Files
ewoooc/governance/ewoooc_asset_inventory.json

366 lines
19 KiB
JSON

{
"schema_version": "1.0",
"product_id": "ewoooc",
"governance_profile": "global_product_governance_v2",
"updated_at": "2026-07-10T18:30:00+08:00",
"required_fields": [
"canonical_id",
"asset_type",
"owner_lane",
"source_truth",
"runtime_identity",
"signal_freshness",
"policy",
"executor",
"verifier",
"backup_restore",
"learning_targets"
],
"assets": [
{
"canonical_id": "product:ewoooc",
"asset_type": "product",
"owner_lane": "product-governance",
"source_truth": "Gitea main plus production health and protected product surfaces",
"runtime_identity": "https://mo.wooo.work",
"signal_freshness": {"source": "commit", "runtime_target": "/health", "max_age_minutes": 15},
"policy": ["global_product_governance_v2", "CONSTITUTION.md"],
"executor": "Gitea CD on ewoooc-host",
"verifier": "production version truth plus HTTP and UI smoke",
"backup_restore": "source in Gitea; runtime data handled by database and artifact lanes",
"learning_targets": ["security governance review", "AI automation smoke", "KM/PlayBook"]
},
{
"canonical_id": "repo:gitea:wooo/ewoooc",
"asset_type": "source_repository",
"owner_lane": "source-control",
"source_truth": "ssh://git@192.168.0.110:2222/wooo/ewoooc.git",
"runtime_identity": "Gitea repository wooo/ewoooc",
"signal_freshness": {"source": "git ls-remote", "runtime_target": "main/dev heads", "max_age_minutes": 30},
"policy": ["GitHub freeze", "protected main", "Gitea-only actions"],
"executor": "git over Gitea SSH or Gitea job token",
"verifier": "remote head readback and deploy marker",
"backup_restore": "Gitea repository backup and offsite checksum lane",
"learning_targets": ["source deploy runtime truth"]
},
{
"canonical_id": "pipeline:gitea-actions:ewoooc-cd",
"asset_type": "deployment_pipeline",
"owner_lane": "delivery",
"source_truth": ".gitea/workflows/cd.yaml",
"runtime_identity": "runner label ewoooc-host",
"signal_freshness": {"source": "workflow commit", "runtime_target": "latest Gitea Action run", "max_age_minutes": 60},
"policy": ["Gitea-only", "momo-db protected", "three app containers only"],
"executor": "Gitea act runner",
"verifier": "CD health, version, smoke and post-deploy review",
"backup_restore": "rollback by known-good Gitea commit and image",
"learning_targets": ["CD failure classification", "deployment playbook"]
},
{
"canonical_id": "host:lan:110",
"asset_type": "host_gateway",
"owner_lane": "platform",
"source_truth": "host and service runtime probes",
"runtime_identity": "192.168.0.110",
"signal_freshness": {"source": "SSH probe", "runtime_target": "gateway/Gitea/Nginx", "max_age_minutes": 15},
"policy": ["gateway and Gitea only", "cross-project isolation"],
"executor": "bounded SSH via approved operator lane",
"verifier": "independent service and public route probes",
"backup_restore": "host configuration backup and Gitea dump lane",
"learning_targets": ["host health", "routing incidents"]
},
{
"canonical_id": "host:lan:188",
"asset_type": "production_host",
"owner_lane": "runtime",
"source_truth": "Docker runtime receipts on 192.168.0.188",
"runtime_identity": "192.168.0.188",
"signal_freshness": {"source": "SSH/Docker probe", "runtime_target": "EwoooC containers", "max_age_minutes": 10},
"policy": ["not an Ollama node", "momo-db protected", "cross-project isolation"],
"executor": "Gitea CD bounded compose actions",
"verifier": "container health plus external /health",
"backup_restore": "database backup and application rollback lanes",
"learning_targets": ["runtime incidents", "capacity history"]
},
{
"canonical_id": "host:gcp:ollama-a",
"asset_type": "model_host",
"owner_lane": "ai-runtime",
"source_truth": "Ollama host health receipts",
"runtime_identity": "34.87.90.216:11434",
"signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20},
"policy": ["Ollama primary", "no secret payload logging"],
"executor": "services.ollama_service",
"verifier": "host health and model availability readback",
"backup_restore": "fallback to GCP-B then 111",
"learning_targets": ["model latency", "fallback cause"]
},
{
"canonical_id": "host:gcp:ollama-b",
"asset_type": "model_host",
"owner_lane": "ai-runtime",
"source_truth": "Ollama host health receipts",
"runtime_identity": "34.21.145.224:11434",
"signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20},
"policy": ["Ollama secondary", "embedding fallback"],
