{ "schema_version": "backup_notification_policy_v1", "generated_at": "2026-06-04T21:42:18+08:00", "source_readiness_matrix_ref": "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "source_refs": [ "docs/runbooks/BACKUP-STATUS.md", "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md", "scripts/backup/backup-status.sh", "scripts/ops/backup-alert-label-contract-check.py", "scripts/ops/backup-health-textfile-exporter.py" ], "program_status": { "overall_completion_percent": 100, "current_priority": "P1", "current_task_id": "P1-103", "next_task_id": "P1-104", "read_only_mode": true }, "rollups": { "total_rules": 8, "by_decision": { "suppress_immediate_success": 2, "escalate_immediate": 4, "create_action_required": 2 }, "immediate_escalation_rule_ids": [ "backup_warning_stale", "backup_failed", "offsite_verify_failure", "backup_status_core_blocker" ], "suppressed_success_rule_ids": [ "scheduled_backup_success", "offsite_sync_success" ] }, "notification_channels": [ { "channel_id": "awooop_operator_event", "purpose": "承載需要人工處理、incident 或批准證據的 operator-visible event。", "immediate_allowed": true, "success_immediate_allowed": false, "requires_operator_action": true }, { "channel_id": "telegram_ops", "purpose": "只承載 failure、warning 或 action-required 即時升級;正常成功不得即時送出。", "immediate_allowed": true, "success_immediate_allowed": false, "requires_operator_action": true }, { "channel_id": "prometheus_textfile", "purpose": "承載成功、失敗與新鮮度證據,供每日摘要與 alert rule 讀取。", "immediate_allowed": false, "success_immediate_allowed": false, "requires_operator_action": false }, { "channel_id": "daily_status_summary", "purpose": "每日 06:05 台北時間摘要成功狀態、警告、阻擋與下一步。", "immediate_allowed": false, "success_immediate_allowed": false, "requires_operator_action": false } ], "policy_rules": [ { "rule_id": "scheduled_backup_success", "event_kind": "backup_job_completed", "backup_state": "success", "severity": "info", "decision": "suppress_immediate_success", "channels": ["prometheus_textfile", "daily_status_summary"], "owner_agent": "hermes", "requires_incident": false, "requires_approval_record": false, "message_contract": "成功只寫入 metrics / textfile 與每日 06:05 摘要;不得送 Telegram / AwoooP 即時成功訊息。", "evidence_refs": ["docs/runbooks/BACKUP-STATUS.md"] }, { "rule_id": "offsite_sync_success", "event_kind": "offsite_verify_completed", "backup_state": "success", "severity": "info", "decision": "suppress_immediate_success", "channels": ["prometheus_textfile", "daily_status_summary"], "owner_agent": "hermes", "requires_incident": false, "requires_approval_record": false, "message_contract": "異地 verify 成功不即時洗版;只進 latest-only freshness 證據與每日摘要。", "evidence_refs": [ "docs/runbooks/BACKUP-STATUS.md", "scripts/backup/verify-offsite-full-sync.sh" ] }, { "rule_id": "backup_warning_stale", "event_kind": "backup_freshness_warning", "backup_state": "warning", "severity": "warning", "decision": "escalate_immediate", "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"], "owner_agent": "openclaw", "requires_incident": true, "requires_approval_record": false, "message_contract": "警告必須帶 target、freshness、last_success_at、evidence ref 與下一個 read-only check;不得夾帶 secret。", "evidence_refs": [ "docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-status.sh" ] }, { "rule_id": "backup_failed", "event_kind": "backup_job_failed", "backup_state": "failed", "severity": "critical", "decision": "escalate_immediate", "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"], "owner_agent": "openclaw", "requires_incident": true, "requires_approval_record": false, "message_contract": "失敗立即升級,必須包含 target、job、exit code、last success、log evidence ref 與人工處置入口。", "evidence_refs": [ "docs/runbooks/BACKUP-STATUS.md", "scripts/backup/backup-status.sh" ] }, { "rule_id": "offsite_verify_failure", "event_kind": "offsite_verify_failed", "backup_state": "failed", "severity": "critical", "decision": "escalate_immediate", "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"], "owner_agent": "openclaw", "requires_incident": true, "requires_approval_record": false, "message_contract": "異地 