4990 lines
169 KiB
JSON
4990 lines
169 KiB
JSON
{
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"execution_boundaries": {
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"backup_run_authorized": false,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"live_evidence_received": false,
|
|
"not_authorization": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_authorized": false,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"request_sent": false,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_authorized": false,
|
|
"restore_run_authorized": false,
|
|
"retention_change_authorized": false,
|
|
"runtime_execution_authorized": false,
|
|
"secret_value_collection_allowed": false,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false
|
|
},
|
|
"generated_at": "2026-06-14T23:05:00+08:00",
|
|
"git_commit": "688ba121",
|
|
"next_steps": [
|
|
"人工送件前確認 backup / restore / offsite / credential escrow owner role 與回覆窗口。",
|
|
"owner 只能提供非敏感 evidence id、最新備份狀態、restore drill plan、maintenance window、rollback owner 與 validation plan。",
|
|
"收到回覆後先做欄位完整性、敏感 payload 隔離、restore / offsite / retention gate 檢查,不得直接執行 backup、restore、sync、prune 或 marker write。"
|
|
],
|
|
"request_drafts": [
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"gitea",
|
|
"momo",
|
|
"harbor",
|
|
"awoooi",
|
|
"langfuse",
|
|
"monitoring",
|
|
"signoz",
|
|
"open-webui",
|
|
"clawbot"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "backup_orchestrator",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "110_backup_host_all_services",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "全服務備份總控",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "33f6070bd3733fc59e7b661de44587b7d6a336500765667405e11fbffe2f4489",
|
|
"repo_source_path": "scripts/backup/backup-all.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_all_orchestrator",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 126,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_all_orchestrator",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"RESTIC_PASSWORD_FILE",
|
|
"B2 metadata",
|
|
"KEEP_DAILY=30",
|
|
"KEEP_WEEKLY=12",
|
|
"KEEP_MONTHLY=24"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "backup_common_policy",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "restic_password_b2_retention_common",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Restic 共用設定與 GFS retention",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "00139e1eac8998b1e0cb09d7692882267d8cc72a6c57c04a732e155932ad22d1",
|
|
"repo_source_path": "scripts/backup/common.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_common_restic_retention",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 147,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_common_restic_retention",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Gitea DB",
|
|
"repositories",
|
|
"app.ini redaction boundary"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "gitea_database_and_repositories",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Gitea 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "8ec9f0e5aee51381a799da83798fea4ca92d0c1686e40aef9f6ba8485003a990",
|
|
"repo_source_path": "scripts/backup/backup-gitea.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_gitea_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 68,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_gitea_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"MOMO PostgreSQL",
|
|
"188 database path"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "momo_postgresql",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "MOMO PostgreSQL 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "7cffdc570cd4b33a42b3604382eccc14a5388ed0a2fb67c9927312982c29a6cd",
|
|
"repo_source_path": "scripts/backup/backup-momo.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_momo_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 84,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_momo_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Harbor registry",
|
|
"Harbor DB",
|
|
"image registry recovery"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "harbor_registry_and_database",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Harbor 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "f42af4c7b66ceb19b504873bdf1ca76d306d6c775bbd8d5d6648249db6756595",
|
|
"repo_source_path": "scripts/backup/backup-harbor.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_harbor_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 77,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_harbor_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"awoooi_prod",
|
|
"awoooi_dev",
|
|
"k3s datastore"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "awoooi_postgresql_and_k3s_datastore",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "AWOOOI PostgreSQL 完整備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "90eaed60f8ef4994bb082bd7f2e7c5b5ec8872270f8a014b72298de0ec34f658",
|
|
"repo_source_path": "scripts/backup/backup-awoooi.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_awoooi_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 123,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_awoooi_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"awoooi_prod",
|
|
"6h RPO",
|
|
"latest-only interaction"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "awoooi_postgresql_high_frequency",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "AWOOOI PostgreSQL 高頻備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "171de6e757dbb7e4ee0d88b8d1cbc9471e288e58b189098b77cac14392461a39",
