wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/backup-restore-escrow-inventory.snapshot.json
Your Name 93a1993d11
Some checks failed
CD Pipeline / tests (push) Successful in 1m30s
Details
Code Review / ai-code-review (push) Successful in 16s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m30s
Details
CD Pipeline / post-deploy-checks (push) Has been cancelled
Details
feat(security): 新增 backup restore escrow 只讀清冊
2026-06-11 22:51:31 +08:00

1508 lines
60 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"backup_surfaces": [
{
"action_buttons_allowed": false,
"backup_scope": [
"gitea",
"momo",
"harbor",
"awoooi",
"langfuse",
"monitoring",
"signoz",
"open-webui",
"clawbot"
],
"config_kind": "backup_orchestrator",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "write_capable_orchestrator_visible_not_executed",
"expected_scope": "110_backup_host_all_services",
"label": "全服務備份總控",
"line_count": 126,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 backup owner、cron owner、失敗通知 owner、restore drill owner、rollback owner 與 post-check 指標。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "33f6070bd3733fc59e7b661de44587b7d6a336500765667405e11fbffe2f4489",
"source_exists": true,
"source_path": "scripts/backup/backup-all.sh",
"surface_id": "backup_all_orchestrator"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"RESTIC_PASSWORD_FILE",
"B2 metadata",
"KEEP_DAILY=30",
"KEEP_WEEKLY=12",
"KEEP_MONTHLY=24"
],
"config_kind": "backup_common_policy",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "retention_and_credential_metadata_visible_secret_values_absent",
"expected_scope": "restic_password_b2_retention_common",
"label": "Restic 共用設定與 GFS retention",
"line_count": 147,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 restic password owner、B2 / rclone owner、retention owner、prune window 與 no-secret-value evidence。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "00139e1eac8998b1e0cb09d7692882267d8cc72a6c57c04a732e155932ad22d1",
"source_exists": true,
"source_path": "scripts/backup/common.sh",
"surface_id": "backup_common_restic_retention"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Gitea DB",
"repositories",
"app.ini redaction boundary"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "gitea_database_and_repositories",
"label": "Gitea 備份腳本",
"line_count": 68,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Gitea backup owner、freshness evidence、restore target isolation 與 secret redaction proof。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "8ec9f0e5aee51381a799da83798fea4ca92d0c1686e40aef9f6ba8485003a990",
"source_exists": true,
"source_path": "scripts/backup/backup-gitea.sh",
"surface_id": "backup_gitea_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"MOMO PostgreSQL",
"188 database path"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "momo_postgresql",
"label": "MOMO PostgreSQL 備份腳本",
"line_count": 84,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 MOMO backup owner、188 DB access boundary、restore drill target 與 rollback owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "7cffdc570cd4b33a42b3604382eccc14a5388ed0a2fb67c9927312982c29a6cd",
"source_exists": true,
"source_path": "scripts/backup/backup-momo.sh",
"surface_id": "backup_momo_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Harbor registry",
"Harbor DB",
"image registry recovery"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "harbor_registry_and_database",
"label": "Harbor 備份腳本",
"line_count": 77,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Harbor backup owner、registry restore smoke、robot account secret boundary 與 image rollback owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "f42af4c7b66ceb19b504873bdf1ca76d306d6c775bbd8d5d6648249db6756595",
"source_exists": true,
"source_path": "scripts/backup/backup-harbor.sh",
"surface_id": "backup_harbor_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"awoooi_prod",
"awoooi_dev",
"k3s datastore"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "awoooi_postgresql_and_k3s_datastore",
"label": "AWOOOI PostgreSQL 完整備份腳本",
"line_count": 123,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 AWOOOI DB backup owner、RPO owner、restore drill isolation 與 data masking policy。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "90eaed60f8ef4994bb082bd7f2e7c5b5ec8872270f8a014b72298de0ec34f658",
"source_exists": true,
"source_path": "scripts/backup/backup-awoooi.sh",
"surface_id": "backup_awoooi_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"awoooi_prod",
"6h RPO",
"latest-only interaction"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "high_frequency_backup_script_visible_gate_closed",
