{ "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "boundaries": { "action_buttons_allowed": false, "active_scan_authorized": false, "firewall_change_authorized": false, "host_restart_authorized": false, "live_firewall_read_authorized": false, "network_policy_apply_authorized": false, "nodeport_change_authorized": false, "not_authorization": true, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "route_smoke_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "wireguard_change_authorized": false }, "generated_at": "2026-06-15T19:16:00+08:00", "git_commit": "3d0c3cc8", "outcome_lanes": [ { "lane_id": "waiting_post_incident_readback", "meaning": "尚未收到事故回讀包;所有 accepted / runtime count 維持 0。" }, { "lane_id": "request_actor_supplement", "meaning": "缺 actor / owner / decision 時要求補件。" }, { "lane_id": "request_before_after_supplement", "meaning": "缺 before / after 或 restoration evidence 時要求補件。" }, { "lane_id": "request_health_impact_supplement", "meaning": "缺 service / AI provider / monitoring / product impact 時要求補件。" }, { "lane_id": "quarantine_raw_payload", "meaning": "收到 raw firewall dump、secret 或 key material 時只能隔離。" }, { "lane_id": "reject_unattributed_incident", "meaning": "無 actor、無 affected scope、無 rollback 或無 notification 的事故回讀不得驗收。" }, { "lane_id": "ready_for_post_incident_review", "meaning": "metadata 合格後,只能進 reviewer review。" }, { "lane_id": "incident_readback_only_update", "meaning": "只允許更新只讀 ledger,不得反向視為已批准操作。" }, { "lane_id": "recurrence_guard_backfill_required", "meaning": "需補防再發 guard、owner review 與 change freeze。" }, { "lane_id": "waiting_runtime_gate", "meaning": "即使 readback accepted,runtime gate 仍需獨立人工批准。" } ], "readback_candidates": [ { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "ssh_target_inventory", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "110_111_112_120_121_188", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:ansible_inventory_ssh_targets", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:ansible_inventory_ssh_targets", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "ansible_inventory_ssh_targets", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "ci_deploy_ssh", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "k8s_ssh_host", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:gitea_cd_deploy_ssh", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:gitea_cd_deploy_ssh", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "gitea_cd_deploy_ssh", "wireguard_change_authorized": false, "write_capable_surface": true }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "ci_deploy_ssh", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "192.168.0.120", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:gitea_cd_dev_ssh", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:gitea_cd_dev_ssh", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "gitea_cd_dev_ssh", "wireguard_change_authorized": false, "write_capable_surface": true }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "ci_deploy_ssh", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "192.168.0.110", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:deploy_alerts_ssh_path", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:deploy_alerts_ssh_path", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "deploy_alerts_ssh_path", "wireguard_change_authorized": false, "write_capable_surface": true }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "ssh_discovery_script", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "110_188_docker_hosts", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:monitoring_discover_docker_ssh", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:monitoring_discover_docker_ssh", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "monitoring_discover_docker_ssh", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "monitoring_ssh_deploy_script", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "192.168.0.188", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:monitoring_exporter_deploy_ssh", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:monitoring_exporter_deploy_ssh", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "monitoring_exporter_deploy_ssh", "wireguard_change_authorized": false, "write_capable_surface": true }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "ssh_backup_capture", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "110_188_120_121_cluster", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:backup_config_ssh_capture", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:backup_config_ssh_capture", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "backup_config_ssh_capture", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "sudoers_policy", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "host_ops_minimal_sudo", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:host_ops_sudoers_wrapper", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:host_ops_sudoers_wrapper", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "host_ops_sudoers_wrapper", "wireguard_change_authorized": false, "write_capable_surface": true }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "k8s_network_policy", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "awoooi_prod_namespace", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": true, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:k8s_prod_network_policy", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:k8s_prod_network_policy", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "k8s_prod_network_policy", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "k8s_network_policy", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "argocd_namespace", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": true, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:argocd_metrics_network_policy", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:argocd_metrics_network_policy", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "argocd_metrics_network_policy", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "k8s_nodeport_service", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "argocd_nodeport_30882_30883", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": true, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:argocd_metrics_nodeport", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:argocd_metrics_nodeport", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "argocd_metrics_nodeport", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "k8s_nodeport_service", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "velero_nodeport_30885", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": true, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:velero_metrics_nodeport", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:velero_metrics_nodeport", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "velero_metrics_nodeport", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "wireguard_runbook", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "110_111_120_121_gcp_a_gcp_b", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": true, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:wireguard_mesh_runbook", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:wireguard_mesh_runbook", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "wireguard_mesh_runbook", "wireguard_change_authorized": false, "write_capable_surface": false }, { "action_buttons_allowed": false, "active_scan_authorized": false, "actor_attribution_accepted": false, "actor_attribution_ref": null, "affected_port_or_policy_ref": null, "after_state_ref": null, "ai_provider_impact_accepted": false, "ai_provider_impact_ref": null, "before_after_state_accepted": false, "before_state_ref": null, "blocked_actions": [ "ssh_read", "ssh_write", "live_firewall_read", "firewall_change", "port_change", "port_close", "port_open", "network_policy_apply", "nodeport_change", "wireguard_change", "sudo_action", "deploy_ssh_action", "route_smoke", "public_gateway_reload", "nginx_reload", "host_restart", "docker_restart", "systemd_restart", "secret_value_collection", "ssh_key_collection", "raw_firewall_dump_storage", "raw_key_material_storage", "mark_readback_accepted_without_reviewer_record", "mark_incident_resolved_without_postcheck", "hide_cross_project_impact", "treat_route_200_as_all_green", "treat_break_glass_as_approval", "close_management_port_without_owner", "open_runtime_gate", "add_action_button", "production_write", "active_scan", "provider_switch", "prompt_send" ], "change_or_incident_ref": null, "change_window_ref": null, "config_kind": "alert_ssh_action_rules", "control_tier": "C1", "cross_project_sync_accepted": false, "cross_project_sync_ref": null, "customer_or_product_impact_ref": null, "expected_scope": "ssh_mcp_action_catalog", "firewall_change_authorized": false, "followup_owner": "pending_post_incident_readback", "host_restart_authorized": false, "incident_detected_at_ref": null, "live_firewall_read_authorized": false, "maintenance_window": "pending_post_incident_readback", "maintenance_window_accepted": false, "monitoring_alert_impact_accepted": false, "monitoring_alert_impact_ref": null, "network_policy_apply_authorized": false, "no_false_green_accepted": false, "nodeport_change_authorized": false, "not_approval": true, "operator_notification_accepted": false, "operator_notification_ref": null, "outcome_lanes": [ "waiting_post_incident_readback", "request_actor_supplement", "request_before_after_supplement", "request_health_impact_supplement", "quarantine_raw_payload", "reject_unattributed_incident", "ready_for_post_incident_review", "incident_readback_only_update", "recurrence_guard_backfill_required", "waiting_runtime_gate" ], "policy_or_exposure_surface": false, "port_change_authorized": false, "port_close_authorized": false, "port_open_authorized": false, "post_incident_readback_accepted": false, "post_incident_readback_received": false, "postcheck_readback_accepted": false, "postcheck_readback_ref": null, "production_write_authorized": false, "prompt_send_authorized": false, "provider_switch_authorized": false, "public_route_impact_accepted": false, "public_route_impact_ref": null, "readback_candidate_id": "ssh_network_post_incident_readback:alert_rules_ssh_actions", "readback_fields": [ "readback_candidate_id", "source_change_evidence_candidate_id", "surface_id", "config_kind", "control_tier", "expected_scope", "write_capable_surface", "policy_or_exposure_surface", "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "reviewer_outcome", "followup_owner", "not_approval" ], "recurrence_guard_accepted": false, "recurrence_guard_ref": null, "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "restoration_evidence_accepted": false, "restoration_evidence_ref": null, "reviewer_checks": [ "source_change_evidence_current", "incident_ref_present", "actor_not_anonymous", "before_after_state_present", "port_policy_redacted", "service_dependency_present", "public_route_impact_present", "ai_provider_impact_present", "monitoring_alert_impact_present", "customer_product_impact_present", "operator_notification_present", "cross_project_sync_present", "restoration_evidence_present", "postcheck_independent", "recurrence_guard_present", "emergency_classification_present", "maintenance_window_present", "rollback_owner_present", "no_false_green_route_200", "raw_firewall_dump_absent", "secret_or_key_value_absent", "hidden_impact_absent", "counts_transition_safe", "runtime_stays_zero" ], "reviewer_outcome": "waiting_post_incident_readback", "rollback_owner": "pending_post_incident_readback", "rollback_owner_accepted": false, "route_smoke_authorized": false, "runtime_gate": false, "secret_value_collection_allowed": false, "service_dependency_accepted": false, "service_dependency_ref": null, "source_change_evidence_candidate_id": "port_firewall_change_evidence:alert_rules_ssh_actions", "ssh_read_authorized": false, "ssh_write_authorized": false, "status": "waiting_post_incident_readback", "surface_id": "alert_rules_ssh_actions", "wireguard_change_authorized": false, "write_capable_surface": true } ], "required_readback_fields": [ "change_or_incident_ref", "actor_attribution_ref", "incident_detected_at_ref", "change_window_ref", "affected_port_or_policy_ref", "before_state_ref", "after_state_ref", "service_dependency_ref", "public_route_impact_ref", "ai_provider_impact_ref", "monitoring_alert_impact_ref", "customer_or_product_impact_ref", "operator_notification_ref", "cross_project_sync_ref", "restoration_evidence_ref", "postcheck_readback_ref", "recurrence_guard_ref", "maintenance_window", "rollback_owner", "followup_owner", "redacted_evidence_refs", "no_secret_value_attestation", "no_raw_firewall_dump_attestation", "no_false_green_attestation" ], "reviewer_checks": [ { "check_id": "source_change_evidence_current", "instruction": "來源 change evidence snapshot 必須是目前版本。" }, { "check_id": "incident_ref_present", "instruction": "必須有可追溯 incident / change ref。" }, { "check_id": "actor_not_anonymous", "instruction": "必須標示 actor role / team,不接受匿名端口關閉。" }, { "check_id": "before_after_state_present", "instruction": "必須有變更前與恢復後狀態 ref。" }, { "check_id": "port_policy_redacted", "instruction": "端口、policy、host 只收脫敏 ref 或 alias,不保存 raw dump。" }, { "check_id": "service_dependency_present", "instruction": "必須列出受影響服務、agent、public route、monitoring 或 deploy path。" }, { "check_id": "public_route_impact_present", "instruction": "必須列出 public route / admin route / callback 影響 ref。" }, { "check_id": "ai_provider_impact_present", "instruction": "若影響 Ollama / provider health,需列出脫敏 impact ref。" }, { "check_id": "monitoring_alert_impact_present", "instruction": "必須列出 alert / SRE / dashboard 影響與 false-green 風險。" }, { "check_id": "customer_product_impact_present", "instruction": "需標示產品或使用者影響,不得只寫已恢復。" }, { "check_id": "operator_notification_present", "instruction": "必須有受影響 owner / Session / product 的通知 ref。" }, { "check_id": "cross_project_sync_present", "instruction": "跨專案同步 ref 必須存在,避免單點修改。" }, { "check_id": "restoration_evidence_present", "instruction": "必須有恢復時間與恢復證據 ref。" }, { "check_id": "postcheck_independent", "instruction": "post-check 需獨立於原操作人與 UI 卡片。" }, { "check_id": "recurrence_guard_present", "instruction": "必須提出防再發 guard、change freeze 或 owner review。" }, { "check_id": "emergency_classification_present", "instruction": "緊急破窗需標示分類與事後補件責任。" }, { "check_id": "maintenance_window_present", "instruction": "後續任何 port / firewall 操作都需維護窗口。" }, { "check_id": "rollback_owner_present", "instruction": "rollback owner 與回復 plan 必須同時存在。" }, { "check_id": "no_false_green_route_200", "instruction": "不得只用 route 200 / service up 當成事故已驗收。" }, { "check_id": "raw_firewall_dump_absent", "instruction": "不得保存 raw firewall dump、raw iptables、raw nftables 或 raw ACL。" }, { "check_id": "secret_or_key_value_absent", "instruction": "不得包含 secret、SSH key、token、cookie、私鑰或 partial secret。" }, { "check_id": "hidden_impact_absent", "instruction": "不得隱藏 AI provider、registry、monitoring、deploy 或 product route 影響。" }, { "check_id": "counts_transition_safe", "instruction": "只有 reviewer record 能更新 accepted count,且不得同時開 runtime gate。" }, { "check_id": "runtime_stays_zero", "instruction": "readback plan 不得觸發任何 SSH、firewall、route smoke、restart 或 production write。" } ], "schema_version": "ssh_network_post_incident_readback_plan_v1", "source_paths": [ "docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md", "docs/security/port-firewall-change-evidence-acceptance.snapshot.json", "docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md", "docs/security/ssh-network-owner-response-acceptance.snapshot.json" ], "source_schema_version": "port_firewall_change_evidence_acceptance_v1", "source_status": "change_evidence_acceptance_ready_no_runtime_action", "status": "post_incident_readback_plan_ready_no_runtime_action", "summary": { "action_button_count": 0, "actor_attribution_accepted_count": 0, "ai_provider_impact_accepted_count": 0, "before_after_state_accepted_count": 0, "blocked_action_count": 34, "coverage_percent_after_readback_plan": 64, "cross_project_sync_accepted_count": 0, "cross_project_sync_required_candidate_count": 14, "health_impact_review_required_candidate_count": 14, "monitoring_alert_impact_accepted_count": 0, "no_false_green_accepted_count": 0, "operator_notification_accepted_count": 0, "outcome_lane_count": 10, "policy_or_exposure_readback_candidate_count": 5, "post_incident_readback_accepted_count": 0, "post_incident_readback_received_count": 0, "postcheck_readback_accepted_count": 0, "public_route_impact_accepted_count": 0, "readback_candidate_count": 14, "readback_field_count": 30, "recurrence_guard_accepted_count": 0, "recurrence_guard_required_candidate_count": 14, "required_readback_field_count": 24, "restoration_evidence_accepted_count": 0, "reviewer_check_count": 24, "runtime_gate_count": 0, "service_dependency_accepted_count": 0, "write_capable_readback_candidate_count": 6 } }