|
|
"repo_source_path": "scripts/backup/backup-awoooi-frequent.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_awoooi_frequent_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 76,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_awoooi_frequent_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Langfuse DB",
|
|
"AI trace evidence"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "langfuse_ai_trace_database",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Langfuse 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "a60cea2e366be228e35492a87edc084261d1888591ca583083f4b909ba995cd9",
|
|
"repo_source_path": "scripts/backup/backup-langfuse.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_langfuse_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 69,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_langfuse_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Prometheus",
|
|
"Grafana",
|
|
"Alertmanager"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "prometheus_grafana_alertmanager",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Monitoring 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "e848315116b87ce250db6e1483d8e517e2c4c07ca1fc6e119ae8f80ad58d6183",
|
|
"repo_source_path": "scripts/backup/backup-monitoring.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_monitoring_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 109,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_monitoring_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"SigNoz ClickHouse",
|
|
"SigNoz SQLite"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "signoz_clickhouse_and_sqlite",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "SigNoz 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "f3d9011b57815087ce0084525902693078c2785c25632d49c7a7a92e6a49bcf7",
|
|
"repo_source_path": "scripts/backup/backup-signoz.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_signoz_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 103,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_signoz_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Open-WebUI volume",
|
|
"LLM conversation data"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "open_webui_volume",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Open-WebUI 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "ab9fb4664799ef424cc9c3565592d9b6704df90bafda1f163e5cbfe01ff6056d",
|
|
"repo_source_path": "scripts/backup/backup-open-webui.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_open_webui_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 70,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_open_webui_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"ClawBot Redis",
|
|
"agent state cache"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "clawbot_redis_state",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "ClawBot Redis 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "9ad2367d42ca2ce679ce7c24ca2dabcdc9feccde668f4008a5a797165a2f4888",
|
|
"repo_source_path": "scripts/backup/backup-clawbot.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_clawbot_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 75,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_clawbot_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Sentry",
|
|
"ClickHouse / Postgres / Redis dependency boundary"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "sentry_self_hosted",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Sentry 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "bbd09420a7814d6dfa2b8caade264e00c982b0b10fb9b57866893d02ef5eed44",
|
|
"repo_source_path": "scripts/backup/backup-sentry.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_sentry_service_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 277,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_sentry_service_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"AI artifacts",
|
|
"model / evaluation outputs"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "ai_artifacts",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "AI artifacts 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "9dfbd45fcca516c75c06b062c79245397e2c0cf6db547472f1a5e48ee55f772b",
|
|
"repo_source_path": "scripts/backup/backup-ai-artifacts.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_ai_artifacts_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 129,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_ai_artifacts_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"public routes",
|
|
"Nginx route reconstruction",
|
|
"frontend/API smoke evidence"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "service_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "public_route_reconstruction",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Public routes 備份腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "828c87b8c9eed4dcb9a4dd55d36905636f74c890e1625792a2f14bfd53c7973c",
|
|
"repo_source_path": "scripts/backup/backup-public-routes.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_public_routes_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 182,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_public_routes_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"systemd",
|
|
"docker",
|
|
"nginx",
|
|
"cron",
|
|
"k8s",
|
|
"host configs"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "config_backup_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "110_188_120_121_cluster_configs",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Host / service / K8s 設定備份",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e",
