{ "acceptance_candidates": [ { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:ansible_inventory_ssh_targets", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.110", "192.168.0.111", "192.168.0.112", "192.168.0.120", "192.168.0.121", "192.168.0.188" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ssh_target_inventory", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "110_111_112_120_121_188", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:ansible_inventory_ssh_targets", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "ansible_inventory_ssh_targets", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:ansible_common_ssh_args", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "StrictHostKeyChecking=accept-new", "ConnectTimeout=10" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ssh_client_policy", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "multi_host", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:ansible_common_ssh_args", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "ansible_common_ssh_args", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:gitea_cd_known_hosts_secret", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.110", "192.168.0.120", "192.168.0.121", "192.168.0.188" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "known_hosts_secret_workflow", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "110_120_121_188_known_hosts", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:gitea_cd_known_hosts_secret", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "gitea_cd_known_hosts_secret", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:gitea_cd_deploy_ssh", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "K8S_SSH_HOST", "deploy_key", "kubectl apply", "ArgoCD sync" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ci_deploy_ssh", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "k8s_ssh_host", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:gitea_cd_deploy_ssh", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "gitea_cd_deploy_ssh", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": true }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:gitea_cd_dev_ssh", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.120", "deploy_key", "kubectl apply" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ci_deploy_ssh", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "192.168.0.120", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:gitea_cd_dev_ssh", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "gitea_cd_dev_ssh", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": true }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:deploy_alerts_ssh_path", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.110", "deploy alert scripts" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ci_deploy_ssh", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "192.168.0.110", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:deploy_alerts_ssh_path", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "deploy_alerts_ssh_path", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": true }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:monitoring_discover_docker_ssh", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.110", "192.168.0.188", "docker ps" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ssh_discovery_script", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "110_188_docker_hosts", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:monitoring_discover_docker_ssh", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "monitoring_discover_docker_ssh", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:monitoring_exporter_deploy_ssh", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.188", "scp", "docker compose up -d" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "monitoring_ssh_deploy_script", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "192.168.0.188", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:monitoring_exporter_deploy_ssh", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "monitoring_exporter_deploy_ssh", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": true }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:backup_config_ssh_capture", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "/etc/ssh", "/etc/nginx", "systemd", "docker", "k8s" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "ssh_backup_capture", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "110_188_120_121_cluster", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:backup_config_ssh_capture", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "backup_config_ssh_capture", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:host_ops_sudoers_wrapper", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "awoooi-hosts-add", "docker kill SIGHUP", "promtool", "amtool" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "sudoers_policy", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "host_ops_minimal_sudo", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:host_ops_sudoers_wrapper", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "host_ops_sudoers_wrapper", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": true }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:k8s_prod_network_policy", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "default deny", "ingress", "egress", "SSH egress", "Ollama", "monitoring" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "k8s_network_policy", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "awoooi_prod_namespace", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:k8s_prod_network_policy", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "k8s_prod_network_policy", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:argocd_metrics_network_policy", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "192.168.0.188", "argocd metrics", "192.168.0.0/24 