{ "backup_surfaces": [ { "action_buttons_allowed": false, "backup_scope": [ "gitea", "momo", "harbor", "awoooi", "langfuse", "monitoring", "signoz", "open-webui", "clawbot" ], "config_kind": "backup_orchestrator", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "write_capable_orchestrator_visible_not_executed", "expected_scope": "110_backup_host_all_services", "label": "全服務備份總控", "line_count": 126, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 backup owner、cron owner、失敗通知 owner、restore drill owner、rollback owner 與 post-check 指標。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "33f6070bd3733fc59e7b661de44587b7d6a336500765667405e11fbffe2f4489", "source_exists": true, "source_path": "scripts/backup/backup-all.sh", "surface_id": "backup_all_orchestrator" }, { "action_buttons_allowed": false, "backup_scope": [ "RESTIC_PASSWORD_FILE", "B2 metadata", "KEEP_DAILY=30", "KEEP_WEEKLY=12", "KEEP_MONTHLY=24" ], "config_kind": "backup_common_policy", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "retention_and_credential_metadata_visible_secret_values_absent", "expected_scope": "restic_password_b2_retention_common", "label": "Restic 共用設定與 GFS retention", "line_count": 147, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 restic password owner、B2 / rclone owner、retention owner、prune window 與 no-secret-value evidence。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "00139e1eac8998b1e0cb09d7692882267d8cc72a6c57c04a732e155932ad22d1", "source_exists": true, "source_path": "scripts/backup/common.sh", "surface_id": "backup_common_restic_retention" }, { "action_buttons_allowed": false, "backup_scope": [ "Gitea DB", "repositories", "app.ini redaction boundary" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "gitea_database_and_repositories", "label": "Gitea 備份腳本", "line_count": 68, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Gitea backup owner、freshness evidence、restore target isolation 與 secret redaction proof。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "8ec9f0e5aee51381a799da83798fea4ca92d0c1686e40aef9f6ba8485003a990", "source_exists": true, "source_path": "scripts/backup/backup-gitea.sh", "surface_id": "backup_gitea_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "MOMO PostgreSQL", "188 database path" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "momo_postgresql", "label": "MOMO PostgreSQL 備份腳本", "line_count": 84, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 MOMO backup owner、188 DB access boundary、restore drill target 與 rollback owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "7cffdc570cd4b33a42b3604382eccc14a5388ed0a2fb67c9927312982c29a6cd", "source_exists": true, "source_path": "scripts/backup/backup-momo.sh", "surface_id": "backup_momo_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "Harbor registry", "Harbor DB", "image registry recovery" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "harbor_registry_and_database", "label": "Harbor 備份腳本", "line_count": 77, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Harbor backup owner、registry restore smoke、robot account secret boundary 與 image rollback owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "f42af4c7b66ceb19b504873bdf1ca76d306d6c775bbd8d5d6648249db6756595", "source_exists": true, "source_path": "scripts/backup/backup-harbor.sh", "surface_id": "backup_harbor_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "awoooi_prod", "awoooi_dev", "k3s datastore" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "awoooi_postgresql_and_k3s_datastore", "label": "AWOOOI PostgreSQL 完整備份腳本", "line_count": 123, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 AWOOOI DB backup owner、RPO owner、restore drill isolation 與 data masking policy。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "90eaed60f8ef4994bb082bd7f2e7c5b5ec8872270f8a014b72298de0ec34f658", "source_exists": true, "source_path": "scripts/backup/backup-awoooi.sh", "surface_id": "backup_awoooi_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "awoooi_prod", "6h RPO", "latest-only interaction" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "high_frequency_backup_script_visible_gate_closed", "expected_scope": "awoooi_postgresql_high_frequency", "label": "AWOOOI PostgreSQL 高頻備份腳本", "line_count": 76, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補高頻備份 owner、cron owner、latest-only retention owner 與 freshness evidence。