{ "config_surfaces": [ { "action_buttons_allowed": false, "config_kind": "docker_compose_source", "control_tier": "C1", "current_state": "repo_source_visible", "expected_host_scope": "local_dev_only", "label": "AWOOOI local development compose", "line_count": 137, "live_evidence_received": false, "next_owner_action": "確認本檔僅供 local dev,不得作為 production compose;補 dev secret placeholder policy。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": false, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "web", "api", "postgres", "redis" ], "sha256": "4a27bcde139b5aef6a9f3080187af5bec73d1efd9c09ed2752b0baaa5f507024", "source_exists": true, "source_path": "docker-compose.yml", "surface_id": "local_dev_compose" }, { "action_buttons_allowed": false, "config_kind": "docker_compose_source", "control_tier": "C1", "current_state": "repo_source_visible_with_live_drift_warning", "expected_host_scope": "192.168.0.110", "label": "110 monitoring docker compose", "line_count": 148, "live_evidence_received": false, "next_owner_action": "補 110 live compose hash、restart window、rollback owner、post-check 指標與 drift disposition。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "cadvisor", "prometheus", "grafana", "blackbox-exporter", "alertmanager", "github-exporter" ], "sha256": "00126e9a5cb7a3cf2bf02cfddefea11f05849b46835a4e602eac4777fcb25281", "source_exists": true, "source_path": "k8s/monitoring/docker-compose-110.yml", "surface_id": "monitoring_110_compose" }, { "action_buttons_allowed": false, "config_kind": "docker_compose_source", "control_tier": "C1", "current_state": "repo_source_visible_needs_live_hash", "expected_host_scope": "192.168.0.188", "label": "188 database exporters compose", "line_count": 69, "live_evidence_received": false, "next_owner_action": "補 188 exporter compose live hash、env source policy、restart window 與 rollback owner。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "postgres-exporter", "redis-exporter" ], "sha256": "3ffb3bd2e98091d18e60b74721904777c27f279c37ab6e873b82e6ef73eb87d4", "source_exists": true, "source_path": "ops/monitoring/docker-compose.exporters.yaml", "surface_id": "monitoring_exporters_188_compose" }, { "action_buttons_allowed": false, "config_kind": "docker_compose_reference", "control_tier": "C1", "current_state": "reference_only_not_runtime_source", "expected_host_scope": "192.168.0.110", "label": "110 Sentry self-hosted reference compose", "line_count": 49, "live_evidence_received": false, "next_owner_action": "確認 110 Sentry 實際 source-of-truth、official self-hosted revision、backup path 與 rollback owner。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "sentry-placeholder-reference" ], "sha256": "bba852dc0d73934998fa375130168615f9ac7611ce3f3efaa901e3b7e222eae3", "source_exists": true, "source_path": "ops/sentry-self-hosted/docker-compose.yml", "surface_id": "sentry_110_reference_compose" }, { "action_buttons_allowed": false, "config_kind": "docker_compose_source", "control_tier": "C1", "current_state": "repo_source_visible_needs_secret_policy_review", "expected_host_scope": "192.168.0.110", "label": "110 Langfuse compose", "line_count": 71, "live_evidence_received": false, "next_owner_action": "補 110 live compose hash、secret placeholder disposition、restart window 與 rollback owner。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "langfuse", "langfuse-db" ], "sha256": "6c703a27525e62ef4d4d3c4cba8a89d64f646b01020782e35d22a3bf73f2dc83", "source_exists": true, "source_path": "infra/langfuse/docker-compose.yml", "surface_id": "langfuse_110_compose" }, { "action_buttons_allowed": false, "config_kind": "ansible_service_executor", "control_tier": "C1", "current_state": "executor_role_visible_needs_gate_mapping", "expected_host_scope": "multi_host", "label": "Ansible docker-compose-service role", "line_count": 18, "live_evidence_received": false, "next_owner_action": "補 role 使用範圍、allowed service_dir、check-mode plan、rollback owner 與人工批准 gate。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "docker compose up -d" ], "sha256": "cee214a8651f46c2d8be05054dddadc243a26bff51a64bd9cf42dd2ec0b7b1b3", "source_exists": true, "source_path": "infra/ansible/roles/docker-compose-service/tasks/main.yml", "surface_id": "ansible_docker_compose_service_role" }, { "action_buttons_allowed": false, "config_kind": "host_repair_whitelist", "control_tier": "C1", "current_state": "write_capable_whitelist_visible_gate_closed", "expected_host_scope": "192.168.0.110", "label": "110 repair-bot compose whitelist", "line_count": 67, "live_evidence_received": false, "next_owner_action": "補 authorized_keys command binding、disable switch、audit log path、rollback owner 與 post-check 指標。