# IwoooS Backup / Restore / Escrow Owner Request Draft | 項目 | 內容 | |------|------| | 日期 | 2026-06-14 | | 狀態 | `owner_request_draft_ready_not_dispatched` | | 工具 | `scripts/security/backup-restore-owner-request-draft.py` | | Snapshot | `docs/security/backup-restore-owner-request-draft.snapshot.json` | | Source inventory | `docs/security/backup-restore-escrow-inventory.snapshot.json` | | runtime gate | `0` | ## 1. 目的 本文件承接 Backup / Restore / Escrow / Retention repo-only 清冊,把 38 個 surface 轉成人工送件前 request draft。它讓備份總控、服務備份、Restic retention、offsite sync、credential escrow、Velero、restore drill、alert / health 與 DR 文件有一致的 owner 回覆欄位。 這不是 live backup truth、不是備份成功證明、不是 restore drill 授權、不是 offsite sync 授權、不是 credential escrow marker 可寫入,也不是 retention policy 可變更。 ## 2. 摘要 | 指標 | 目前值 | 說明 | |------|--------|------| | request draft | `38` | 每個 backup / restore / escrow surface 一份草稿 | | write-capable request draft | `27` | backup、restore、offsite、escrow、retention、Velero、health exporter 等可寫 / 可執行 surface | | live evidence required request | `38` | 全部都需 owner 提供非敏感 live evidence | | request field | `24` | 草稿欄位總數 | | required owner field | `14` | owner 必填欄位 | | blocked action | `18` | backup、restore、offsite sync、remote delete、marker write、retention、prune、rclone、Velero、kubectl、SSH、secret collection、runtime gate 等 | | request sent / recipient confirmed | `0 / 0` | 尚未送件 | | owner response received / accepted | `0 / 0` | 尚未收到或驗收 | | live evidence received | `0` | 不 SSH、不讀 offsite、不讀 live backup | | restore / offsite / escrow / retention accepted | `0 / 0 / 0 / 0` | 不得執行或標記完成 | | runtime gate / action button | `0 / 0` | 不提供操作入口 | ## 3. Request Draft 類型 | 類型 | 代表 request | 風險焦點 | |------|--------------|----------| | 備份總控 | `backup_restore_owner_request:backup_all_orchestrator` | 全服務備份、cron、失敗通知、restore drill owner | | 服務備份 | `backup_restore_owner_request:backup_awoooi_service_script`、`backup_restore_owner_request:backup_harbor_service_script` | DB / registry / route / trace data 的 freshness、restore target isolation、secret redaction | | Restic / retention | `backup_restore_owner_request:backup_common_restic_retention` | B2 / rclone owner、retention owner、prune window、no-secret-value evidence | | Offsite / escrow | `backup_restore_owner_request:offsite_sync_controller`、`backup_restore_owner_request:credential_escrow_marker` | remote delete、full sync window、escrow evidence id、marker write gate | | Velero | `backup_restore_owner_request:velero_restore_cronjob`、`backup_restore_owner_request:velero_credentials_manifest` | RBAC、MinIO endpoint、restore isolation、secret manager source | | Alert / health | `backup_restore_owner_request:backup_health_exporter`、`backup_restore_owner_request:backup_restore_alert_rules` | false-green metric、alert reload owner、freshness SLO | | DR / cold-start | `backup_restore_owner_request:cold_start_sop` | runbook freshness、restore observer、stop condition、rollback owner | ## 4. Owner 必填欄位 1. `owner_role_or_team` 2. `decision` 3. `decision_reason` 4. `affected_scope` 5. `redacted_evidence_refs` 6. `latest_backup_status_ref` 7. `restore_drill_plan` 8. `offsite_sync_evidence_ref` 9. `credential_escrow_evidence_ref` 10. `maintenance_window` 11. `rollback_owner` 12. `validation_plan` 13. `retention_owner` 14. `followup_owner` ## 5. 禁止動作 1. `backup_run` 2. `restore_run` 3. `restore_drill` 4. `offsite_sync` 5. `offsite_remote_delete` 6. `credential_escrow_marker_write` 7. `retention_change` 8. `restic_prune` 9. `rclone_config` 10. `velero_restore` 11. `velero_backup` 12. `kubectl_action` 13. `ssh_read` 14. `ssh_write` 15. `secret_value_collection` 16. `host_write` 17. `active_scan` 18. `runtime_gate_open` ## 6. 指令 產生 committed snapshot: ```bash python3 scripts/security/backup-restore-owner-request-draft.py \ --root . \ --inventory-report docs/security/backup-restore-escrow-inventory.snapshot.json \ --output docs/security/backup-restore-owner-request-draft.snapshot.json \ --generated-at 2026-06-14T23:05:00+08:00 ``` 驗證 guard: ```bash python3 scripts/security/security-mirror-progress-guard.py --root . ``` ## 7. 完成度 | 工作 | 完成度 | 說明 | |------|--------|------| | owner request draft artifact | `100%` | 38 份 request draft、snapshot、文件與 guard 已固定 | | request dispatch | `0%` | 尚未送件 | | owner response received / accepted | `0%` | 尚未收到,尚未驗收 | | live evidence collection | `0%` | 未 SSH、未讀 offsite、未讀 live backup | | backup / restore / offsite / escrow / retention gate | `0%` | 未授權且未執行 | | runtime gate / production write | `0%` | 未授權且未執行 |