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "171de6e757dbb7e4ee0d88b8d1cbc9471e288e58b189098b77cac14392461a39", "source_exists": true, "source_path": "scripts/backup/backup-awoooi-frequent.sh", "surface_id": "backup_awoooi_frequent_script" }, { "action_buttons_allowed": false, "backup_scope": [ "Langfuse DB", "AI trace evidence" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "langfuse_ai_trace_database", "label": "Langfuse 備份腳本", "line_count": 69, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Langfuse backup owner、trace privacy boundary、restore smoke 與 secret redaction proof。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "a60cea2e366be228e35492a87edc084261d1888591ca583083f4b909ba995cd9", "source_exists": true, "source_path": "scripts/backup/backup-langfuse.sh", "surface_id": "backup_langfuse_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "Prometheus", "Grafana", "Alertmanager" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "prometheus_grafana_alertmanager", "label": "Monitoring 備份腳本", "line_count": 109, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 observability backup owner、Grafana secret boundary、alert route restore smoke 與 rollback owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "e848315116b87ce250db6e1483d8e517e2c4c07ca1fc6e119ae8f80ad58d6183", "source_exists": true, "source_path": "scripts/backup/backup-monitoring.sh", "surface_id": "backup_monitoring_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "SigNoz ClickHouse", "SigNoz SQLite" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "signoz_clickhouse_and_sqlite", "label": "SigNoz 備份腳本", "line_count": 103, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 SigNoz disruptive guard owner、ClickHouse restore owner、告警靜音邊界與 post-check 指標。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "f3d9011b57815087ce0084525902693078c2785c25632d49c7a7a92e6a49bcf7", "source_exists": true, "source_path": "scripts/backup/backup-signoz.sh", "surface_id": "backup_signoz_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "Open-WebUI volume", "LLM conversation data" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "open_webui_volume", "label": "Open-WebUI 備份腳本", "line_count": 70, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Open-WebUI data privacy owner、188 read boundary、restore target isolation 與 retention owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "ab9fb4664799ef424cc9c3565592d9b6704df90bafda1f163e5cbfe01ff6056d", "source_exists": true, "source_path": "scripts/backup/backup-open-webui.sh", "surface_id": "backup_open_webui_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "ClawBot Redis", "agent state cache" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "clawbot_redis_state", "label": "ClawBot Redis 備份腳本", "line_count": 75, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 ClawBot state owner、Redis restore owner、agent state masking 與 rollback owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "9ad2367d42ca2ce679ce7c24ca2dabcdc9feccde668f4008a5a797165a2f4888", "source_exists": true, "source_path": "scripts/backup/backup-clawbot.sh", "surface_id": "backup_clawbot_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "Sentry", "ClickHouse / Postgres / Redis dependency boundary" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "service_backup_script_visible_gate_closed", "expected_scope": "sentry_self_hosted", "label": "Sentry 備份腳本", "line_count": 277, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Sentry backup owner、multi-store restore owner、admin secret boundary 與 route smoke。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "bbd09420a7814d6dfa2b8caade264e00c982b0b10fb9b57866893d02ef5eed44", "source_exists": true, "source_path": "scripts/backup/backup-sentry.sh", "surface_id": "backup_sentry_service_script" }, { "action_buttons_allowed": false, "backup_scope": [ "AI artifacts", "model / evaluation outputs" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "artifact_backup_script_visible_gate_closed", "expected_scope": "ai_artifacts", "label": "AI artifacts 備份腳本", "line_count": 129, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 artifact owner、retention owner、模型資料外送邊界與 restore validation。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "9dfbd45fcca516c75c06b062c79245397e2c0cf6db547472f1a5e48ee55f772b", "source_exists": true, "source_path": "scripts/backup/backup-ai-artifacts.sh", "surface_id": "backup_ai_artifacts_script" }, { "action_buttons_allowed": false, "backup_scope": [ "public routes", "Nginx route reconstruction", "frontend/API smoke evidence" ], "config_kind": "service_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "route_backup_script_visible_gate_closed", "expected_scope": "public_route_reconstruction", "label": "Public routes 備份腳本", "line_count": 182, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 route reconstruction owner、public/admin/API smoke、rollback ref 與 no-internal-transcript proof。