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "sentry", "harbor", "gitea", "gitea-runner", "langfuse", "alertmanager", "signoz" ], "sha256": "093d4f85c398806dee62c2831fa4fe7e1f8fddca6e3cfcc9dbe4d5e0d66cdf3b", "source_exists": true, "source_path": "scripts/repair-bot/repair-bot-110.sh", "surface_id": "repair_bot_110_whitelist" }, { "action_buttons_allowed": false, "config_kind": "host_repair_whitelist", "control_tier": "C1", "current_state": "write_capable_whitelist_visible_gate_closed", "expected_host_scope": "192.168.0.188", "label": "188 repair-bot compose/systemd whitelist", "line_count": 85, "live_evidence_received": false, "next_owner_action": "補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner 與 route smoke。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "openclaw", "minio", "signoz", "redis", "nginx", "ollama" ], "sha256": "fb2eb786d04edbf5d5be581a53bbe188ac66f0895aa016328b031c72f6182918", "source_exists": true, "source_path": "scripts/repair-bot/repair-bot-188.sh", "surface_id": "repair_bot_188_whitelist" }, { "action_buttons_allowed": false, "config_kind": "backup_capture_contract", "control_tier": "C1", "current_state": "capture_script_visible_not_executed_by_this_inventory", "expected_host_scope": "110_188_120_121_cluster", "label": "host config backup capture contract", "line_count": 359, "live_evidence_received": false, "next_owner_action": "補 latest backup status、restore drill owner、secret handling proof、retention owner 與 restore validation plan。", "owner_response_accepted": false, "owner_response_received": false, "requires_live_evidence": true, "requires_owner_response": true, "restart_window_accepted": false, "rollback_owner_accepted": false, "runtime_gate_open": false, "service_scope": [ "systemd", "docker", "nginx", "cron", "k8s", "host-configs" ], "sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e", "source_exists": true, "source_path": "scripts/backup/backup-configs.sh", "surface_id": "config_backup_host_capture" } ], "execution_boundaries": { "action_buttons_allowed": false, "active_scan_authorized": false, "ansible_apply_authorized": false, "docker_compose_action_authorized": false, "host_write_authorized": false, "live_host_read_authorized": false, "repair_bot_execution_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "service_restart_authorized": false, "ssh_read_authorized": false, "ssh_write_authorized": false, "sudo_action_authorized": false, "systemctl_action_authorized": false }, "expected_host_scopes": [ "110_188_120_121_cluster", "192.168.0.110", "192.168.0.188", "local_dev_only", "multi_host" ], "generated_at": "2026-06-11T23:20:00+08:00", "git_commit": "0a82648e", "next_collection_order": [ "repair_bot_110_whitelist", "repair_bot_188_whitelist", "monitoring_110_compose", "monitoring_exporters_188_compose", "langfuse_110_compose", "config_backup_host_capture", "ansible_docker_compose_service_role", "sentry_110_reference_compose", "local_dev_compose" ], "operator_interpretation": [ "這是 repo-only 主機服務配置清冊,不是 live host 盤點。", "write-capable 白名單與 Ansible role 可見,不代表 repair-bot、docker compose、systemctl 或 sudo 已授權。", "所有 live hash、restart window、rollback owner、post-check 指標都仍需 owner response。", "本清冊讓 Docker/systemd 類別從 inventory_needed 進到 repo_only_inventory_ready,但 runtime gate 仍為 0。" ], "schema_version": "host_service_config_inventory_v1", "source_scope": "committed_repo_files_only", "status": "repo_only_inventory_ready", "summary": { "action_button_count": 0, "coverage_percent_after_inventory": 50, "coverage_percent_before_inventory": 42, "docker_compose_source_count": 5, "expected_host_scope_count": 5, "host_repair_whitelist_count": 2, "live_evidence_received_count": 0, "owner_response_accepted_count": 0, "owner_response_received_count": 0, "restart_window_accepted_count": 0, "rollback_owner_accepted_count": 0, "runtime_gate_count": 0, "source_exists_count": 9, "surface_count": 9, "surfaces_requiring_live_evidence_count": 8, "surfaces_requiring_owner_response_count": 9, "systemd_restart_surface_count": 1, "write_capable_surface_count": 3 }, "write_capable_surfaces": [ { "config_kind": "ansible_service_executor", "expected_host_scope": "multi_host", "label": "Ansible docker-compose-service role", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "service_scope": [ "docker compose up -d" ], "surface_id": "ansible_docker_compose_service_role" }, { "config_kind": "host_repair_whitelist", "expected_host_scope": "192.168.0.110", "label": "110 repair-bot compose whitelist", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "service_scope": [ "sentry", "harbor", "gitea", "gitea-runner", "langfuse", "alertmanager", "signoz" ], "surface_id": "repair_bot_110_whitelist" }, { "config_kind": "host_repair_whitelist", "expected_host_scope": "192.168.0.188", "label": "188 repair-bot compose/systemd whitelist", "required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner", "service_scope": [ "openclaw", "minio", "signoz", "redis", "nginx", "ollama" ], "surface_id": "repair_bot_188_whitelist" } ] }