wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/host-service-owner-request-draft.snapshot.json

1079 lines
35 KiB
JSON
Raw Permalink Blame History

{
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"active_scan_authorized": false,
"ansible_apply_authorized": false,
"docker_compose_action_authorized": false,
"host_write_authorized": false,
"live_evidence_received": false,
"live_host_read_authorized": false,
"not_authorization": true,
"owner_response_accepted": false,
"owner_response_received": false,
"recipient_confirmed": false,
"repair_bot_execution_authorized": false,
"request_sent": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"systemctl_action_authorized": false
},
"generated_at": "2026-06-14T22:20:00+08:00",
"git_commit": "2dc8c19f",
"next_steps": [
"人工送件前確認每個 host scope 的 owner role / team 與回覆窗口。",
"owner 只能提供脫敏 live hash、config source ref、maintenance window、rollback owner 與 post-check plan。",
"收到回覆後先做欄位完整性、敏感 payload 隔離與 restart / rollback gate 檢查,不得直接重啟或 apply。"
],
"request_drafts": [
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "docker_compose_source",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "local_dev_only",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "AWOOOI local development compose",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "4a27bcde139b5aef6a9f3080187af5bec73d1efd9c09ed2752b0baaa5f507024",
"repo_source_path": "docker-compose.yml",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:local_dev_compose",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": false,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"web",
"api",
"postgres",
"redis"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 137,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "local_dev_compose",
"systemctl_action_authorized": false,
"write_capable_surface": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "docker_compose_source",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "192.168.0.110",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "110 monitoring docker compose",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "00126e9a5cb7a3cf2bf02cfddefea11f05849b46835a4e602eac4777fcb25281",
"repo_source_path": "k8s/monitoring/docker-compose-110.yml",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:monitoring_110_compose",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"cadvisor",
"prometheus",
"grafana",
"blackbox-exporter",
"alertmanager",
"github-exporter"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 148,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "monitoring_110_compose",
"systemctl_action_authorized": false,
"write_capable_surface": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "docker_compose_source",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "192.168.0.188",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "188 database exporters compose",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "3ffb3bd2e98091d18e60b74721904777c27f279c37ab6e873b82e6ef73eb87d4",
"repo_source_path": "ops/monitoring/docker-compose.exporters.yaml",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:monitoring_exporters_188_compose",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"postgres-exporter",
"redis-exporter"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 69,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "monitoring_exporters_188_compose",
"systemctl_action_authorized": false,
"write_capable_surface": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "docker_compose_reference",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "192.168.0.110",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "110 Sentry self-hosted reference compose",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "bba852dc0d73934998fa375130168615f9ac7611ce3f3efaa901e3b7e222eae3",
"repo_source_path": "ops/sentry-self-hosted/docker-compose.yml",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:sentry_110_reference_compose",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"sentry-placeholder-reference"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 49,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "sentry_110_reference_compose",
"systemctl_action_authorized": false,
"write_capable_surface": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "docker_compose_source",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "192.168.0.110",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "110 Langfuse compose",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "6c703a27525e62ef4d4d3c4cba8a89d64f646b01020782e35d22a3bf73f2dc83",
"repo_source_path": "infra/langfuse/docker-compose.yml",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:langfuse_110_compose",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"langfuse",
"langfuse-db"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 71,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "langfuse_110_compose",
"systemctl_action_authorized": false,
"write_capable_surface": false
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "ansible_service_executor",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "multi_host",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "Ansible docker-compose-service role",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "cee214a8651f46c2d8be05054dddadc243a26bff51a64bd9cf42dd2ec0b7b1b3",