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "828c87b8c9eed4dcb9a4dd55d36905636f74c890e1625792a2f14bfd53c7973c", "source_exists": true, "source_path": "scripts/backup/backup-public-routes.sh", "surface_id": "backup_public_routes_script" }, { "action_buttons_allowed": false, "backup_scope": [ "systemd", "docker", "nginx", "cron", "k8s", "host configs" ], "config_kind": "config_backup_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "config_capture_visible_blocked_until_owner_evidence", "expected_scope": "110_188_120_121_cluster_configs", "label": "Host / service / K8s 設定備份", "line_count": 359, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 config capture owner、secret redaction proof、120 blocked disposition、restore validation 與 retention owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e", "source_exists": true, "source_path": "scripts/backup/backup-configs.sh", "surface_id": "config_backup_capture" }, { "action_buttons_allowed": false, "backup_scope": [ "freshness", "failure", "integrity", "restore drill", "offsite", "escrow" ], "config_kind": "backup_status_reporter", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "status_reporter_visible_not_executed", "expected_scope": "110_188_backup_status_summary", "label": "備份狀態彙整腳本", "line_count": 342, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 backup status owner、read-only execution window、SSH read boundary、notification owner 與 false-green 防線。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "ae7d18d120f4441747d8ecce763e55bca235f923c01e0dac9b566b2d00f9bf0c", "source_exists": true, "source_path": "scripts/backup/backup-status.sh", "surface_id": "backup_status_reporter" }, { "action_buttons_allowed": false, "backup_scope": [ "restic check", "read-data subset", "integrity evidence" ], "config_kind": "integrity_check_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "integrity_check_visible_not_executed", "expected_scope": "restic_integrity_check", "label": "Restic integrity check", "line_count": 238, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 integrity check owner、執行窗口、資源上限、結果證據與 restore drill 前置條件。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "c2906ac4a7251419decf852eaeb7c1ead5eecd4f705804dfc556f23029e45ebc", "source_exists": true, "source_path": "scripts/backup/check-backup-integrity.sh", "surface_id": "backup_integrity_check" }, { "action_buttons_allowed": false, "backup_scope": [ "keep latest", "local delete", "retention marker" ], "config_kind": "retention_enforcer", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "delete_capable_retention_script_visible_gate_closed", "expected_scope": "latest_only_retention", "label": "Latest-only retention enforcer", "line_count": 42, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 retention owner、刪除窗口、restore runway、offsite mirror interaction 與 rollback / stop condition。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "b8ca6363c8d08866fd9cbcb6b47dfa310ffada588323ab48c48babf9b301b129", "source_exists": true, "source_path": "scripts/backup/enforce-latest-only-retention.sh", "surface_id": "latest_only_retention_enforcer" }, { "action_buttons_allowed": false, "backup_scope": [ "13 repos", "rclone sync", "remote delete", "success markers" ], "config_kind": "offsite_sync_controller", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "remote_write_and_delete_capable_sync_visible_gate_closed", "expected_scope": "google_drive_rclone_offsite_mirror", "label": "Offsite rclone sync controller", "line_count": 414, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 offsite owner、remote delete owner、runway check、full sync window、rclone credential escrow 與 verifier evidence。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "6b669b1fbf74d7b0f2b38f530d6c345e69c8eca5257ad2782751a1230091c839", "source_exists": true, "source_path": "scripts/backup/sync-offsite-backups.sh", "surface_id": "offsite_sync_controller" }, { "action_buttons_allowed": false, "backup_scope": [ "remote repo count", "latest-only evidence", "textfile metrics" ], "config_kind": "offsite_verifier", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "remote_read_and_textfile_write_capable_verifier_visible_gate_closed", "expected_scope": "offsite_full_sync_verification", "label": "Offsite full sync verifier", "line_count": 296, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 verifier owner、remote read window、metric write owner、failure notification owner 與 evidence retention。