"expected_scope": "awoooi_postgresql_high_frequency",
"label": "AWOOOI PostgreSQL 高頻備份腳本",
"line_count": 76,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補高頻備份 owner、cron owner、latest-only retention owner 與 freshness evidence。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "171de6e757dbb7e4ee0d88b8d1cbc9471e288e58b189098b77cac14392461a39",
"source_exists": true,
"source_path": "scripts/backup/backup-awoooi-frequent.sh",
"surface_id": "backup_awoooi_frequent_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Langfuse DB",
"AI trace evidence"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "langfuse_ai_trace_database",
"label": "Langfuse 備份腳本",
"line_count": 69,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Langfuse backup owner、trace privacy boundary、restore smoke 與 secret redaction proof。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "a60cea2e366be228e35492a87edc084261d1888591ca583083f4b909ba995cd9",
"source_exists": true,
"source_path": "scripts/backup/backup-langfuse.sh",
"surface_id": "backup_langfuse_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Prometheus",
"Grafana",
"Alertmanager"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "prometheus_grafana_alertmanager",
"label": "Monitoring 備份腳本",
"line_count": 109,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 observability backup owner、Grafana secret boundary、alert route restore smoke 與 rollback owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "e848315116b87ce250db6e1483d8e517e2c4c07ca1fc6e119ae8f80ad58d6183",
"source_exists": true,
"source_path": "scripts/backup/backup-monitoring.sh",
"surface_id": "backup_monitoring_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"SigNoz ClickHouse",
"SigNoz SQLite"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "signoz_clickhouse_and_sqlite",
"label": "SigNoz 備份腳本",
"line_count": 103,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 SigNoz disruptive guard owner、ClickHouse restore owner、告警靜音邊界與 post-check 指標。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "f3d9011b57815087ce0084525902693078c2785c25632d49c7a7a92e6a49bcf7",
"source_exists": true,
"source_path": "scripts/backup/backup-signoz.sh",
"surface_id": "backup_signoz_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Open-WebUI volume",
"LLM conversation data"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "open_webui_volume",
"label": "Open-WebUI 備份腳本",
"line_count": 70,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Open-WebUI data privacy owner、188 read boundary、restore target isolation 與 retention owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "ab9fb4664799ef424cc9c3565592d9b6704df90bafda1f163e5cbfe01ff6056d",
"source_exists": true,
"source_path": "scripts/backup/backup-open-webui.sh",
"surface_id": "backup_open_webui_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"ClawBot Redis",
"agent state cache"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "clawbot_redis_state",
"label": "ClawBot Redis 備份腳本",
"line_count": 75,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 ClawBot state owner、Redis restore owner、agent state masking 與 rollback owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "9ad2367d42ca2ce679ce7c24ca2dabcdc9feccde668f4008a5a797165a2f4888",
"source_exists": true,
"source_path": "scripts/backup/backup-clawbot.sh",
"surface_id": "backup_clawbot_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Sentry",
"ClickHouse / Postgres / Redis dependency boundary"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "service_backup_script_visible_gate_closed",
"expected_scope": "sentry_self_hosted",
"label": "Sentry 備份腳本",
"line_count": 277,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Sentry backup owner、multi-store restore owner、admin secret boundary 與 route smoke。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "bbd09420a7814d6dfa2b8caade264e00c982b0b10fb9b57866893d02ef5eed44",
"source_exists": true,
"source_path": "scripts/backup/backup-sentry.sh",
"surface_id": "backup_sentry_service_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"AI artifacts",
"model / evaluation outputs"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "artifact_backup_script_visible_gate_closed",
"expected_scope": "ai_artifacts",
"label": "AI artifacts 備份腳本",
"line_count": 129,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 artifact owner、retention owner、模型資料外送邊界與 restore validation。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "9dfbd45fcca516c75c06b062c79245397e2c0cf6db547472f1a5e48ee55f772b",
"source_exists": true,
"source_path": "scripts/backup/backup-ai-artifacts.sh",
"surface_id": "backup_ai_artifacts_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"public routes",