"repo_source_path": "infra/ansible/roles/docker-compose-service/tasks/main.yml",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:ansible_docker_compose_service_role",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"docker compose up -d"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 18,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "ansible_docker_compose_service_role",
"systemctl_action_authorized": false,
"write_capable_surface": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "host_repair_whitelist",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "192.168.0.110",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "110 repair-bot compose whitelist",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "093d4f85c398806dee62c2831fa4fe7e1f8fddca6e3cfcc9dbe4d5e0d66cdf3b",
"repo_source_path": "scripts/repair-bot/repair-bot-110.sh",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:repair_bot_110_whitelist",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"sentry",
"harbor",
"gitea",
"gitea-runner",
"langfuse",
"alertmanager",
"signoz"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 67,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "repair_bot_110_whitelist",
"systemctl_action_authorized": false,
"write_capable_surface": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "host_repair_whitelist",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "192.168.0.188",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "188 repair-bot compose/systemd whitelist",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "fb2eb786d04edbf5d5be581a53bbe188ac66f0895aa016328b031c72f6182918",
"repo_source_path": "scripts/repair-bot/repair-bot-188.sh",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:repair_bot_188_whitelist",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"openclaw",
"minio",
"signoz",
"redis",
"nginx",
"ollama"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 85,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "repair_bot_188_whitelist",
"systemctl_action_authorized": false,
"write_capable_surface": true
},
{
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_affected_scope",
"ansible_apply_authorized": false,
"blocked_actions": [
"ssh_read",
"ssh_write",
"docker_compose_up",
"docker_compose_down",
"systemctl_restart",
"systemctl_reload",
"repair_bot_execute",
"ansible_apply",
"sudo_action",
"host_file_write",
"firewall_change",
"secret_value_collection",
"active_scan",
"runtime_gate_open"
],
"config_kind": "backup_capture_contract",
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"disable_switch": "pending_disable_switch",
"docker_compose_action_authorized": false,
"expected_host_scope": "110_188_120_121_cluster",
"followup_owner": "pending_followup_owner",
"host_write_authorized": false,
"label": "host config backup capture contract",
"live_config_hash_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_role_or_team": "pending_owner_role_or_team",
"post_check_plan": "pending_post_check_plan",
"post_check_plan_accepted": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"repair_bot_execution_authorized": false,
"repo_sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e",
"repo_source_path": "scripts/backup/backup-configs.sh",
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"request_id": "host_service_owner_request:config_backup_host_capture",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"requires_live_evidence": true,
"restart_window": "pending_restart_window",
"restart_window_accepted": false,
"rollback_owner": "pending_rollback_owner",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"service_scope": [
"systemd",
"docker",
"nginx",
"cron",
"k8s",
"host-configs"
],
"source_inventory_ref": "docs/security/host-service-config-inventory.snapshot.json",
"source_line_count": 359,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "draft_not_dispatched",
"surface_id": "config_backup_host_capture",
"systemctl_action_authorized": false,
"write_capable_surface": false
}
],
"request_fields": [
"request_id",
"surface_id",
"label",
"expected_host_scope",
"config_kind",
"service_scope",
"control_tier",
"repo_source_path",
"repo_sha256",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner",
"not_approval"
],
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_config_hash_ref",
"maintenance_window",
"restart_window",
"rollback_owner",
"post_check_plan",
"disable_switch",
"followup_owner"
],
"schema_version": "host_service_owner_request_draft_v1",
"source_inventory_schema_version": "host_service_config_inventory_v1",
"source_inventory_status": "repo_only_inventory_ready",
"status": "owner_request_draft_ready_not_dispatched",
"summary": {
"action_button_count": 0,
"active_scan_authorized_count": 0,
"ansible_apply_authorized_count": 0,
"blocked_action_count": 14,
"docker_compose_action_authorized_count": 0,
"host_write_authorized_count": 0,
"live_evidence_received_count": 0,
"live_evidence_required_request_count": 8,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"post_check_plan_accepted_count": 0,
"recipient_confirmed_count": 0,
"repair_bot_execution_authorized_count": 0,
"request_draft_count": 9,
"request_field_count": 22,
"request_sent_count": 0,
"required_owner_field_count": 12,
"restart_window_accepted_count": 0,
"rollback_owner_accepted_count": 0,
"runtime_gate_count": 0,
"secret_value_collection_allowed_count": 0,
"ssh_read_authorized_count": 0,
"ssh_write_authorized_count": 0,
"systemctl_action_authorized_count": 0,
"write_capable_request_draft_count": 3
}
}
Reference in New Issue View Git Blame Copy Permalink