verify 失敗必須升級並保留 local / remote repo、latest-only 狀態與 retry 建議;不得自動 sync。", "evidence_refs": [ "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "scripts/backup/sync-offsite-backups.sh", "scripts/backup/verify-offsite-full-sync.sh" ] }, { "rule_id": "backup_status_core_blocker", "event_kind": "backup_core_blocker_detected", "backup_state": "action_required", "severity": "critical", "decision": "escalate_immediate", "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"], "owner_agent": "openclaw", "requires_incident": true, "requires_approval_record": true, "message_contract": "核心阻擋必須連到 incident / approval / evidence;Agent 不得自行 restore、prune、寫 marker 或改排程。", "evidence_refs": [ "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "docs/runbooks/BACKUP-STATUS.md" ] }, { "rule_id": "credential_escrow_missing_markers", "event_kind": "credential_escrow_gap", "backup_state": "blocked", "severity": "high", "decision": "create_action_required", "channels": ["awooop_operator_event", "daily_status_summary"], "owner_agent": "openclaw", "requires_incident": false, "requires_approval_record": true, "message_contract": "缺 escrow marker 必須維持 action-required;不得自動寫 marker、不得輸出 credential 或要求 Agent 讀 secret。", "evidence_refs": [ "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "scripts/backup/mark-credential-escrow-verified.sh", "scripts/backup/offsite-escrow-evidence-report.sh" ] }, { "rule_id": "metric_binding_gap", "event_kind": "backup_metric_binding_gap", "backup_state": "needs_metric_binding", "severity": "warning", "decision": "create_action_required", "channels": ["awooop_operator_event", "daily_status_summary"], "owner_agent": "hermes", "requires_incident": false, "requires_approval_record": false, "message_contract": "metric binding gap 只建立 action-required 與 UI 證據缺口;不得直接修改 Prometheus rule 或 exporter。", "evidence_refs": [ "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "scripts/ops/backup-alert-label-contract-check.py" ] } ], "daily_summary_contract": { "summary_time_taipei": "06:05", "success_immediate_notifications_allowed": false, "success_signal_sources": [ "Prometheus / node-exporter textfile metrics", "scripts/backup/backup-status.sh --no-notify", "Backup / DR readiness matrix" ], "failure_rows_require_action_refs": true, "mandatory_sections": [ "latest successful backup targets", "warning / failed targets", "blocked DR targets", "offsite latest-only verification", "credential escrow marker status", "next operator action" ] }, "agent_roles": [ { "agent_id": "openclaw", "role": "通知升級仲裁者,判斷 warning / failed / action-required 是否需要 incident、approval 與 operator action。", "allowed_actions": [ "只讀仲裁嚴重度", "要求 incident / approval evidence", "拒絕成功即時洗版" ], "blocked_actions": [ "未批准發送正式 Telegram 測試訊息", "未批准執行 restore 或 backup", "未批准寫 credential marker" ] }, { "agent_id": "hermes", "role": "整理 runbook、每日摘要、降噪政策與 UI 可讀文字。", "allowed_actions": [ "只讀整理通知政策", "彙整 daily summary 欄位", "標示 metric binding gap" ], "blocked_actions": [ "直接送出 Telegram / AwoooP 訊息", "直接改排程或 workflow", "直接修改 Prometheus rule" ] }, { "agent_id": "nemotron", "role": "可離線比較通知降噪 pattern 與摘要品質,但不是備份通知主控。", "allowed_actions": [ "使用 sanitized evidence 做離線比較", "提出摘要品質建議" ], "blocked_actions": [ "讀取 production secret", "送出通知", "觸發 backup / restore / offsite sync" ] } ], "operation_boundaries": { "read_only_policy_allowed": true, "notification_send_allowed": false, "backup_execution_allowed": false, "restore_execution_allowed": false, "offsite_sync_execution_allowed": false, "credential_marker_write_allowed": false, "schedule_change_allowed": false, "workflow_write_allowed": false, "telegram_test_message_allowed": false }, "approval_boundaries": { "sdk_installation_allowed": false, "paid_api_call_allowed": false, "shadow_or_canary_allowed": false, "production_routing_allowed": false, "destructive_operation_allowed": false } }