|
|
"repo_source_path": "scripts/backup/backup-configs.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:config_backup_capture",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 359,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "config_backup_capture",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"freshness",
|
|
"failure",
|
|
"integrity",
|
|
"restore drill",
|
|
"offsite",
|
|
"escrow"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "backup_status_reporter",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "110_188_backup_status_summary",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "備份狀態彙整腳本",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "ae7d18d120f4441747d8ecce763e55bca235f923c01e0dac9b566b2d00f9bf0c",
|
|
"repo_source_path": "scripts/backup/backup-status.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_status_reporter",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 342,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_status_reporter",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"restic check",
|
|
"read-data subset",
|
|
"integrity evidence"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "integrity_check_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "restic_integrity_check",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Restic integrity check",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "c2906ac4a7251419decf852eaeb7c1ead5eecd4f705804dfc556f23029e45ebc",
|
|
"repo_source_path": "scripts/backup/check-backup-integrity.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_integrity_check",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 238,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_integrity_check",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"keep latest",
|
|
"local delete",
|
|
"retention marker"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "retention_enforcer",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "latest_only_retention",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Latest-only retention enforcer",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "b8ca6363c8d08866fd9cbcb6b47dfa310ffada588323ab48c48babf9b301b129",
|
|
"repo_source_path": "scripts/backup/enforce-latest-only-retention.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:latest_only_retention_enforcer",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 42,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "latest_only_retention_enforcer",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"13 repos",
|
|
"rclone sync",
|
|
"remote delete",
|
|
"success markers"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_sync_controller",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "google_drive_rclone_offsite_mirror",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Offsite rclone sync controller",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "6b669b1fbf74d7b0f2b38f530d6c345e69c8eca5257ad2782751a1230091c839",
|
|
"repo_source_path": "scripts/backup/sync-offsite-backups.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_sync_controller",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 414,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_sync_controller",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"remote repo count",
|
|
"latest-only evidence",
|
|
"textfile metrics"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_verifier",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "offsite_full_sync_verification",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Offsite full sync verifier",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "1614f6d73d65f9f68f8991ee5d198de66933fc35be8ab1ae1ad5aba3c4fdad31",
|
|
"repo_source_path": "scripts/backup/verify-offsite-full-sync.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_full_sync_verifier",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 296,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_full_sync_verifier",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"status",
|
|
"dry-run-small",
|
|
"pre-full-sync",
|
|
"escrow markers"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_readiness_gate",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "offsite_preflight_and_escrow_gate",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Offsite readiness gate",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "6e0cdb57dc8ea80097d1dd4bb6c87c39c13f2a2892b767c0c251eca524e33e19",
|
|
"repo_source_path": "scripts/backup/backup-offsite-readiness-gate.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_readiness_gate",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 436,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_readiness_gate",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"script presence",
|
|
"offsite marker",
|
|
"escrow marker",
|
|
"redacted output"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_escrow_report",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "offsite_escrow_redacted_report",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Offsite / escrow evidence report",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "09e07c94fd192dc9015a468eb376a4eeba09e3392586a9a2a178b1f7b58c9c50",
|
|
"repo_source_path": "scripts/backup/offsite-escrow-evidence-report.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_escrow_evidence_report",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 262,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_escrow_evidence_report",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"restic password",