"Nginx route reconstruction",
"frontend/API smoke evidence"
],
"config_kind": "service_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "route_backup_script_visible_gate_closed",
"expected_scope": "public_route_reconstruction",
"label": "Public routes 備份腳本",
"line_count": 182,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 route reconstruction owner、public/admin/API smoke、rollback ref 與 no-internal-transcript proof。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "828c87b8c9eed4dcb9a4dd55d36905636f74c890e1625792a2f14bfd53c7973c",
"source_exists": true,
"source_path": "scripts/backup/backup-public-routes.sh",
"surface_id": "backup_public_routes_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"systemd",
"docker",
"nginx",
"cron",
"k8s",
"host configs"
],
"config_kind": "config_backup_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "config_capture_visible_blocked_until_owner_evidence",
"expected_scope": "110_188_120_121_cluster_configs",
"label": "Host / service / K8s 設定備份",
"line_count": 359,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 config capture owner、secret redaction proof、120 blocked disposition、restore validation 與 retention owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e",
"source_exists": true,
"source_path": "scripts/backup/backup-configs.sh",
"surface_id": "config_backup_capture"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"freshness",
"failure",
"integrity",
"restore drill",
"offsite",
"escrow"
],
"config_kind": "backup_status_reporter",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "status_reporter_visible_not_executed",
"expected_scope": "110_188_backup_status_summary",
"label": "備份狀態彙整腳本",
"line_count": 342,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 backup status owner、read-only execution window、SSH read boundary、notification owner 與 false-green 防線。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "ae7d18d120f4441747d8ecce763e55bca235f923c01e0dac9b566b2d00f9bf0c",
"source_exists": true,
"source_path": "scripts/backup/backup-status.sh",
"surface_id": "backup_status_reporter"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"restic check",
"read-data subset",
"integrity evidence"
],
"config_kind": "integrity_check_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "integrity_check_visible_not_executed",
"expected_scope": "restic_integrity_check",
"label": "Restic integrity check",
"line_count": 238,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 integrity check owner、執行窗口、資源上限、結果證據與 restore drill 前置條件。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "c2906ac4a7251419decf852eaeb7c1ead5eecd4f705804dfc556f23029e45ebc",
"source_exists": true,
"source_path": "scripts/backup/check-backup-integrity.sh",
"surface_id": "backup_integrity_check"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"keep latest",
"local delete",
"retention marker"
],
"config_kind": "retention_enforcer",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "delete_capable_retention_script_visible_gate_closed",
"expected_scope": "latest_only_retention",
"label": "Latest-only retention enforcer",
"line_count": 42,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 retention owner、刪除窗口、restore runway、offsite mirror interaction 與 rollback / stop condition。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "b8ca6363c8d08866fd9cbcb6b47dfa310ffada588323ab48c48babf9b301b129",
"source_exists": true,
"source_path": "scripts/backup/enforce-latest-only-retention.sh",
"surface_id": "latest_only_retention_enforcer"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"13 repos",
"rclone sync",
"remote delete",
"success markers"
],
"config_kind": "offsite_sync_controller",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "remote_write_and_delete_capable_sync_visible_gate_closed",
"expected_scope": "google_drive_rclone_offsite_mirror",
"label": "Offsite rclone sync controller",
"line_count": 414,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 offsite owner、remote delete owner、runway check、full sync window、rclone credential escrow 與 verifier evidence。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "6b669b1fbf74d7b0f2b38f530d6c345e69c8eca5257ad2782751a1230091c839",
"source_exists": true,
"source_path": "scripts/backup/sync-offsite-backups.sh",
"surface_id": "offsite_sync_controller"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"remote repo count",
"latest-only evidence",
"textfile metrics"
],
"config_kind": "offsite_verifier",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "remote_read_and_textfile_write_capable_verifier_visible_gate_closed",
"expected_scope": "offsite_full_sync_verification",
