wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/ssh-network-owner-response-acceptance.snapshot.json
Your Name 33b4608117
All checks were successful
Code Review / ai-code-review (push) Successful in 14s
Details
CD Pipeline / tests (push) Successful in 1m31s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m13s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m2s
Details
fix(iwooos): 新增 ssh network owner acceptance ledger
2026-06-14 21:52:13 +08:00

2952 lines
99 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"acceptance_candidates": [
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:ansible_inventory_ssh_targets",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.110",
"192.168.0.111",
"192.168.0.112",
"192.168.0.120",
"192.168.0.121",
"192.168.0.188"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ssh_target_inventory",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "110_111_112_120_121_188",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:ansible_inventory_ssh_targets",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "ansible_inventory_ssh_targets",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:ansible_common_ssh_args",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"StrictHostKeyChecking=accept-new",
"ConnectTimeout=10"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ssh_client_policy",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "multi_host",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:ansible_common_ssh_args",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "ansible_common_ssh_args",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:gitea_cd_known_hosts_secret",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.110",
"192.168.0.120",
"192.168.0.121",
"192.168.0.188"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "known_hosts_secret_workflow",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "110_120_121_188_known_hosts",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:gitea_cd_known_hosts_secret",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "gitea_cd_known_hosts_secret",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:gitea_cd_deploy_ssh",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"K8S_SSH_HOST",
"deploy_key",
"kubectl apply",
"ArgoCD sync"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ci_deploy_ssh",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "k8s_ssh_host",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:gitea_cd_deploy_ssh",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "gitea_cd_deploy_ssh",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": true
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:gitea_cd_dev_ssh",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.120",
"deploy_key",
"kubectl apply"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ci_deploy_ssh",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "192.168.0.120",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:gitea_cd_dev_ssh",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "gitea_cd_dev_ssh",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": true
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:deploy_alerts_ssh_path",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.110",
"deploy alert scripts"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ci_deploy_ssh",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "192.168.0.110",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:deploy_alerts_ssh_path",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "deploy_alerts_ssh_path",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": true
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:monitoring_discover_docker_ssh",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.110",
"192.168.0.188",
"docker ps"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ssh_discovery_script",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "110_188_docker_hosts",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:monitoring_discover_docker_ssh",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "monitoring_discover_docker_ssh",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:monitoring_exporter_deploy_ssh",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.188",
"scp",
"docker compose up -d"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "monitoring_ssh_deploy_script",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "192.168.0.188",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:monitoring_exporter_deploy_ssh",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "monitoring_exporter_deploy_ssh",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": true