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "1614f6d73d65f9f68f8991ee5d198de66933fc35be8ab1ae1ad5aba3c4fdad31", "source_exists": true, "source_path": "scripts/backup/verify-offsite-full-sync.sh", "surface_id": "offsite_full_sync_verifier" }, { "action_buttons_allowed": false, "backup_scope": [ "status", "dry-run-small", "pre-full-sync", "escrow markers" ], "config_kind": "offsite_readiness_gate", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "readiness_gate_visible_not_executed", "expected_scope": "offsite_preflight_and_escrow_gate", "label": "Offsite readiness gate", "line_count": 436, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 readiness owner、dry-run scope、escrow owner、load/runway policy 與 accepted evidence refs。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "6e0cdb57dc8ea80097d1dd4bb6c87c39c13f2a2892b767c0c251eca524e33e19", "source_exists": true, "source_path": "scripts/backup/backup-offsite-readiness-gate.sh", "surface_id": "offsite_readiness_gate" }, { "action_buttons_allowed": false, "backup_scope": [ "script presence", "offsite marker", "escrow marker", "redacted output" ], "config_kind": "offsite_escrow_report", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "redacted_report_visible_default_no_remote_status", "expected_scope": "offsite_escrow_redacted_report", "label": "Offsite / escrow evidence report", "line_count": 262, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 evidence report owner、remote status opt-in owner、redaction proof 與 blocked marker disposition。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "09e07c94fd192dc9015a468eb376a4eeba09e3392586a9a2a178b1f7b58c9c50", "source_exists": true, "source_path": "scripts/backup/offsite-escrow-evidence-report.sh", "surface_id": "offsite_escrow_evidence_report" }, { "action_buttons_allowed": false, "backup_scope": [ "restic password", "offsite provider", "break-glass admin", "DNS recovery", "OAuth / AI provider recovery" ], "config_kind": "credential_escrow_marker", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "marker_write_capable_script_visible_gate_closed", "expected_scope": "credential_escrow_markers", "label": "Credential escrow marker writer", "line_count": 228, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 escrow owner、non-secret evidence id、reviewer acceptance、marker write approval 與 retention owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "ebb0ffd77dced76ff58855a637e7e35e0ffa0fa9f5f33490c00015d91f0ce947", "source_exists": true, "source_path": "scripts/backup/mark-credential-escrow-verified.sh", "surface_id": "credential_escrow_marker" }, { "action_buttons_allowed": false, "backup_scope": [ "rclone remote", "Google Drive", "offsite.env metadata" ], "config_kind": "offsite_rclone_config", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "credential_config_helper_visible_secret_values_not_collected", "expected_scope": "rclone_config_metadata", "label": "rclone offsite config helper", "line_count": 251, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 rclone config owner、secret store owner、file mode evidence、no-value collection proof 與 recovery owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "b8881508ad82201ed4b706c5ea05250d46e907d23f097f9019fcab387c4623da", "source_exists": true, "source_path": "scripts/backup/configure-offsite-rclone.sh", "surface_id": "offsite_rclone_config" }, { "action_buttons_allowed": false, "backup_scope": [ "Backblaze B2 metadata", "offsite env", "fallback provider" ], "config_kind": "offsite_b2_config", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "credential_config_helper_visible_secret_values_not_collected", "expected_scope": "b2_config_metadata", "label": "B2 offsite config helper", "line_count": 154, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 B2 provider owner、credential escrow owner、provider cost boundary 與 no-value collection proof。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "b3f847158bc48791e75ccb4a8430f3c88797f83f384c0f03d80c28f3037a170e", "source_exists": true, "source_path": "scripts/backup/configure-offsite-b2.sh", "surface_id": "offsite_b2_config" }, { "action_buttons_allowed": false, "backup_scope": [ "freshness metrics", "restore drill metrics", "offsite metrics", "escrow metrics" ], "config_kind": "backup_health_exporter", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "textfile_write_capable_exporter_visible_gate_closed", "expected_scope": "backup_health_prometheus_textfile", "label": "Backup health textfile exporter", "line_count": 926, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 exporter owner、textfile path owner、metric freshness SLO、false-green guard 與 alert owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "cc4a0b89321679e4c39c8d3ba85b7308eb0d1f800c82895dcb71741a9dceaddc", "source_exists": true, "source_path": "scripts/ops/backup-health-textfile-exporter.py", "surface_id": "backup_health_textfile_exporter" }, { "action_buttons_allowed": false, "backup_scope": [ "Velero restore dry-run", "weekly schedule", "textfile metrics" ], "config_kind": "velero_restore_cronjob", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "k8s_cronjob_manifest_visible_not_applied_by_this_inventory", "expected_scope": "velero_weekly_restore_dry_run", "label": "Velero restore dry-run CronJob", "line_count": 76, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Velero owner、dry-run namespace isolation、CronJob live evidence、restore approval 與 post-check 指標。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "356ab2223d0fc2e1b4d7e4e1163ef23bed62e1c22588c46ffd010d090359557b", "source_exists": true, "source_path": "k8s/awoooi-prod/16-cronjob-backup-restore-test.yaml", "surface_id": "velero_restore_test_cronjob" }, { "action_buttons_allowed": false, "backup_scope": [ "restore dry-run script", "13-digit textfile timestamp risk", "Prometheus textfile" ], "config_kind": "velero_restore_script_configmap", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "configmap_script_visible_timestamp_format_needs_owner_disposition", "expected_scope": "velero_restore_script_configmap", "label": "Velero restore script ConfigMap", "line_count": 49, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 ConfigMap owner、timestamp format disposition、CronJob rollout owner、metric scrape proof 與 rollback owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "c3e4605372a9f5c5f94713e1f8b5d8d0dccd6886c76c43522053e1468521bc1d", "source_exists": true, "source_path": "k8s/awoooi-prod/17-configmap-backup-restore-scripts.yaml", "surface_id": "velero_restore_test_script_configmap" }, { "action_buttons_allowed": false, "backup_scope": [ "restore dry-run", "Prometheus textfile seconds timestamp", "failure metric" ], "config_kind": "velero_restore_standalone_script", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "standalone_script_visible_uses_seconds_textfile_timestamp_not_executed", "expected_scope": "velero_standalone_restore_script", "label": "Velero restore dry-run standalone script", "line_count": 62, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 standalone / ConfigMap drift disposition、restore drill owner、textfile owner 與 proof of isolation。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "960cd740d6107c7f70b09dd8ff4c934af76d82921b066ba92c6fac2af7d55622", "source_exists": true, "source_path": "scripts/cron_backup_restore_test.sh", "surface_id": "velero_standalone_restore_test_script" }, { "action_buttons_allowed": false, "backup_scope": [ "MinIO credential names", "placeholder values", "External Secrets / Sealed Secrets recommendation" ], "config_kind": "velero_credentials_manifest", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "placeholder_secret_manifest_visible_values_not_collected", "expected_scope": "velero_minio_credentials_metadata", "label": "Velero MinIO credential manifest", "line_count": 14, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Velero credential owner、secret manager source、rotation owner、no-value collection proof 與 restore boundary。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "54d829a3204c2fa2d1bb3c8be1bf250914dd7a517d13900bee0fa9878760c930", "source_exists": true, "source_path": "k8s/velero/01-credentials.yaml", "surface_id": "velero_credentials_manifest" }, { "action_buttons_allowed": false, "backup_scope": [ "Velero Deployment", "cluster-admin binding", "MinIO s3Url", "backup storage location" ], "config_kind": "velero_install_manifest", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "cluster_admin_velero_manifest_visible_gate_closed", "expected_scope": "velero_install_and_minio_storage", "label": "Velero install manifest", "line_count": 117, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 Velero RBAC owner、MinIO endpoint owner、least privilege review、install window 與 rollback owner。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "60d7ea59ef8b2ad38dc8bf6bca80be35609e8d317210c44204bdd5ad9901b47a", "source_exists": true, "source_path": "k8s/velero/02-velero-install.yaml", "surface_id": "velero_install_manifest" }, { "action_buttons_allowed": false, "backup_scope": [ "BackupRestoreTestFailed", "Velero freshness", "offsite freshness", "restore stale" ], "config_kind": "backup_restore_alert_rules", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "alert_rule_source_visible_reload_not_authorized", "expected_scope": "backup_restore_prometheus_alerts", "label": "Backup / restore alert rules", "line_count": 1355, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 alert rule owner、receiver owner、reload owner、silence boundary 與 failure-only notification policy。