"label": "Offsite full sync verifier",
"line_count": 296,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 verifier owner、remote read window、metric write owner、failure notification owner 與 evidence retention。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "1614f6d73d65f9f68f8991ee5d198de66933fc35be8ab1ae1ad5aba3c4fdad31",
"source_exists": true,
"source_path": "scripts/backup/verify-offsite-full-sync.sh",
"surface_id": "offsite_full_sync_verifier"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"status",
"dry-run-small",
"pre-full-sync",
"escrow markers"
],
"config_kind": "offsite_readiness_gate",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "readiness_gate_visible_not_executed",
"expected_scope": "offsite_preflight_and_escrow_gate",
"label": "Offsite readiness gate",
"line_count": 436,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 readiness owner、dry-run scope、escrow owner、load/runway policy 與 accepted evidence refs。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "6e0cdb57dc8ea80097d1dd4bb6c87c39c13f2a2892b767c0c251eca524e33e19",
"source_exists": true,
"source_path": "scripts/backup/backup-offsite-readiness-gate.sh",
"surface_id": "offsite_readiness_gate"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"script presence",
"offsite marker",
"escrow marker",
"redacted output"
],
"config_kind": "offsite_escrow_report",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "redacted_report_visible_default_no_remote_status",
"expected_scope": "offsite_escrow_redacted_report",
"label": "Offsite / escrow evidence report",
"line_count": 262,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 evidence report owner、remote status opt-in owner、redaction proof 與 blocked marker disposition。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "09e07c94fd192dc9015a468eb376a4eeba09e3392586a9a2a178b1f7b58c9c50",
"source_exists": true,
"source_path": "scripts/backup/offsite-escrow-evidence-report.sh",
"surface_id": "offsite_escrow_evidence_report"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"restic password",
"offsite provider",
"break-glass admin",
"DNS recovery",
"OAuth / AI provider recovery"
],
"config_kind": "credential_escrow_marker",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "marker_write_capable_script_visible_gate_closed",
"expected_scope": "credential_escrow_markers",
"label": "Credential escrow marker writer",
"line_count": 228,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 escrow owner、non-secret evidence id、reviewer acceptance、marker write approval 與 retention owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "ebb0ffd77dced76ff58855a637e7e35e0ffa0fa9f5f33490c00015d91f0ce947",
"source_exists": true,
"source_path": "scripts/backup/mark-credential-escrow-verified.sh",
"surface_id": "credential_escrow_marker"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"rclone remote",
"Google Drive",
"offsite.env metadata"
],
"config_kind": "offsite_rclone_config",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "credential_config_helper_visible_secret_values_not_collected",
"expected_scope": "rclone_config_metadata",
"label": "rclone offsite config helper",
"line_count": 251,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 rclone config owner、secret store owner、file mode evidence、no-value collection proof 與 recovery owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "b8881508ad82201ed4b706c5ea05250d46e907d23f097f9019fcab387c4623da",
"source_exists": true,
"source_path": "scripts/backup/configure-offsite-rclone.sh",
"surface_id": "offsite_rclone_config"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Backblaze B2 metadata",
"offsite env",
"fallback provider"
],
"config_kind": "offsite_b2_config",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "credential_config_helper_visible_secret_values_not_collected",
"expected_scope": "b2_config_metadata",
"label": "B2 offsite config helper",
"line_count": 154,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 B2 provider owner、credential escrow owner、provider cost boundary 與 no-value collection proof。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "b3f847158bc48791e75ccb4a8430f3c88797f83f384c0f03d80c28f3037a170e",
"source_exists": true,
"source_path": "scripts/backup/configure-offsite-b2.sh",
"surface_id": "offsite_b2_config"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"freshness metrics",
"restore drill metrics",
"offsite metrics",
"escrow metrics"
],
"config_kind": "backup_health_exporter",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "textfile_write_capable_exporter_visible_gate_closed",
"expected_scope": "backup_health_prometheus_textfile",
