awoooi/docs/security/credential-escrow-evidence-owner-request.snapshot.json

{
  "schema_version": 1,
  "generated_at": "2026-06-13T13:10:53+08:00",
  "timezone": "Asia/Taipei",
  "scope": "credential_escrow_evidence_owner_request",
  "source_evidence": {
    "host": "192.168.0.110",
    "commands": [
      "/backup/scripts/mark-credential-escrow-verified.sh --status",
      "/backup/scripts/offsite-escrow-evidence-report.sh --no-color"
    ],
    "script_missing_count": 0,
    "offsite_configured": 1,
    "rclone_configured": 1,
    "b2_configured": 0,
    "readiness_require_configured_blocked": 0,
    "partial_marker_present": 1,
    "full_marker_present": 1,
    "escrow_missing_count": 5,
    "summary": {
      "pass": 8,
      "warn": 5,
      "blocked": 0
    }
  },
  "missing_items": [
    {
      "item": "restic_repository_password",
      "allowed_evidence_id_types": [
        "password_manager_item_id",
        "sealed_envelope_id",
        "recovery_checklist_id"
      ],
      "status": "missing"
    },
    {
      "item": "offsite_provider_credentials",
      "allowed_evidence_id_types": [
        "vault_item_id",
        "provider_credential_record_id",
        "offsite_access_checklist_id"
      ],
      "status": "missing"
    },
    {
      "item": "break_glass_admin_credentials",
      "allowed_evidence_id_types": [
        "break_glass_credential_record_id",
        "sealed_envelope_id",
        "emergency_access_checklist_id"
      ],
      "status": "missing"
    },
    {
      "item": "dns_registrar_recovery",
      "allowed_evidence_id_types": [
        "registrar_recovery_checklist_id",
        "vault_item_id",
        "domain_recovery_record_id"
      ],
      "status": "missing"
    },
    {
      "item": "oauth_ai_provider_recovery",
      "allowed_evidence_id_types": [
        "provider_recovery_checklist_id",
        "vault_item_id",
        "provider_account_recovery_record_id"
      ],
      "status": "missing"
    }
  ],
  "forbidden_values": [
    "password",
    "token",
    "api_key",
    "private_key",
    "ssh_key",
    "cookie",
    "session",
    "authorization_header",
    "oauth_client_secret",
    "refresh_token",
    "otp_seed",
    "recovery_code",
    "backup_code",
    "database_url_with_credentials",
    "secret_hash",
    "secret_prefix",
    "secret_suffix",
    "partial_token",
    "unredacted_screenshot",
    "placeholder"
  ],
  "progress": {
    "owner_request_package_percent": 80,
    "owner_external_verification_percent": 0,
    "dry_run_validation_percent": 0,
    "marker_write_percent": 0,
    "dr_closeout_verification_percent": 0
  },
  "gates": {
    "runtime_execution_authorized": false,
    "secret_value_collection_authorized": false,
    "marker_write_completed": false,
    "dr_scorecard_complete": false
  },
  "done_criteria": [
    "ESCROW_MISSING_COUNT=0",
    "awoooi_backup_dr_credential_escrow_missing_count=0",
    "backup-status escrow_missing=0",
    "BackupCredentialEscrowEvidenceMissing not firing",
    "cold-start WARN=0 BLOCKED=0"
  ]
}