|
|
"offsite provider",
|
|
"break-glass admin",
|
|
"DNS recovery",
|
|
"OAuth / AI provider recovery"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "credential_escrow_marker",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "credential_escrow_markers",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Credential escrow marker writer",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "ebb0ffd77dced76ff58855a637e7e35e0ffa0fa9f5f33490c00015d91f0ce947",
|
|
"repo_source_path": "scripts/backup/mark-credential-escrow-verified.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:credential_escrow_marker",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 228,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "credential_escrow_marker",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"rclone remote",
|
|
"Google Drive",
|
|
"offsite.env metadata"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_rclone_config",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "rclone_config_metadata",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "rclone offsite config helper",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "b8881508ad82201ed4b706c5ea05250d46e907d23f097f9019fcab387c4623da",
|
|
"repo_source_path": "scripts/backup/configure-offsite-rclone.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_rclone_config",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 251,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_rclone_config",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Backblaze B2 metadata",
|
|
"offsite env",
|
|
"fallback provider"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_b2_config",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "b2_config_metadata",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "B2 offsite config helper",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "b3f847158bc48791e75ccb4a8430f3c88797f83f384c0f03d80c28f3037a170e",
|
|
"repo_source_path": "scripts/backup/configure-offsite-b2.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_b2_config",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 154,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_b2_config",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"freshness metrics",
|
|
"restore drill metrics",
|
|
"offsite metrics",
|
|
"escrow metrics"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "backup_health_exporter",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "backup_health_prometheus_textfile",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Backup health textfile exporter",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "cc4a0b89321679e4c39c8d3ba85b7308eb0d1f800c82895dcb71741a9dceaddc",
|
|
"repo_source_path": "scripts/ops/backup-health-textfile-exporter.py",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_health_textfile_exporter",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 926,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_health_textfile_exporter",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Velero restore dry-run",
|
|
"weekly schedule",
|
|
"textfile metrics"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "velero_restore_cronjob",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "velero_weekly_restore_dry_run",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Velero restore dry-run CronJob",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "356ab2223d0fc2e1b4d7e4e1163ef23bed62e1c22588c46ffd010d090359557b",
|
|
"repo_source_path": "k8s/awoooi-prod/16-cronjob-backup-restore-test.yaml",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:velero_restore_test_cronjob",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 76,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "velero_restore_test_cronjob",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"restore dry-run script",
|
|
"13-digit textfile timestamp risk",
|
|
"Prometheus textfile"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "velero_restore_script_configmap",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "velero_restore_script_configmap",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Velero restore script ConfigMap",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "c3e4605372a9f5c5f94713e1f8b5d8d0dccd6886c76c43522053e1468521bc1d",
|
|
"repo_source_path": "k8s/awoooi-prod/17-configmap-backup-restore-scripts.yaml",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:velero_restore_test_script_configmap",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 49,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "velero_restore_test_script_configmap",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"restore dry-run",
|
|
"Prometheus textfile seconds timestamp",
|
|
"failure metric"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "velero_restore_standalone_script",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "velero_standalone_restore_script",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Velero restore dry-run standalone script",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "960cd740d6107c7f70b09dd8ff4c934af76d82921b066ba92c6fac2af7d55622",
|
|
"repo_source_path": "scripts/cron_backup_restore_test.sh",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:velero_standalone_restore_test_script",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 62,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "velero_standalone_restore_test_script",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"MinIO credential names",
|
|
"placeholder values",