"label": "Backup health textfile exporter",
"line_count": 926,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 exporter owner、textfile path owner、metric freshness SLO、false-green guard 與 alert owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "cc4a0b89321679e4c39c8d3ba85b7308eb0d1f800c82895dcb71741a9dceaddc",
"source_exists": true,
"source_path": "scripts/ops/backup-health-textfile-exporter.py",
"surface_id": "backup_health_textfile_exporter"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Velero restore dry-run",
"weekly schedule",
"textfile metrics"
],
"config_kind": "velero_restore_cronjob",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "k8s_cronjob_manifest_visible_not_applied_by_this_inventory",
"expected_scope": "velero_weekly_restore_dry_run",
"label": "Velero restore dry-run CronJob",
"line_count": 76,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Velero owner、dry-run namespace isolation、CronJob live evidence、restore approval 與 post-check 指標。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "356ab2223d0fc2e1b4d7e4e1163ef23bed62e1c22588c46ffd010d090359557b",
"source_exists": true,
"source_path": "k8s/awoooi-prod/16-cronjob-backup-restore-test.yaml",
"surface_id": "velero_restore_test_cronjob"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"restore dry-run script",
"13-digit textfile timestamp risk",
"Prometheus textfile"
],
"config_kind": "velero_restore_script_configmap",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "configmap_script_visible_timestamp_format_needs_owner_disposition",
"expected_scope": "velero_restore_script_configmap",
"label": "Velero restore script ConfigMap",
"line_count": 49,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 ConfigMap owner、timestamp format disposition、CronJob rollout owner、metric scrape proof 與 rollback owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "c3e4605372a9f5c5f94713e1f8b5d8d0dccd6886c76c43522053e1468521bc1d",
"source_exists": true,
"source_path": "k8s/awoooi-prod/17-configmap-backup-restore-scripts.yaml",
"surface_id": "velero_restore_test_script_configmap"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"restore dry-run",
"Prometheus textfile seconds timestamp",
"failure metric"
],
"config_kind": "velero_restore_standalone_script",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "standalone_script_visible_uses_seconds_textfile_timestamp_not_executed",
"expected_scope": "velero_standalone_restore_script",
"label": "Velero restore dry-run standalone script",
"line_count": 62,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 standalone / ConfigMap drift disposition、restore drill owner、textfile owner 與 proof of isolation。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "960cd740d6107c7f70b09dd8ff4c934af76d82921b066ba92c6fac2af7d55622",
"source_exists": true,
"source_path": "scripts/cron_backup_restore_test.sh",
"surface_id": "velero_standalone_restore_test_script"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"MinIO credential names",
"placeholder values",
"External Secrets / Sealed Secrets recommendation"
],
"config_kind": "velero_credentials_manifest",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "placeholder_secret_manifest_visible_values_not_collected",
"expected_scope": "velero_minio_credentials_metadata",
"label": "Velero MinIO credential manifest",
"line_count": 14,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Velero credential owner、secret manager source、rotation owner、no-value collection proof 與 restore boundary。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "54d829a3204c2fa2d1bb3c8be1bf250914dd7a517d13900bee0fa9878760c930",
"source_exists": true,
"source_path": "k8s/velero/01-credentials.yaml",
"surface_id": "velero_credentials_manifest"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"Velero Deployment",
"cluster-admin binding",
"MinIO s3Url",
"backup storage location"
],
"config_kind": "velero_install_manifest",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "cluster_admin_velero_manifest_visible_gate_closed",
"expected_scope": "velero_install_and_minio_storage",
"label": "Velero install manifest",
"line_count": 117,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 Velero RBAC owner、MinIO endpoint owner、least privilege review、install window 與 rollback owner。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "60d7ea59ef8b2ad38dc8bf6bca80be35609e8d317210c44204bdd5ad9901b47a",
"source_exists": true,
"source_path": "k8s/velero/02-velero-install.yaml",
"surface_id": "velero_install_manifest"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"BackupRestoreTestFailed",
"Velero freshness",
"offsite freshness",
"restore stale"
],