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "94d439a2ea599995601a5022dc0a001cc09f405964cd1308b103f86e2af14e90", "source_exists": true, "source_path": "ops/monitoring/alerts.yml", "surface_id": "backup_restore_alert_rules" }, { "action_buttons_allowed": false, "backup_scope": [ "readiness matrix", "blocked targets", "restore drill status" ], "config_kind": "dr_readiness_contract", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "readiness_contract_visible_action_required_items_not_accepted", "expected_scope": "backup_dr_readiness_contract", "label": "Backup / DR readiness matrix", "line_count": 321, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 readiness owner、blocked target disposition、freshness evidence、restore drill owner 與 accepted refs。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "6d116173b5842bd8813e4a9815cb7a70be1677b44abd01b0dfa26bbd9bf2d7fd", "source_exists": true, "source_path": "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json", "surface_id": "backup_dr_readiness_contract" }, { "action_buttons_allowed": false, "backup_scope": [ "database restore", "configuration restore", "credential escrow", "K8s restore", "observability restore" ], "config_kind": "restore_drill_approval_template", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "approval_template_visible_no_restore_execution", "expected_scope": "restore_drill_approval_template", "label": "Restore drill approval package template", "line_count": 510, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 owner response 實際封包、隔離環境、observer、rollback owner 與 restore stop condition。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "321a6007ba205d6342e4bf2171aff997ea305c7b0a72acc6b32e1258d62656fc", "source_exists": true, "source_path": "docs/evaluations/backup_restore_drill_approval_package_template_2026-06-05.json", "surface_id": "backup_restore_drill_approval_template" }, { "action_buttons_allowed": false, "backup_scope": [ "offsite_rclone_full_sync", "credential_escrow_markers", "velero_k8s_resources" ], "config_kind": "offsite_escrow_readiness_contract", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "offsite_verified_but_escrow_and_velero_blocked", "expected_scope": "offsite_escrow_readiness_contract", "label": "Offsite / escrow readiness status", "line_count": 163, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 escrow marker owner、Velero metric binding、remote evidence expiry owner 與 offsite sync approval boundary。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "7f7ac8e378d9d3d07d41b7a5ac45991ed67e9115d4a24cbc1da2aa9d392aea94", "source_exists": true, "source_path": "docs/evaluations/offsite_escrow_readiness_status_2026-06-05.json", "surface_id": "offsite_escrow_readiness_contract" }, { "action_buttons_allowed": false, "backup_scope": [ "110 backup center", "latest-only", "Google Drive / rclone", "credential escrow", "120 blocker" ], "config_kind": "backup_status_runbook", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "runbook_visible_contains_live_refresh_notes_needs_revalidation", "expected_scope": "backup_status_runbook", "label": "Backup status runbook", "line_count": 160, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補截至本次階段的 owner-provided live refresh、stale evidence disposition、escrow blocker owner 與 validation refs。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "282fc9cac91236225005399cf668609eb142c52ab48a9b1aebe3d7e0a4572462", "source_exists": true, "source_path": "docs/runbooks/BACKUP-STATUS.md", "surface_id": "backup_status_runbook" }, { "action_buttons_allowed": false, "backup_scope": [ "cold start", "backup-all", "sync-offsite", "restore guard", "schedules" ], "config_kind": "cold_start_sop", "control_tier": "C0", "credential_escrow_accepted": false, "current_state": "sop_visible_contains_backup_commands_not_authorized", "expected_scope": "cold_start_backup_restore_recovery", "label": "Full-stack cold-start SOP", "line_count": 704, "live_evidence_received": false, "maintenance_window_accepted": false, "next_owner_action": "補 cold-start commander owner、backup command approval boundary、restore stop condition、rollback owner 與 post-start