|
|
"External Secrets / Sealed Secrets recommendation"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "velero_credentials_manifest",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "velero_minio_credentials_metadata",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Velero MinIO credential manifest",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "54d829a3204c2fa2d1bb3c8be1bf250914dd7a517d13900bee0fa9878760c930",
|
|
"repo_source_path": "k8s/velero/01-credentials.yaml",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:velero_credentials_manifest",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 14,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "velero_credentials_manifest",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"Velero Deployment",
|
|
"cluster-admin binding",
|
|
"MinIO s3Url",
|
|
"backup storage location"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "velero_install_manifest",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "velero_install_and_minio_storage",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Velero install manifest",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "60d7ea59ef8b2ad38dc8bf6bca80be35609e8d317210c44204bdd5ad9901b47a",
|
|
"repo_source_path": "k8s/velero/02-velero-install.yaml",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:velero_install_manifest",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 117,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "velero_install_manifest",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": true
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"BackupRestoreTestFailed",
|
|
"Velero freshness",
|
|
"offsite freshness",
|
|
"restore stale"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "backup_restore_alert_rules",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "backup_restore_prometheus_alerts",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Backup / restore alert rules",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "94d439a2ea599995601a5022dc0a001cc09f405964cd1308b103f86e2af14e90",
|
|
"repo_source_path": "ops/monitoring/alerts.yml",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_restore_alert_rules",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 1355,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_restore_alert_rules",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"readiness matrix",
|
|
"blocked targets",
|
|
"restore drill status"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "dr_readiness_contract",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "backup_dr_readiness_contract",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Backup / DR readiness matrix",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "6d116173b5842bd8813e4a9815cb7a70be1677b44abd01b0dfa26bbd9bf2d7fd",
|
|
"repo_source_path": "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_dr_readiness_contract",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 321,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_dr_readiness_contract",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"database restore",
|
|
"configuration restore",
|
|
"credential escrow",
|
|
"K8s restore",
|
|
"observability restore"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "restore_drill_approval_template",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "restore_drill_approval_template",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Restore drill approval package template",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "321a6007ba205d6342e4bf2171aff997ea305c7b0a72acc6b32e1258d62656fc",
|
|
"repo_source_path": "docs/evaluations/backup_restore_drill_approval_package_template_2026-06-05.json",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_restore_drill_approval_template",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 510,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_restore_drill_approval_template",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"offsite_rclone_full_sync",
|
|
"credential_escrow_markers",
|
|
"velero_k8s_resources"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "offsite_escrow_readiness_contract",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "offsite_escrow_readiness_contract",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Offsite / escrow readiness status",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "7f7ac8e378d9d3d07d41b7a5ac45991ed67e9115d4a24cbc1da2aa9d392aea94",
|
|
"repo_source_path": "docs/evaluations/offsite_escrow_readiness_status_2026-06-05.json",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:offsite_escrow_readiness_contract",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 163,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "offsite_escrow_readiness_contract",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"110 backup center",
|
|
"latest-only",
|
|
"Google Drive / rclone",
|
|
"credential escrow",
|
|
"120 blocker"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "backup_status_runbook",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "backup_status_runbook",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Backup status runbook",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "282fc9cac91236225005399cf668609eb142c52ab48a9b1aebe3d7e0a4572462",
|
|
"repo_source_path": "docs/runbooks/BACKUP-STATUS.md",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:backup_status_runbook",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 160,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "backup_status_runbook",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