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:backup_config_ssh_capture",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"/etc/ssh",
"/etc/nginx",
"systemd",
"docker",
"k8s"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "ssh_backup_capture",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "110_188_120_121_cluster",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:backup_config_ssh_capture",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "backup_config_ssh_capture",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:host_ops_sudoers_wrapper",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"awoooi-hosts-add",
"docker kill SIGHUP",
"promtool",
"amtool"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "sudoers_policy",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "host_ops_minimal_sudo",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:host_ops_sudoers_wrapper",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "host_ops_sudoers_wrapper",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": true
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:k8s_prod_network_policy",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"default deny",
"ingress",
"egress",
"SSH egress",
"Ollama",
"monitoring"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "k8s_network_policy",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "awoooi_prod_namespace",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:k8s_prod_network_policy",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "k8s_prod_network_policy",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:argocd_metrics_network_policy",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"192.168.0.188",
"argocd metrics",
"192.168.0.0/24 UI"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "k8s_network_policy",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "argocd_namespace",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:argocd_metrics_network_policy",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "argocd_metrics_network_policy",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:argocd_metrics_nodeport",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"nodePort 30882",
"nodePort 30883"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "k8s_nodeport_service",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "argocd_nodeport_30882_30883",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:argocd_metrics_nodeport",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "argocd_metrics_nodeport",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:velero_metrics_nodeport",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"nodePort 30885",
"backup metrics"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "k8s_nodeport_service",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "velero_nodeport_30885",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:velero_metrics_nodeport",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "velero_metrics_nodeport",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:wireguard_mesh_runbook",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"10.77.114.0/24",
"51820/udp",
"GCP-A",
"GCP-B"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "wireguard_runbook",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "110_111_120_121_gcp_a_gcp_b",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:wireguard_mesh_runbook",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "wireguard_mesh_runbook",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": false
},
{
"acceptance_candidate_id": "ssh_network_owner_response_acceptance:alert_rules_ssh_actions",
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"access_scope": [
"ssh_diagnose",
"docker restart",
"systemctl restart",
"docker compose",
"docker prune"
],
"action_buttons_allowed": false,
"active_scan_authorized": false,
"affected_scope": "pending_owner_response",
"allowed_source_cidrs_ref": null,
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"break_glass_owner": "pending_owner_response",
"change_freeze_rule": "pending_owner_response",
"config_kind": "alert_ssh_action_rules",
"control_tier": "C1",
"decision": "pending_owner_response",
"decision_reason": "pending_owner_response",
"deploy_ssh_action_authorized": false,
"expected_scope": "ssh_mcp_action_catalog",
"firewall_change_authorized": false,
"firewall_owner": "pending_owner_response",
"firewall_owner_accepted": false,
"followup_owner": "pending_owner_response",