"config_kind": "backup_restore_alert_rules",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "alert_rule_source_visible_reload_not_authorized",
"expected_scope": "backup_restore_prometheus_alerts",
"label": "Backup / restore alert rules",
"line_count": 1355,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 alert rule owner、receiver owner、reload owner、silence boundary 與 failure-only notification policy。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "94d439a2ea599995601a5022dc0a001cc09f405964cd1308b103f86e2af14e90",
"source_exists": true,
"source_path": "ops/monitoring/alerts.yml",
"surface_id": "backup_restore_alert_rules"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"readiness matrix",
"blocked targets",
"restore drill status"
],
"config_kind": "dr_readiness_contract",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "readiness_contract_visible_action_required_items_not_accepted",
"expected_scope": "backup_dr_readiness_contract",
"label": "Backup / DR readiness matrix",
"line_count": 321,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 readiness owner、blocked target disposition、freshness evidence、restore drill owner 與 accepted refs。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "6d116173b5842bd8813e4a9815cb7a70be1677b44abd01b0dfa26bbd9bf2d7fd",
"source_exists": true,
"source_path": "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
"surface_id": "backup_dr_readiness_contract"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"database restore",
"configuration restore",
"credential escrow",
"K8s restore",
"observability restore"
],
"config_kind": "restore_drill_approval_template",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "approval_template_visible_no_restore_execution",
"expected_scope": "restore_drill_approval_template",
"label": "Restore drill approval package template",
"line_count": 510,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 owner response 實際封包、隔離環境、observer、rollback owner 與 restore stop condition。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "321a6007ba205d6342e4bf2171aff997ea305c7b0a72acc6b32e1258d62656fc",
"source_exists": true,
"source_path": "docs/evaluations/backup_restore_drill_approval_package_template_2026-06-05.json",
"surface_id": "backup_restore_drill_approval_template"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"offsite_rclone_full_sync",
"credential_escrow_markers",
"velero_k8s_resources"
],
"config_kind": "offsite_escrow_readiness_contract",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "offsite_verified_but_escrow_and_velero_blocked",
"expected_scope": "offsite_escrow_readiness_contract",
"label": "Offsite / escrow readiness status",
"line_count": 163,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 escrow marker owner、Velero metric binding、remote evidence expiry owner 與 offsite sync approval boundary。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "7f7ac8e378d9d3d07d41b7a5ac45991ed67e9115d4a24cbc1da2aa9d392aea94",
"source_exists": true,
"source_path": "docs/evaluations/offsite_escrow_readiness_status_2026-06-05.json",
"surface_id": "offsite_escrow_readiness_contract"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"110 backup center",
"latest-only",
"Google Drive / rclone",
"credential escrow",
"120 blocker"
],
"config_kind": "backup_status_runbook",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "runbook_visible_contains_live_refresh_notes_needs_revalidation",
"expected_scope": "backup_status_runbook",
"label": "Backup status runbook",
"line_count": 160,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補截至本次階段的 owner-provided live refresh、stale evidence disposition、escrow blocker owner 與 validation refs。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "282fc9cac91236225005399cf668609eb142c52ab48a9b1aebe3d7e0a4572462",
"source_exists": true,
"source_path": "docs/runbooks/BACKUP-STATUS.md",
"surface_id": "backup_status_runbook"
},
{
"action_buttons_allowed": false,
"backup_scope": [
"cold start",
"backup-all",
"sync-offsite",
"restore guard",
"schedules"
],
"config_kind": "cold_start_sop",
"control_tier": "C0",
"credential_escrow_accepted": false,
"current_state": "sop_visible_contains_backup_commands_not_authorized",
"expected_scope": "cold_start_backup_restore_recovery",
"label": "Full-stack cold-start SOP",
"line_count": 704,
"live_evidence_received": false,
"maintenance_window_accepted": false,
"next_owner_action": "補 cold-start commander owner、backup command approval boundary、restore stop condition、rollback owner 與 post-start validation。",
"offsite_sync_accepted": false,
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restore_drill_accepted": false,
