""" Backup notification policy snapshot. Loads the latest committed, read-only backup notification policy. The policy defines success-noise suppression, failure/action-required escalation, and daily summary expectations; it never sends notifications, runs backups, starts restore drills, syncs offsite backups, writes credential markers, changes schedules, or writes workflows. """ from __future__ import annotations import json from pathlib import Path from typing import Any from src.services.snapshot_paths import default_evaluations_dir _DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__)) _SNAPSHOT_PATTERN = "backup_notification_policy_*.json" _SCHEMA_VERSION = "backup_notification_policy_v1" def load_latest_backup_notification_policy( evaluations_dir: Path | None = None, ) -> dict[str, Any]: """Load the newest committed backup notification policy snapshot.""" directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR candidates = sorted(directory.glob(_SNAPSHOT_PATTERN)) if not candidates: raise FileNotFoundError(f"no backup notification policy snapshots found in {directory}") latest = candidates[-1] with latest.open(encoding="utf-8") as handle: payload = json.load(handle) if not isinstance(payload, dict): raise ValueError(f"{latest}: expected JSON object") _require_schema(payload, _SCHEMA_VERSION, str(latest)) _require_read_only_boundaries(payload, str(latest)) _require_operation_boundaries(payload, str(latest)) _require_rollup_consistency(payload, str(latest)) _require_success_noise_suppression(payload, str(latest)) return payload def _require_schema(payload: dict[str, Any], expected: str, label: str) -> None: actual = payload.get("schema_version") if actual != expected: raise ValueError(f"{label}: expected schema_version={expected}, got {actual!r}") def _require_read_only_boundaries(payload: dict[str, Any], label: str) -> None: program_status = payload.get("program_status") or {} if program_status.get("read_only_mode") is not True: raise ValueError(f"{label}: program_status.read_only_mode must be true") boundaries = payload.get("approval_boundaries") or {} blocked_flags = { "sdk_installation_allowed", "paid_api_call_allowed", "shadow_or_canary_allowed", "production_routing_allowed", "destructive_operation_allowed", } allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False) if allowed: raise ValueError(f"{label}: approval boundaries must remain false: {allowed}") def _require_operation_boundaries(payload: dict[str, Any], label: str) -> None: boundaries = payload.get("operation_boundaries") or {} if boundaries.get("read_only_policy_allowed") is not True: raise ValueError(f"{label}: read_only_policy_allowed must be true") blocked_flags = { "notification_send_allowed", "backup_execution_allowed", "restore_execution_allowed", "offsite_sync_execution_allowed", "credential_marker_write_allowed", "schedule_change_allowed", "workflow_write_allowed", "telegram_test_message_allowed", } allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False) if allowed: raise ValueError(f"{label}: operation boundaries must remain false: {allowed}") def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None: rules = payload.get("policy_rules") or [] rollups = payload.get("rollups") or {} if rollups.get("total_rules") != len(rules): raise ValueError(f"{label}: rollups.total_rules must match policy_rules") by_decision: dict[str, int] = {} for rule in rules: decision = str(rule.get("decision")) by_decision[decision] = by_decision.get(decision, 0) + 1 if rollups.get("by_decision") != by_decision: raise ValueError(f"{label}: rollups.by_decision must match policy rule decisions") immediate_ids = { rule.get("rule_id") for rule in rules if rule.get("decision") == "escalate_immediate" } if set(rollups.get("immediate_escalation_rule_ids") or []) != immediate_ids: raise ValueError(f"{label}: rollups.immediate_escalation_rule_ids must match immediate rules") suppressed_success_ids = { rule.get("rule_id") for rule in rules if rule.get("backup_state") == "success" and rule.get("decision") == "suppress_immediate_success" } if set(rollups.get("suppressed_success_rule_ids") or []) != suppressed_success_ids: raise ValueError(f"{label}: rollups.suppressed_success_rule_ids must match suppressed success rules") def _require_success_noise_suppression(payload: dict[str, Any], label: str) -> None: summary = payload.get("daily_summary_contract") or {} if summary.get("success_immediate_notifications_allowed") is not False: raise ValueError(f"{label}: daily summary must suppress immediate success notifications") channels = payload.get("notification_channels") or [] noisy_channels = [ channel.get("channel_id") for channel in channels if channel.get("success_immediate_allowed") is not False ] if noisy_channels: raise ValueError(f"{label}: channels must not allow success immediate notifications: {noisy_channels}") success_escalations = [ rule.get("rule_id") for rule in payload.get("policy_rules") or [] if rule.get("backup_state") == "success" and rule.get("decision") != "suppress_immediate_success" ] if success_escalations: raise ValueError(f"{label}: success rules must suppress immediate notification: {success_escalations}")