"host_key_pinning_accepted": false,
"host_key_pinning_ref": null,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_access_state_ref": null,
"live_evidence_received": false,
"maintenance_window": "pending_owner_response",
"maintenance_window_accepted": false,
"network_policy_apply_authorized": false,
"network_policy_diff_accepted": false,
"network_policy_diff_ref": null,
"nodeport_change_authorized": false,
"nodeport_exposure_accepted": false,
"nodeport_exposure_ref": null,
"not_approval": true,
"outcome_lanes": [
"waiting_owner_response",
"quarantine_raw_payload",
"reject_secret_or_key_value",
"request_supplement",
"ready_for_network_review",
"owner_review_only_update",
"waiting_runtime_gate"
],
"owner_response_accepted": false,
"owner_response_quarantined": false,
"owner_response_received": false,
"owner_response_ref": null,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_response",
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"port_policy_accepted": false,
"port_policy_ref": null,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"request_id": "ssh_network_owner_request:alert_rules_ssh_actions",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
"owner_identity_present",
"decision_reason_present",
"affected_scope_matches_surface",
"redacted_refs_only",
"secret_or_key_value_absent",
"live_access_state_metadata_only",
"allowed_source_cidr_metadata_only",
"host_key_pinning_shape",
"port_impact_review",
"firewall_owner_present",
"network_policy_nodeport_review",
"wireguard_cutover_separate_gate",
"maintenance_window_present",
"rollback_validation_present",
"counts_transition_safe"
],
"reviewer_outcome": "waiting_owner_response",
"rollback_owner": "pending_owner_response",
"rollback_owner_accepted": false,
"runtime_gate": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"status": "waiting_owner_response",
"sudo_action_authorized": false,
"supplement_requested": false,
"surface_id": "alert_rules_ssh_actions",
"validation_plan": "pending_owner_response",
"validation_plan_accepted": false,
"wireguard_change_authorized": false,
"wireguard_cutover_accepted": false,
"write_capable_surface": true
}
],
"acceptance_fields": [
"acceptance_candidate_id",
"request_id",
"surface_id",
"config_kind",
"expected_scope",
"access_scope",
"control_tier",
"write_capable_surface",
"owner_response_ref",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"host_key_pinning_ref",
"port_policy_ref",
"network_policy_diff_ref",
"nodeport_exposure_ref",
"firewall_owner",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"reviewer_outcome",
"followup_owner",
"not_approval"
],
"blocked_actions": [
"ssh_read",
"ssh_write",
"host_keyscan",
"known_hosts_patch",
"firewall_change",
"port_close",
"port_open",
"network_policy_apply",
"nodeport_change",
"wireguard_change",
"sudo_action",
"deploy_ssh_action",
"secret_value_collection",
"ssh_key_collection",
"active_scan",
"runtime_gate_open",
"live_firewall_read",
"live_sudoers_read",
"raw_key_material_storage",
"raw_firewall_dump_storage",
"mark_owner_response_accepted_without_reviewer_record",
"add_action_button"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"active_scan_authorized": false,
"deploy_ssh_action_authorized": false,
"firewall_change_authorized": false,
"host_keyscan_authorized": false,
"host_write_authorized": false,
"known_hosts_patch_authorized": false,
"live_evidence_received": false,
"live_host_read_authorized": false,
"network_policy_apply_authorized": false,
"nodeport_change_authorized": false,
"not_authorization": true,
"owner_response_accepted": false,
"port_change_authorized": false,
"port_close_authorized": false,
"port_open_authorized": false,
"request_dispatch_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"ssh_key_collection_allowed": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"sudo_action_authorized": false,
"wireguard_change_authorized": false
},
"generated_at": "2026-06-15T01:18:00+08:00",
"git_commit": "1d0de1d4",
"next_steps": [
"等待 owner response未收到前不得更新 accepted count。",
"收到回覆後先走 raw payload / secret / key material / scope / CIDR / port impact / rollback 檢查,不合格即隔離、拒收或補件。",
"metadata 合格也只能進 network / firewall reviewer reviewSSH、keyscan、known_hosts patch、firewall、port、NetworkPolicy、NodePort 與 WireGuard 仍需獨立人工批准。"
],
"outcome_lanes": [
{
"lane_id": "waiting_owner_response",
"meaning": "尚未收到 owner response所有 accepted / runtime count 維持 0。"
},
{
"lane_id": "quarantine_raw_payload",
"meaning": "收到 raw firewall dump、SSH key、private key、token 或不可保存內容時只能隔離。"
},
{
"lane_id": "reject_secret_or_key_value",
"meaning": "出現 secret value、key material、credential derivative 或未脫敏 payload 時直接拒收。"