"retention_change_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"sha256": "82d52e414876c46fe37dbe0e4447ebf1b26011d6bde2bfadb07978f09715ea94",
"source_exists": true,
"source_path": "docs/runbooks/FULL-STACK-COLD-START-SOP.md",
"surface_id": "cold_start_sop"
}
],
"execution_boundaries": {
"action_buttons_allowed": false,
"active_scan_authorized": false,
"backup_run_authorized": false,
"credential_escrow_marker_write_authorized": false,
"host_write_authorized": false,
"kubectl_action_authorized": false,
"offsite_remote_delete_authorized": false,
"offsite_sync_authorized": false,
"rclone_config_authorized": false,
"restic_prune_authorized": false,
"restore_drill_authorized": false,
"restore_run_authorized": false,
"retention_change_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"velero_backup_authorized": false,
"velero_restore_authorized": false
},
"expected_scopes": [
"110_188_120_121_cluster_configs",
"110_188_backup_status_summary",
"110_backup_host_all_services",
"ai_artifacts",
"awoooi_postgresql_and_k3s_datastore",
"awoooi_postgresql_high_frequency",
"b2_config_metadata",
"backup_dr_readiness_contract",
"backup_health_prometheus_textfile",
"backup_restore_prometheus_alerts",
"backup_status_runbook",
"clawbot_redis_state",
"cold_start_backup_restore_recovery",
"credential_escrow_markers",
"gitea_database_and_repositories",
"google_drive_rclone_offsite_mirror",
"harbor_registry_and_database",
"langfuse_ai_trace_database",
"latest_only_retention",
"momo_postgresql",
"offsite_escrow_readiness_contract",
"offsite_escrow_redacted_report",
"offsite_full_sync_verification",
"offsite_preflight_and_escrow_gate",
"open_webui_volume",
"prometheus_grafana_alertmanager",
"public_route_reconstruction",
"rclone_config_metadata",
"restic_integrity_check",
"restic_password_b2_retention_common",
"restore_drill_approval_template",
"sentry_self_hosted",
"signoz_clickhouse_and_sqlite",
"velero_install_and_minio_storage",
"velero_minio_credentials_metadata",
"velero_restore_script_configmap",
"velero_standalone_restore_script",
"velero_weekly_restore_dry_run"
],
"generated_at": "2026-06-11T22:20:00+08:00",
"git_commit": "dba91f3c",
"next_collection_order": [
"backup_common_restic_retention",
"offsite_sync_controller",
"credential_escrow_marker",
"velero_restore_test_script_configmap",
"velero_credentials_manifest",
"backup_health_textfile_exporter",
"backup_restore_alert_rules",
"backup_restore_drill_approval_template",
"backup_status_runbook",
"cold_start_sop"
],
"operator_interpretation": [
"這是 repo-only backup / restore / escrow / retention 清冊,不是 live backup、remote provider 或 cluster truth。",
"source_exists=true 只代表 repo 檔案存在不代表備份已成功、restore drill 已執行、offsite sync 已授權或 escrow marker 已可寫入。",
"write-capable surface 可見代表需要資安控管,不代表 backup、restore、rclone sync、remote delete、restic prune、Velero restore 或 kubectl 已授權。",
"所有 owner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance 與 runtime gate 仍為 0。"
],
"schema_version": "backup_restore_escrow_inventory_v1",
"source_scope": "committed_repo_files_only",
"status": "repo_only_inventory_ready",
"summary": {
"action_button_count": 0,
"alert_surface_count": 1,
"backup_script_surface_count": 15,
"coverage_percent_after_inventory": 58,
"coverage_percent_before_inventory": 52,
"credential_escrow_accepted_count": 0,
"credential_surface_count": 5,
"dr_readiness_contract_surface_count": 3,
"expected_scope_count": 38,
"live_evidence_received_count": 0,
"maintenance_window_accepted_count": 0,
"offsite_escrow_surface_count": 8,
"offsite_sync_accepted_count": 0,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"restore_drill_accepted_count": 0,
"restore_drill_surface_count": 4,
"retention_change_accepted_count": 0,
"retention_surface_count": 3,
"rollback_owner_accepted_count": 0,
"runtime_gate_count": 0,
"source_exists_count": 38,
"surface_count": 38,
"surfaces_requiring_live_evidence_count": 38,
"surfaces_requiring_owner_response_count": 38,
"velero_surface_count": 5,
"write_capable_surface_count": 27
},
"write_capable_surfaces": [
{
"config_kind": "backup_orchestrator",
"expected_scope": "110_backup_host_all_services",
"label": "全服務備份總控",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_all_orchestrator"
},
{
"config_kind": "service_backup_script",
"expected_scope": "gitea_database_and_repositories",
"label": "Gitea 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_gitea_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "momo_postgresql",
"label": "MOMO PostgreSQL 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_momo_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "harbor_registry_and_database",