"executor": "services.ollama_service",
"verifier": "host health and model availability readback",
"backup_restore": "fallback to 111 for approved non-batch traffic",
"learning_targets": ["model latency", "fallback cause"]
},
{
"canonical_id": "host:lan:ollama-111",
"asset_type": "model_host",
"owner_lane": "ai-runtime",
"source_truth": "Ollama host health receipts",
"runtime_identity": "192.168.0.111:11434",
"signal_freshness": {"source": "approved model probe", "runtime_target": "/api/tags", "max_age_minutes": 20},
"policy": ["third fallback", "no background embedding batches"],
"executor": "services.ollama_service",
"verifier": "host health and route policy readback",
"backup_restore": "no further model host fallback",
"learning_targets": ["fallback exhaustion"]
},
{
"canonical_id": "network:public:mo.wooo.work",
"asset_type": "dns_tls_route",
"owner_lane": "edge",
"source_truth": "public DNS/TLS/HTTP readback",
"runtime_identity": "https://mo.wooo.work",
"signal_freshness": {"source": "Blackbox", "runtime_target": "/health", "max_age_minutes": 5},
"policy": ["TLS only for user traffic", "health endpoint is lightweight"],
"executor": "Nginx on 110",
"verifier": "external TLS and HTTP probe",
"backup_restore": "versioned Nginx configuration and rollback",
"learning_targets": ["TLS expiry", "routing drift"]
},
{
"canonical_id": "service:ewoooc:momo-app",
"asset_type": "application_service",
"owner_lane": "runtime",
"source_truth": "Docker inspect plus /health",
"runtime_identity": "momo-pro-system",
"signal_freshness": {"source": "Docker health", "runtime_target": "container port 80", "max_age_minutes": 5},
"policy": ["Gunicorn gthread", "HUP sync reload", "no momo-db lifecycle action"],
"executor": "Gitea CD momo-app lane",
"verifier": "internal and external /health plus version truth",
"backup_restore": "known-good image and Gitea commit rollback",
"learning_targets": ["HTTP errors", "worker latency", "security events"]
},
{
"canonical_id": "service:ewoooc:scheduler",
"asset_type": "scheduler_service",
"owner_lane": "automation-runtime",
"source_truth": "Docker health and scheduler receipts",
"runtime_identity": "momo-scheduler",
"signal_freshness": {"source": "job receipts", "runtime_target": "scheduler process", "max_age_minutes": 15},
"policy": ["EventRouter", "bounded retry", "no momo-db restart"],
"executor": "run_scheduler.py",
"verifier": "scheduled health summary and job receipts",
"backup_restore": "restart scheduler only; replay durable queues",
"learning_targets": ["job failure recurrence", "MTTR"]
},
{
"canonical_id": "service:ewoooc:telegram-bot",
"asset_type": "notification_service",
"owner_lane": "automation-runtime",
"source_truth": "Telegram API receipt plus Docker health",
"runtime_identity": "momo-telegram-bot",
"signal_freshness": {"source": "delivery receipt", "runtime_target": "bot process", "max_age_minutes": 15},
"policy": ["authorized users/groups", "webhook secret target", "queue replay"],
"executor": "run_telegram_bot.py and OpenClaw webhook",
"verifier": "delivery receipt and callback readback",
"backup_restore": "file queue replay and bot restart only",
"learning_targets": ["delivery failure", "unauthorized attempt"]
},
{
"canonical_id": "database:ewoooc:postgresql",
"asset_type": "database",
"owner_lane": "data",
"source_truth": "PostgreSQL durable receipts and migrations",
"runtime_identity": "momo-db",
"signal_freshness": {"source": "SQL health", "runtime_target": "PostgreSQL", "max_age_minutes": 5},
"policy": ["protected resource", "pgvector primary", "no destructive automatic action"],
"executor": "SQLAlchemy and idempotent migrations",
"verifier": "independent readback queries and schema checks",
"backup_restore": "scheduled backup, checksum, offsite copy and restore drill",
"learning_targets": ["query health", "migration drift", "restore evidence"]
},
{
"canonical_id": "data:ewoooc:pchome-sales",
"asset_type": "business_dataset",
"owner_lane": "sales-data",
"source_truth": "PostgreSQL sales tables plus import receipts",
"runtime_identity": "daily and monthly PChome sales records",
"signal_freshness": {"source": "import job receipt", "runtime_target": "latest business date", "max_age_minutes": 180},
"policy": ["real data only", "Taipei time", "no mock values"],
"executor": "Google Drive/import services",
"verifier": "row count, business date and duplicate checks",
"backup_restore": "database backup and source file replay",
