": "latest successful restore drill", "max_age_minutes": 10080},
|
|
"policy": ["checksum required", "offsite required", "restore drill required"],
|
|
"executor": "backup services and controlled restore workflow",
|
|
"verifier": "independent checksum plus isolated restore query",
|
|
"backup_restore": "this asset owns the recovery evidence itself",
|
|
"learning_targets": ["RPO", "RTO", "restore failure"]
|
|
},
|
|
{
|
|
"canonical_id": "supply-chain:ewoooc:python-container",
|
|
"asset_type": "packages_images_sbom",
|
|
"owner_lane": "software-supply-chain",
|
|
"source_truth": "requirements, .dockerignore, source receipt, image digest, SBOM and vulnerability receipts",
|
|
"runtime_identity": "EwoooC Python 3.11 container image",
|
|
"signal_freshness": {"source": "CD security gate", "runtime_target": "deployed image digest", "max_age_minutes": 1440},
|
|
"policy": ["Gitea/internal sources", "secret-safe Docker context", "exact dependency lock target", "no GitHub action dependency"],
|
|
"executor": "Gitea CD build lane",
|
|
"verifier": "SAST, SCA, secret scan, SBOM and provenance checks",
|
|
"backup_restore": "known-good immutable image digest",
|
|
"learning_targets": ["CVE age", "dependency drift", "build provenance"]
|
|
},
|
|
{
|
|
"canonical_id": "quality:ewoooc:test-control-plane",
|
|
"asset_type": "test_and_release_evidence",
|
|
"owner_lane": "quality-governance",
|
|
"source_truth": "pytest collection, deterministic release suite and runtime canary receipts",
|
|
"runtime_identity": "Gitea release gate plus scheduled nightly and production smoke lanes",
|
|
"signal_freshness": {"source": "governance/security_governance_review_baseline.json", "runtime_target": "latest Gitea and production verifier receipts", "max_age_minutes": 1440},
|
|
"policy": ["release tests deterministic", "nightly integration separated", "production canary read-only first"],
|
|
"executor": "pytest and Gitea Actions",
|
|
"verifier": "collection gate, focused security suites and post-deploy smoke",
|
|
"backup_restore": "Gitea test source plus immutable test result receipt",
|
|
"learning_targets": ["flake rate", "failure age", "collection drift", "runtime escape rate"]
|
|
},
|
|
{
|
|
"canonical_id": "surface:ewoooc:primary-ui-api",
|
|
"asset_type": "product_surface",
|
|
"owner_lane": "product-experience",
|
|
"source_truth": "Flask route map, templates and production visual readback",
|
|
"runtime_identity": "primary desktop and mobile user workflows",
|
|
"signal_freshness": {"source": "sitewide visual QA", "runtime_target": "desktop/mobile screenshots", "max_age_minutes": 1440},
|
|
"policy": ["Traditional Chinese", "progressive disclosure", "authenticated operator surfaces", "no text walls"],
|
|
"executor": "Flask/Jinja frontend",
|
|
"verifier": "route, accessibility, responsive and visual smoke",
|
|
"backup_restore": "Gitea commit and frontend asset rollback",
|
|
"learning_targets": ["task completion", "error state", "text density"]
|
|
}
|
|
],
|
|
"reconciliation": {
|
|
"status": "partial",
|
|
"source_inventory_complete": true,
|
|
"runtime_receipts_complete": false,
|
|
"next_machine_action": "probe_all_assets_and_write_same-run_reconciliation_receipt"
|
|
}
|
|
}
|