UI" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "k8s_network_policy", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "argocd_namespace", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:argocd_metrics_network_policy", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "argocd_metrics_network_policy", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:argocd_metrics_nodeport", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "nodePort 30882", "nodePort 30883" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "k8s_nodeport_service", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "argocd_nodeport_30882_30883", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:argocd_metrics_nodeport", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "argocd_metrics_nodeport", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:velero_metrics_nodeport", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "nodePort 30885", "backup metrics" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "k8s_nodeport_service", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "velero_nodeport_30885", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:velero_metrics_nodeport", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "velero_metrics_nodeport", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:wireguard_mesh_runbook", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "10.77.114.0/24", "51820/udp", "GCP-A", "GCP-B" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "wireguard_runbook", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "110_111_120_121_gcp_a_gcp_b", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:wireguard_mesh_runbook", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "wireguard_mesh_runbook", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": false }, { "acceptance_candidate_id": "ssh_network_owner_response_acceptance:alert_rules_ssh_actions", "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "access_scope": [ "ssh_diagnose", "docker restart", "systemctl restart", "docker compose", "docker prune" ], "action_buttons_allowed": false, "active_scan_authorized": false, "affected_scope": "pending_owner_response", "allowed_source_cidrs_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "break_glass_owner": "pending_owner_response", "change_freeze_rule": "pending_owner_response", "config_kind": "alert_ssh_action_rules", "control_tier": "C1", "decision": "pending_owner_response", "decision_reason": "pending_owner_response", "deploy_ssh_action_authorized": false, "expected_scope": "ssh_mcp_action_catalog", "firewall_change_authorized": false, "firewall_owner": "pending_owner_response", "firewall_owner_accepted": false, "followup_owner": "pending_owner_response", "host_key_pinning_accepted": false, "host_key_pinning_ref": null, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_access_state_ref": null, "live_evidence_received": false, "maintenance_window": "pending_owner_response", "maintenance_window_accepted": false, "network_policy_apply_authorized": false, "network_policy_diff_accepted": false, "network_policy_diff_ref": null, "nodeport_change_authorized": false, "nodeport_exposure_accepted": false, "nodeport_exposure_ref": null, "not_approval": true, "outcome_lanes": [ "waiting_owner_response", "quarantine_raw_payload", "reject_secret_or_key_value", "request_supplement", "ready_for_network_review", "owner_review_only_update", "waiting_runtime_gate" ], "owner_response_accepted": false, "owner_response_quarantined": false, "owner_response_received": false, "owner_response_ref": null, "owner_response_rejected": false, "owner_role_or_team": "pending_owner_response", "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "port_policy_accepted": false, "port_policy_ref": null, "recipient_confirmed": false, "redacted_evidence_refs": [], "request_id": "ssh_network_owner_request:alert_rules_ssh_actions", "request_sent": false, "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ "owner_identity_present", "decision_reason_present", "affected_scope_matches_surface", "redacted_refs_only", "secret_or_key_value_absent", "live_access_state_metadata_only", "allowed_source_cidr_metadata_only", "host_key_pinning_shape", "port_impact_review", "firewall_owner_present", "network_policy_nodeport_review", "wireguard_cutover_separate_gate", "maintenance_window_present", "rollback_validation_present", "counts_transition_safe" ], "reviewer_outcome": "waiting_owner_response", "rollback_owner": "pending_owner_response", "rollback_owner_accepted": false, "runtime_gate": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_owner_response", "sudo_action_authorized": false, "supplement_requested": false, "surface_id": "alert_rules_ssh_actions", "validation_plan": "pending_owner_response", "validation_plan_accepted": false, "wireguard_change_authorized": false, "wireguard_cutover_accepted": false, "write_capable_surface": true } ], "acceptance_fields": [ "acceptance_candidate_id", "request_id", "surface_id", "config_kind", "expected_scope", "access_scope", "control_tier", "write_capable_surface", "owner_response_ref", "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "host_key_pinning_ref", "port_policy_ref", "network_policy_diff_ref", "nodeport_exposure_ref", "firewall_owner", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "reviewer_outcome", "followup_owner", "not_approval" ], "blocked_actions": [ "ssh_read", "ssh_write", "host_keyscan", "known_hosts_patch", "firewall_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "secret_value_collection", "ssh_key_collection", "active_scan", "runtime_gate_open", "live_firewall_read", "live_sudoers_read", "raw_key_material_storage", "raw_firewall_dump_storage", "mark_owner_response_accepted_without_reviewer_record", "add_action_button" ], "execution_boundaries": { "action_buttons_allowed": false, "active_scan_authorized": false, "deploy_ssh_action_authorized": false, "firewall_change_authorized": false, "host_keyscan_authorized": false, "host_write_authorized": false, "known_hosts_patch_authorized": false, "live_evidence_received": false, "live_host_read_authorized": false, "network_policy_apply_authorized": false, "nodeport_change_authorized": false, "not_authorization": true, "owner_response_accepted": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "request_dispatch_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "ssh_key_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "sudo_action_authorized": false, "wireguard_change_authorized": false }, "generated_at": "2026-06-15T01:18:00+08:00", "git_commit": "1d0de1d4", "next_steps": [ "等待 owner response;未收到前不得更新 accepted count。", "收到回覆後先走 raw payload / secret / key material / scope / CIDR / port impact / rollback 檢查,不合格即隔離、拒收或補件。", "metadata 合格也只能進 network / firewall reviewer review;SSH、keyscan、known_hosts patch、firewall、port、NetworkPolicy、NodePort 與 WireGuard 仍需獨立人工批准。" ], "outcome_lanes": [ { "lane_id": "waiting_owner_response", "meaning": "尚未收到 owner response;所有 accepted / runtime count 維持 0。" }, { "lane_id": "quarantine_raw_payload", "meaning": "收到 raw firewall dump、SSH key、private key、token 或不可保存內容時只能隔離。" }, { "lane_id": "reject_secret_or_key_value", "meaning": "出現 secret value、key material、credential derivative 或未脫敏 payload 時直接拒收。" }, { "lane_id": "request_supplement", "meaning": "欄位不足、scope 不清、CIDR / owner / rollback / validation 缺失時要求補件。" }, { "lane_id": "ready_for_network_review", "meaning": "metadata 合格後,只能進 network / firewall reviewer review。" }, { "lane_id": "owner_review_only_update", "meaning": "只允許更新只讀 owner review ledger,不得改 port、firewall、known_hosts 或 policy。" }, { "lane_id": "waiting_runtime_gate", "meaning": "即使 owner response accepted,runtime gate 仍等待獨立人工批准。" } ], "required_owner_fields": [ "owner_role_or_team", "decision", "decision_reason", "affected_scope", "redacted_evidence_refs", "live_access_state_ref", "allowed_source_cidrs_ref", "maintenance_window", "rollback_owner", "validation_plan", "break_glass_owner", "change_freeze_rule", "followup_owner" ], "reviewer_checks": [ { "check_id": "owner_identity_present", "instruction": "owner role / team 必須可追溯。" }, { "check_id": "decision_reason_present", "instruction": "decision 與 decision reason 必須同時存在。" }, { "check_id": "affected_scope_matches_surface", "instruction": "affected scope 必須能對回 committed surface_id。" }, { "check_id": "redacted_refs_only", "instruction": "evidence 只能是脫敏 ref、hash、ticket、commit 或 artifact pointer。" }, { "check_id": "secret_or_key_value_absent", "instruction": "不得出現 private key、SSH key、token、password、cookie 或 partial secret。" }, { "check_id": "live_access_state_metadata_only", "instruction": "live access state 只能是 owner-provided metadata ref,不得貼 raw firewall dump。" }, { "check_id": "allowed_source_cidr_metadata_only", "instruction": "allowed source CIDR 只能是 policy ref 或脫敏摘要,不得暴露敏感來源明細。" }, { "check_id": "host_key_pinning_shape", "instruction": "known_hosts / host key pinning 只能收 fingerprint ref,不得自動 keyscan 或 patch。" }, { "check_id": "port_impact_review", "instruction": "port close / open 影響範圍必須列出 public route、admin route、agent、monitoring 與 rollback。" }, { "check_id": "firewall_owner_present", "instruction": "firewall owner、rollback owner 與 change freeze rule 必須存在。" }, { "check_id": "network_policy_nodeport_review", "instruction": "NetworkPolicy / NodePort 需有 exposure owner、source whitelist 與 route smoke plan。" }, { "check_id": "wireguard_cutover_separate_gate", "instruction": "WireGuard cutover 必須獨立維護窗口與 runtime gate,不得混入 owner acceptance。" }, { "check_id": "maintenance_window_present", "instruction": "任何未來端口、firewall、NodePort 或 WireGuard 變更都必須另有維護窗口。" }, { "check_id": "rollback_validation_present", "instruction": "rollback owner 與 validation plan 必須同時存在。" }, { "check_id": "counts_transition_safe", "instruction": "只有 reviewer record 可更新 received / accepted / rejected;不得同時開 runtime gate。" } ], "schema_version": "ssh_network_owner_response_acceptance_v1", "source_inventory_schema_version": "ssh_network_access_inventory_v1", "source_inventory_status": "repo_only_inventory_ready", "source_owner_request_schema_version": "ssh_network_owner_request_draft_v1", "source_owner_request_status": "owner_request_draft_ready_not_dispatched", "status": "owner_response_acceptance_ledger_ready_no_runtime_action", "summary": { "acceptance_candidate_count": 16, "acceptance_field_count": 29, "action_button_count": 0, "active_scan_authorized_count": 0, "blocked_action_count": 22, "deploy_ssh_action_authorized_count": 0, "firewall_change_authorized_count": 0, "firewall_owner_accepted_count": 0, "host_key_pinning_accepted_count": 0, "host_keyscan_authorized_count": 0, "host_write_authorized_count": 0, "known_hosts_patch_authorized_count": 0, "live_evidence_received_count": 0, "live_evidence_required_candidate_count": 16, "maintenance_window_accepted_count": 0, "network_policy_apply_authorized_count": 0, "network_policy_diff_accepted_count": 0, "nodeport_change_authorized_count": 0, "nodeport_exposure_accepted_count": 0, "outcome_lane_count": 7, "owner_response_accepted_count": 0, "owner_response_quarantined_count": 0, "owner_response_received_count": 0, "owner_response_rejected_count": 0, "port_change_authorized_count": 0, "port_close_authorized_count": 0, "port_open_authorized_count": 0, "port_policy_accepted_count": 0, "recipient_confirmed_count": 0, "request_sent_count": 0, "required_owner_field_count": 13, "reviewer_check_count": 15, "rollback_owner_accepted_count": 0, "runtime_gate_count": 0, "secret_value_collection_allowed_count": 0, "source_request_draft_count": 16, "source_surface_count": 16, "ssh_key_collection_allowed_count": 0, "ssh_read_authorized_count": 0, "ssh_write_authorized_count": 0, "sudo_action_authorized_count": 0, "supplement_requested_count": 0, "validation_plan_accepted_count": 0, "wireguard_change_authorized_count": 0, "wireguard_cutover_accepted_count": 0, "write_capable_acceptance_candidate_count": 6 } }