validation。", "offsite_sync_accepted": false, "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restore_drill_accepted": false, "retention_change_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "sha256": "82d52e414876c46fe37dbe0e4447ebf1b26011d6bde2bfadb07978f09715ea94", "source_exists": true, "source_path": "docs/runbooks/FULL-STACK-COLD-START-SOP.md", "surface_id": "cold_start_sop" } ], "execution_boundaries": { "action_buttons_allowed": false, "active_scan_authorized": false, "backup_run_authorized": false, "credential_escrow_marker_write_authorized": false, "host_write_authorized": false, "kubectl_action_authorized": false, "offsite_remote_delete_authorized": false, "offsite_sync_authorized": false, "rclone_config_authorized": false, "restic_prune_authorized": false, "restore_drill_authorized": false, "restore_run_authorized": false, "retention_change_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "velero_backup_authorized": false, "velero_restore_authorized": false }, "expected_scopes": [ "110_188_120_121_cluster_configs", "110_188_backup_status_summary", "110_backup_host_all_services", "ai_artifacts", "awoooi_postgresql_and_k3s_datastore", "awoooi_postgresql_high_frequency", "b2_config_metadata", "backup_dr_readiness_contract", "backup_health_prometheus_textfile", "backup_restore_prometheus_alerts", "backup_status_runbook", "clawbot_redis_state", "cold_start_backup_restore_recovery", "credential_escrow_markers", "gitea_database_and_repositories", "google_drive_rclone_offsite_mirror", "harbor_registry_and_database", "langfuse_ai_trace_database", "latest_only_retention", "momo_postgresql", "offsite_escrow_readiness_contract", "offsite_escrow_redacted_report", "offsite_full_sync_verification", "offsite_preflight_and_escrow_gate", "open_webui_volume", "prometheus_grafana_alertmanager", "public_route_reconstruction", "rclone_config_metadata", "restic_integrity_check", "restic_password_b2_retention_common", "restore_drill_approval_template", "sentry_self_hosted", "signoz_clickhouse_and_sqlite", "velero_install_and_minio_storage", "velero_minio_credentials_metadata", "velero_restore_script_configmap", "velero_standalone_restore_script", "velero_weekly_restore_dry_run" ], "generated_at": "2026-06-11T22:20:00+08:00", "git_commit": "dba91f3c", "next_collection_order": [ "backup_common_restic_retention", "offsite_sync_controller", "credential_escrow_marker", "velero_restore_test_script_configmap", "velero_credentials_manifest", "backup_health_textfile_exporter", "backup_restore_alert_rules", "backup_restore_drill_approval_template", "backup_status_runbook", "cold_start_sop" ], "operator_interpretation": [ "這是 repo-only backup / restore / escrow / retention 清冊,不是 live backup、remote provider 或 cluster truth。", "source_exists=true 只代表 repo 檔案存在;不代表備份已成功、restore drill 已執行、offsite sync 已授權或 escrow marker 已可寫入。", "write-capable surface 可見代表需要資安控管,不代表 backup、restore、rclone sync、remote delete、restic prune、Velero restore 或 kubectl 已授權。", "所有 owner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance 與 runtime gate 仍為 0。" ], "schema_version": "backup_restore_escrow_inventory_v1", "source_scope": "committed_repo_files_only", "status": "repo_only_inventory_ready", "summary": { "action_button_count": 0, "alert_surface_count": 1, "backup_script_surface_count": 15, "coverage_percent_after_inventory": 58, "coverage_percent_before_inventory": 52, "credential_escrow_accepted_count": 0, "credential_surface_count": 5, "dr_readiness_contract_surface_count": 3, "expected_scope_count": 38, "live_evidence_received_count": 0, "maintenance_window_accepted_count": 0, "offsite_escrow_surface_count": 8, "offsite_sync_accepted_count": 0, "owner_response_accepted_count": 0, "owner_response_received_count": 0, "restore_drill_accepted_count": 0, "restore_drill_surface_count": 4, "retention_change_accepted_count": 0, "retention_surface_count": 3, "rollback_owner_accepted_count": 0, "runtime_gate_count": 0, "source_exists_count": 38, "surface_count": 38, "surfaces_requiring_live_evidence_count": 38, "surfaces_requiring_owner_response_count": 38, "velero_surface_count": 5, "write_capable_surface_count": 27 }, "write_capable_surfaces": [ { "config_kind": "backup_orchestrator", "expected_scope": "110_backup_host_all_services", "label": "全服務備份總控", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_all_orchestrator" }, { "config_kind": "service_backup_script", "expected_scope": "gitea_database_and_repositories", "label": "Gitea 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_gitea_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "momo_postgresql", "label": "MOMO PostgreSQL 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_momo_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "harbor_registry_and_database", "label": "Harbor 