"learning_targets": ["import errors", "freshness drift"]
},
{
"canonical_id": "data:ewoooc:market-intelligence",
"asset_type": "business_dataset",
"owner_lane": "market-intelligence",
"source_truth": "source receipts, external_offers and guarded candidate artifacts",
"runtime_identity": "market intel tables and receipt artifacts",
"signal_freshness": {"source": "source receipt", "runtime_target": "offer freshness", "max_age_minutes": 1440},
"policy": ["provenance required", "PromotionGate", "no visual-only price write"],
"executor": "market intel controlled apply lanes",
"verifier": "identity matcher, PromotionGate and post-write readback",
"backup_restore": "database backup and replayable evidence artifacts",
"learning_targets": ["matcher quality", "false positive", "source barrier"]
},
{
"canonical_id": "integration:ewoooc:google-drive-import",
"asset_type": "external_integration",
"owner_lane": "sales-data",
"source_truth": "Google Drive auth and import receipts",
"runtime_identity": "auto_import service",
"signal_freshness": {"source": "auth readiness", "runtime_target": "latest import job", "max_age_minutes": 180},
"policy": ["authenticated operator surface", "no credential exposure"],
"executor": "services.google_drive_service",
"verifier": "job status and database readback",
"backup_restore": "replay source file without duplicate write",
"learning_targets": ["auth expiry", "import parser failure"]
},
{
"canonical_id": "integration:ewoooc:telegram-webhook",
"asset_type": "webhook",
"owner_lane": "notification-security",
"source_truth": "Telegram webhook configuration and request receipts",
"runtime_identity": "/bot/telegram/webhook",
"signal_freshness": {"source": "webhook info", "runtime_target": "secret verification", "max_age_minutes": 60},
"policy": ["secret token required target", "authorized user and group checks"],
"executor": "OpenClaw Telegram webhook",
"verifier": "invalid-secret rejection plus authorized callback canary",
"backup_restore": "restore prior webhook URL and replay no pending updates",
"learning_targets": ["auth failures", "duplicate updates"]
},
{
"canonical_id": "ai:ewoooc:ollama-router",
"asset_type": "ai_runtime",
"owner_lane": "ai-platform",
"source_truth": "Ollama route and call receipts",
"runtime_identity": "GCP-A -> GCP-B -> 111",
"signal_freshness": {"source": "host probe", "runtime_target": "approved model route", "max_age_minutes": 20},
"policy": ["Ollama-first", "Gemini hard-disabled default", "188 forbidden"],
"executor": "services.ollama_service",
"verifier": "model route readback and fallback receipt",
"backup_restore": "bounded fallback chain",
"learning_targets": ["latency", "model error", "fallback rate"]
},
{
"canonical_id": "ai:ewoooc:mcp-router",
"asset_type": "mcp_control_plane",
"owner_lane": "ai-platform",
"source_truth": "MCP registry plus live server health",
"runtime_identity": "services.mcp_router and ports 3001-3004",
"signal_freshness": {"source": "MCP smoke", "runtime_target": "tool server health", "max_age_minutes": 15},
"policy": ["known caller/tool allowlist", "Postgres/filesystem read-only"],
"executor": "services.mcp_router",
"verifier": "live health, call receipt and boundary tests",
"backup_restore": "disable router and fall back to approved static/Ollama path",
"learning_targets": ["tool success", "cache hit", "policy rejection"]
},
{
"canonical_id": "ai:ewoooc:rag-service",
"asset_type": "rag_control_plane",
"owner_lane": "ai-platform",
"source_truth": "pgvector records and RAG query receipts",
"runtime_identity": "services.rag_service",
"signal_freshness": {"source": "RAG smoke", "runtime_target": "query/feedback logs", "max_age_minutes": 30},
"policy": ["pgvector only", "BGE-M3 signature", "PromotionGate"],
"executor": "services.rag_service",
"verifier": "candidate canary, signature and retrieval quality checks",
"backup_restore": "disable retrieval and preserve structured DB truth",
"learning_targets": ["hit rate", "feedback", "recurrence"]
},
{
"canonical_id": "ai:ewoooc:pixelrag",
"asset_type": "visual_evidence_pipeline",
"owner_lane": "market-intelligence",
"source_truth": "screenshot, tile and replay receipts",
"runtime_identity": "PixelRAG artifact lanes for 8 marketplaces",
"signal_freshness": {"source": "artifact receipt", "runtime_target": "capture/replay readback", "max_age_minutes": 1440},