},
{
"lane_id": "request_supplement",
"meaning": "欄位不足、scope 不清、CIDR / owner / rollback / validation 缺失時要求補件。"
},
{
"lane_id": "ready_for_network_review",
"meaning": "metadata 合格後,只能進 network / firewall reviewer review。"
},
{
"lane_id": "owner_review_only_update",
"meaning": "只允許更新只讀 owner review ledger不得改 port、firewall、known_hosts 或 policy。"
},
{
"lane_id": "waiting_runtime_gate",
"meaning": "即使 owner response acceptedruntime gate 仍等待獨立人工批准。"
}
],
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"live_access_state_ref",
"allowed_source_cidrs_ref",
"maintenance_window",
"rollback_owner",
"validation_plan",
"break_glass_owner",
"change_freeze_rule",
"followup_owner"
],
"reviewer_checks": [
{
"check_id": "owner_identity_present",
"instruction": "owner role / team 必須可追溯。"
},
{
"check_id": "decision_reason_present",
"instruction": "decision 與 decision reason 必須同時存在。"
},
{
"check_id": "affected_scope_matches_surface",
"instruction": "affected scope 必須能對回 committed surface_id。"
},
{
"check_id": "redacted_refs_only",
"instruction": "evidence 只能是脫敏 ref、hash、ticket、commit 或 artifact pointer。"
},
{
"check_id": "secret_or_key_value_absent",
"instruction": "不得出現 private key、SSH key、token、password、cookie 或 partial secret。"
},
{
"check_id": "live_access_state_metadata_only",
"instruction": "live access state 只能是 owner-provided metadata ref不得貼 raw firewall dump。"
},
{
"check_id": "allowed_source_cidr_metadata_only",
"instruction": "allowed source CIDR 只能是 policy ref 或脫敏摘要,不得暴露敏感來源明細。"
},
{
"check_id": "host_key_pinning_shape",
"instruction": "known_hosts / host key pinning 只能收 fingerprint ref不得自動 keyscan 或 patch。"
},
{
"check_id": "port_impact_review",
"instruction": "port close / open 影響範圍必須列出 public route、admin route、agent、monitoring 與 rollback。"
},
{
"check_id": "firewall_owner_present",
"instruction": "firewall owner、rollback owner 與 change freeze rule 必須存在。"
},
{
"check_id": "network_policy_nodeport_review",
"instruction": "NetworkPolicy / NodePort 需有 exposure owner、source whitelist 與 route smoke plan。"
},
{
"check_id": "wireguard_cutover_separate_gate",
"instruction": "WireGuard cutover 必須獨立維護窗口與 runtime gate不得混入 owner acceptance。"
},
{
"check_id": "maintenance_window_present",
"instruction": "任何未來端口、firewall、NodePort 或 WireGuard 變更都必須另有維護窗口。"
},
{
"check_id": "rollback_validation_present",
"instruction": "rollback owner 與 validation plan 必須同時存在。"
},
{
"check_id": "counts_transition_safe",
"instruction": "只有 reviewer record 可更新 received / accepted / rejected不得同時開 runtime gate。"
}
],
"schema_version": "ssh_network_owner_response_acceptance_v1",
"source_inventory_schema_version": "ssh_network_access_inventory_v1",
"source_inventory_status": "repo_only_inventory_ready",
"source_owner_request_schema_version": "ssh_network_owner_request_draft_v1",
"source_owner_request_status": "owner_request_draft_ready_not_dispatched",
"status": "owner_response_acceptance_ledger_ready_no_runtime_action",
"summary": {
"acceptance_candidate_count": 16,
"acceptance_field_count": 29,
"action_button_count": 0,
"active_scan_authorized_count": 0,
"blocked_action_count": 22,
"deploy_ssh_action_authorized_count": 0,
"firewall_change_authorized_count": 0,
"firewall_owner_accepted_count": 0,
"host_key_pinning_accepted_count": 0,
"host_keyscan_authorized_count": 0,
"host_write_authorized_count": 0,
"known_hosts_patch_authorized_count": 0,
"live_evidence_received_count": 0,
"live_evidence_required_candidate_count": 16,
"maintenance_window_accepted_count": 0,
"network_policy_apply_authorized_count": 0,
"network_policy_diff_accepted_count": 0,
"nodeport_change_authorized_count": 0,
"nodeport_exposure_accepted_count": 0,
"outcome_lane_count": 7,
"owner_response_accepted_count": 0,
"owner_response_quarantined_count": 0,
"owner_response_received_count": 0,
"owner_response_rejected_count": 0,
"port_change_authorized_count": 0,
"port_close_authorized_count": 0,
"port_open_authorized_count": 0,
"port_policy_accepted_count": 0,
"recipient_confirmed_count": 0,
"request_sent_count": 0,
"required_owner_field_count": 13,
"reviewer_check_count": 15,
"rollback_owner_accepted_count": 0,
"runtime_gate_count": 0,
"secret_value_collection_allowed_count": 0,
"source_request_draft_count": 16,
"source_surface_count": 16,
"ssh_key_collection_allowed_count": 0,
"ssh_read_authorized_count": 0,
"ssh_write_authorized_count": 0,
"sudo_action_authorized_count": 0,
"supplement_requested_count": 0,
"validation_plan_accepted_count": 0,
"wireguard_change_authorized_count": 0,
"wireguard_cutover_accepted_count": 0,
"write_capable_acceptance_candidate_count": 6
}
}
Reference in New Issue View Git Blame Copy Permalink