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_harbor_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "awoooi_postgresql_and_k3s_datastore", "label": "AWOOOI PostgreSQL 完整備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_awoooi_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "awoooi_postgresql_high_frequency", "label": "AWOOOI PostgreSQL 高頻備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_awoooi_frequent_script" }, { "config_kind": "service_backup_script", "expected_scope": "langfuse_ai_trace_database", "label": "Langfuse 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_langfuse_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "prometheus_grafana_alertmanager", "label": "Monitoring 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_monitoring_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "signoz_clickhouse_and_sqlite", "label": "SigNoz 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_signoz_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "open_webui_volume", "label": "Open-WebUI 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_open_webui_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "clawbot_redis_state", "label": "ClawBot Redis 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_clawbot_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "sentry_self_hosted", "label": "Sentry 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_sentry_service_script" }, { "config_kind": "service_backup_script", "expected_scope": "ai_artifacts", "label": "AI artifacts 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_ai_artifacts_script" }, { "config_kind": "service_backup_script", "expected_scope": "public_route_reconstruction", "label": "Public routes 備份腳本", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_public_routes_script" }, { "config_kind": "config_backup_script", "expected_scope": "110_188_120_121_cluster_configs", "label": "Host / service / K8s 設定備份", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "config_backup_capture" }, { "config_kind": "retention_enforcer", "expected_scope": "latest_only_retention", "label": "Latest-only retention enforcer", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "latest_only_retention_enforcer" }, { "config_kind": "offsite_sync_controller", "expected_scope": "google_drive_rclone_offsite_mirror", "label": "Offsite rclone sync controller", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "offsite_sync_controller" }, { "config_kind": "offsite_verifier", "expected_scope": "offsite_full_sync_verification", "label": "Offsite full sync verifier", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "offsite_full_sync_verifier" }, { "config_kind": "credential_escrow_marker", "expected_scope": "credential_escrow_markers", "label": "Credential escrow marker writer", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "credential_escrow_marker" }, { "config_kind": "offsite_rclone_config", "expected_scope": "rclone_config_metadata", "label": "rclone offsite config helper", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "offsite_rclone_config" }, { "config_kind": "offsite_b2_config", "expected_scope": "b2_config_metadata", "label": "B2 offsite config helper", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "offsite_b2_config" }, { "config_kind": "backup_health_exporter", "expected_scope": "backup_health_prometheus_textfile", "label": "Backup health textfile exporter", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "backup_health_textfile_exporter" }, { "config_kind": "velero_restore_cronjob", "expected_scope": "velero_weekly_restore_dry_run", "label": "Velero restore dry-run CronJob", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "velero_restore_test_cronjob" }, { "config_kind": "velero_restore_script_configmap", "expected_scope": "velero_restore_script_configmap", "label": "Velero restore script ConfigMap", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "velero_restore_test_script_configmap" }, { "config_kind": "velero_restore_standalone_script", "expected_scope": "velero_standalone_restore_script", "label": "Velero restore dry-run standalone script", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "velero_standalone_restore_test_script" }, { "config_kind": "velero_credentials_manifest", "expected_scope": "velero_minio_credentials_metadata", "label": "Velero MinIO credential manifest", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "velero_credentials_manifest" }, { "config_kind": "velero_install_manifest", "expected_scope": "velero_install_and_minio_storage", "label": "Velero install manifest", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "surface_id": "velero_install_manifest" } ] }