"policy": ["public evidence only", "blocked page is not product data", "no direct price write"],
"executor": "PixelRAG capture and Ollama VLM workers",
"verifier": "identity, PromotionGate, embedding signature and RAG canary",
"backup_restore": "immutable artifact receipts and no-write terminal",
"learning_targets": ["capture quality", "VLM confidence", "platform barrier"]
},
{
"canonical_id": "observability:ewoooc:security-runtime",
"asset_type": "logs_metrics_traces_alerts",
"owner_lane": "observability",
"source_truth": "Prometheus, Grafana, logs, alerts, security runtime receipt and Telegram receipts",
"runtime_identity": "/metrics plus AI automation smoke",
"signal_freshness": {"source": "scrape and alert receipt", "runtime_target": "security/governance families", "max_age_minutes": 15},
"policy": ["no public operational logs", "lifecycle receipts", "freshness SLO"],
"executor": "Prometheus/Blackbox/EventRouter",
"verifier": "alert-chain and dashboard readback",
"backup_restore": "metrics retention and durable incident receipts",
"learning_targets": ["MTTA", "MTTR", "false positive", "rollback rate"]
},
{
"canonical_id": "backup:ewoooc:database-artifacts",
"asset_type": "backup_restore",
"owner_lane": "resilience",
"source_truth": "backup checksum and restore drill receipts",
"runtime_identity": "database and artifact backup lanes",
"signal_freshness": {"source": "backup receipt", "runtime_target": "latest successful restore drill", "max_age_minutes": 10080},
"policy": ["checksum required", "offsite required", "restore drill required"],
"executor": "backup services and controlled restore workflow",
"verifier": "independent checksum plus isolated restore query",
"backup_restore": "this asset owns the recovery evidence itself",
"learning_targets": ["RPO", "RTO", "restore failure"]
},
{
"canonical_id": "supply-chain:ewoooc:python-container",
"asset_type": "packages_images_sbom",
"owner_lane": "software-supply-chain",
"source_truth": "requirements, .dockerignore, source receipt, image digest, SBOM and vulnerability receipts",
"runtime_identity": "EwoooC Python 3.11 container image",
"signal_freshness": {"source": "CD security gate", "runtime_target": "deployed image digest", "max_age_minutes": 1440},
"policy": ["Gitea/internal sources", "secret-safe Docker context", "exact dependency lock target", "no GitHub action dependency"],
"executor": "Gitea CD build lane",
"verifier": "SAST, SCA, secret scan, SBOM and provenance checks",
"backup_restore": "known-good immutable image digest",
"learning_targets": ["CVE age", "dependency drift", "build provenance"]
},
{
"canonical_id": "quality:ewoooc:test-control-plane",
"asset_type": "test_and_release_evidence",
"owner_lane": "quality-governance",
"source_truth": "pytest collection, deterministic release suite and runtime canary receipts",
"runtime_identity": "Gitea release gate plus scheduled nightly and production smoke lanes",
"signal_freshness": {"source": "governance/security_governance_review_baseline.json", "runtime_target": "latest Gitea and production verifier receipts", "max_age_minutes": 1440},
"policy": ["release tests deterministic", "nightly integration separated", "production canary read-only first"],
"executor": "pytest and Gitea Actions",
"verifier": "collection gate, focused security suites and post-deploy smoke",
"backup_restore": "Gitea test source plus immutable test result receipt",
"learning_targets": ["flake rate", "failure age", "collection drift", "runtime escape rate"]
},
{
"canonical_id": "surface:ewoooc:primary-ui-api",
"asset_type": "product_surface",
"owner_lane": "product-experience",
"source_truth": "Flask route map, templates and production visual readback",
"runtime_identity": "primary desktop and mobile user workflows",
"signal_freshness": {"source": "sitewide visual QA", "runtime_target": "desktop/mobile screenshots", "max_age_minutes": 1440},
"policy": ["Traditional Chinese", "progressive disclosure", "authenticated operator surfaces", "no text walls"],
"executor": "Flask/Jinja frontend",
"verifier": "route, accessibility, responsive and visual smoke",
"backup_restore": "Gitea commit and frontend asset rollback",
"learning_targets": ["task completion", "error state", "text density"]
}
],
"reconciliation": {
"status": "partial",
"source_inventory_complete": true,
"runtime_receipts_complete": false,
"next_machine_action": "probe_all_assets_and_write_same-run_reconciliation_receipt"
}
}