"label": "Harbor 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_harbor_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "awoooi_postgresql_and_k3s_datastore",
"label": "AWOOOI PostgreSQL 完整備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_awoooi_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "awoooi_postgresql_high_frequency",
"label": "AWOOOI PostgreSQL 高頻備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_awoooi_frequent_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "langfuse_ai_trace_database",
"label": "Langfuse 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_langfuse_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "prometheus_grafana_alertmanager",
"label": "Monitoring 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_monitoring_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "signoz_clickhouse_and_sqlite",
"label": "SigNoz 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_signoz_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "open_webui_volume",
"label": "Open-WebUI 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_open_webui_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "clawbot_redis_state",
"label": "ClawBot Redis 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_clawbot_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "sentry_self_hosted",
"label": "Sentry 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_sentry_service_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "ai_artifacts",
"label": "AI artifacts 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_ai_artifacts_script"
},
{
"config_kind": "service_backup_script",
"expected_scope": "public_route_reconstruction",
"label": "Public routes 備份腳本",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_public_routes_script"
},
{
"config_kind": "config_backup_script",
"expected_scope": "110_188_120_121_cluster_configs",
"label": "Host / service / K8s 設定備份",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "config_backup_capture"
},
{
"config_kind": "retention_enforcer",
"expected_scope": "latest_only_retention",
"label": "Latest-only retention enforcer",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "latest_only_retention_enforcer"
},
{
"config_kind": "offsite_sync_controller",
"expected_scope": "google_drive_rclone_offsite_mirror",
"label": "Offsite rclone sync controller",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "offsite_sync_controller"
},
{
"config_kind": "offsite_verifier",
"expected_scope": "offsite_full_sync_verification",
"label": "Offsite full sync verifier",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "offsite_full_sync_verifier"
},
{
"config_kind": "credential_escrow_marker",
"expected_scope": "credential_escrow_markers",
"label": "Credential escrow marker writer",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "credential_escrow_marker"
},
{
"config_kind": "offsite_rclone_config",
"expected_scope": "rclone_config_metadata",
"label": "rclone offsite config helper",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "offsite_rclone_config"
},
{
"config_kind": "offsite_b2_config",
"expected_scope": "b2_config_metadata",
"label": "B2 offsite config helper",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "offsite_b2_config"
},
{
"config_kind": "backup_health_exporter",
"expected_scope": "backup_health_prometheus_textfile",
"label": "Backup health textfile exporter",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "backup_health_textfile_exporter"
},
{
"config_kind": "velero_restore_cronjob",
"expected_scope": "velero_weekly_restore_dry_run",
"label": "Velero restore dry-run CronJob",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "velero_restore_test_cronjob"
},
{
"config_kind": "velero_restore_script_configmap",
"expected_scope": "velero_restore_script_configmap",
"label": "Velero restore script ConfigMap",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "velero_restore_test_script_configmap"
},
{
"config_kind": "velero_restore_standalone_script",
"expected_scope": "velero_standalone_restore_script",
"label": "Velero restore dry-run standalone script",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "velero_standalone_restore_test_script"
},
{
"config_kind": "velero_credentials_manifest",
"expected_scope": "velero_minio_credentials_metadata",
"label": "Velero MinIO credential manifest",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "velero_credentials_manifest"
},
{
"config_kind": "velero_install_manifest",
"expected_scope": "velero_install_and_minio_storage",
"label": "Velero install manifest",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"surface_id": "velero_install_manifest"
}
]
}
Reference in New Issue View Git Blame Copy Permalink