},
|
|
{
|
|
"action_buttons_allowed": false,
|
|
"active_scan_authorized": false,
|
|
"affected_scope": "pending_affected_scope",
|
|
"backup_run_authorized": false,
|
|
"backup_scope": [
|
|
"cold start",
|
|
"backup-all",
|
|
"sync-offsite",
|
|
"restore guard",
|
|
"schedules"
|
|
],
|
|
"blocked_actions": [
|
|
"backup_run",
|
|
"restore_run",
|
|
"restore_drill",
|
|
"offsite_sync",
|
|
"offsite_remote_delete",
|
|
"credential_escrow_marker_write",
|
|
"retention_change",
|
|
"restic_prune",
|
|
"rclone_config",
|
|
"velero_restore",
|
|
"velero_backup",
|
|
"kubectl_action",
|
|
"ssh_read",
|
|
"ssh_write",
|
|
"secret_value_collection",
|
|
"host_write",
|
|
"active_scan",
|
|
"runtime_gate_open"
|
|
],
|
|
"config_kind": "cold_start_sop",
|
|
"control_tier": "C0",
|
|
"credential_escrow_accepted": false,
|
|
"credential_escrow_evidence_ref": null,
|
|
"credential_escrow_marker_write_authorized": false,
|
|
"decision": "pending_owner_decision",
|
|
"decision_reason": "pending_decision_reason",
|
|
"expected_scope": "cold_start_backup_restore_recovery",
|
|
"followup_owner": "pending_followup_owner",
|
|
"host_write_authorized": false,
|
|
"kubectl_action_authorized": false,
|
|
"label": "Full-stack cold-start SOP",
|
|
"latest_backup_status_ref": null,
|
|
"live_evidence_received": false,
|
|
"maintenance_window": "pending_maintenance_window",
|
|
"maintenance_window_accepted": false,
|
|
"not_approval": true,
|
|
"offsite_remote_delete_authorized": false,
|
|
"offsite_sync_accepted": false,
|
|
"offsite_sync_authorized": false,
|
|
"offsite_sync_evidence_ref": null,
|
|
"owner_response_accepted": false,
|
|
"owner_response_received": false,
|
|
"owner_role_or_team": "pending_owner_role_or_team",
|
|
"rclone_config_authorized": false,
|
|
"recipient_confirmed": false,
|
|
"redacted_evidence_refs": [],
|
|
"repo_sha256": "82d52e414876c46fe37dbe0e4447ebf1b26011d6bde2bfadb07978f09715ea94",
|
|
"repo_source_path": "docs/runbooks/FULL-STACK-COLD-START-SOP.md",
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"request_id": "backup_restore_owner_request:cold_start_sop",
|
|
"request_sent": false,
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"requires_live_evidence": true,
|
|
"restic_prune_authorized": false,
|
|
"restore_drill_accepted": false,
|
|
"restore_drill_plan": "pending_restore_drill_plan",
|
|
"restore_run_authorized": false,
|
|
"retention_change_accepted": false,
|
|
"retention_change_authorized": false,
|
|
"retention_owner": "pending_retention_owner",
|
|
"rollback_owner": "pending_rollback_owner",
|
|
"rollback_owner_accepted": false,
|
|
"runtime_gate": false,
|
|
"secret_value_collection_allowed": false,
|
|
"source_inventory_ref": "docs/security/backup-restore-escrow-inventory.snapshot.json",
|
|
"source_line_count": 704,
|
|
"ssh_read_authorized": false,
|
|
"ssh_write_authorized": false,
|
|
"status": "draft_not_dispatched",
|
|
"surface_id": "cold_start_sop",
|
|
"validation_plan": "pending_validation_plan",
|
|
"validation_plan_accepted": false,
|
|
"velero_backup_authorized": false,
|
|
"velero_restore_authorized": false,
|
|
"write_capable_surface": false
|
|
}
|
|
],
|
|
"request_fields": [
|
|
"request_id",
|
|
"surface_id",
|
|
"label",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"backup_scope",
|
|
"control_tier",
|
|
"repo_source_path",
|
|
"repo_sha256",
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner",
|
|
"not_approval"
|
|
],
|
|
"required_owner_fields": [
|
|
"owner_role_or_team",
|
|
"decision",
|
|
"decision_reason",
|
|
"affected_scope",
|
|
"redacted_evidence_refs",
|
|
"latest_backup_status_ref",
|
|
"restore_drill_plan",
|
|
"offsite_sync_evidence_ref",
|
|
"credential_escrow_evidence_ref",
|
|
"maintenance_window",
|
|
"rollback_owner",
|
|
"validation_plan",
|
|
"retention_owner",
|
|
"followup_owner"
|
|
],
|
|
"schema_version": "backup_restore_owner_request_draft_v1",
|
|
"source_inventory_schema_version": "backup_restore_escrow_inventory_v1",
|
|
"source_inventory_status": "repo_only_inventory_ready",
|
|
"status": "owner_request_draft_ready_not_dispatched",
|
|
"summary": {
|
|
"action_button_count": 0,
|
|
"active_scan_authorized_count": 0,
|
|
"backup_run_authorized_count": 0,
|
|
"blocked_action_count": 18,
|
|
"credential_escrow_accepted_count": 0,
|
|
"credential_escrow_marker_write_authorized_count": 0,
|
|
"host_write_authorized_count": 0,
|
|
"kubectl_action_authorized_count": 0,
|
|
"live_evidence_received_count": 0,
|
|
"live_evidence_required_request_count": 38,
|
|
"maintenance_window_accepted_count": 0,
|
|
"offsite_remote_delete_authorized_count": 0,
|
|
"offsite_sync_accepted_count": 0,
|
|
"offsite_sync_authorized_count": 0,
|
|
"owner_response_accepted_count": 0,
|
|
"owner_response_received_count": 0,
|
|
"rclone_config_authorized_count": 0,
|
|
"recipient_confirmed_count": 0,
|
|
"request_draft_count": 38,
|
|
"request_field_count": 24,
|
|
"request_sent_count": 0,
|
|
"required_owner_field_count": 14,
|
|
"restic_prune_authorized_count": 0,
|
|
"restore_drill_accepted_count": 0,
|
|
"restore_run_authorized_count": 0,
|
|
"retention_change_accepted_count": 0,
|
|
"retention_change_authorized_count": 0,
|
|
"rollback_owner_accepted_count": 0,
|
|
"runtime_gate_count": 0,
|
|
"secret_value_collection_allowed_count": 0,
|
|
"ssh_read_authorized_count": 0,
|
|
"ssh_write_authorized_count": 0,
|
|
"validation_plan_accepted_count": 0,
|
|
"velero_backup_authorized_count": 0,
|
|
"velero_restore_authorized_count": 0,
|
|
"write_capable_request_draft_count": 27
|
|
}
|
|
}
|