wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/telegram-notification-egress-inventory.snapshot.json

2060 lines
73 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "telegram_notification_egress_inventory_v1",
"generated_at": "2026-06-18T22:30:00+08:00",
"git_commit": "27d9f394",
"status": "inventory_ready_no_runtime_action",
"mode": "repo_only_scan_no_secret_value_no_telegram_send",
"scan_roots": [
".gitea/workflows",
"scripts/ops",
"scripts/ci",
"apps/api/src"
],
"summary": {
"scanned_file_count": 554,
"direct_bot_api_file_count": 11,
"direct_bot_api_call_count": 18,
"workflow_direct_bot_api_call_count": 13,
"ops_script_direct_bot_api_call_count": 4,
"ci_script_direct_bot_api_call_count": 0,
"api_direct_bot_api_call_count": 1,
"gateway_normalized_callsite_count": 56,
"gateway_final_exit_formatter_present_count": 1,
"required_owner_field_count": 18,
"reviewer_check_count": 14,
"outcome_lane_count": 9,
"blocked_action_count": 22,
"owner_response_received_count": 0,
"owner_response_accepted_count": 0,
"formatter_convergence_accepted_count": 0,
"redaction_contract_accepted_count": 0,
"delivery_receipt_accepted_count": 0,
"direct_bot_api_migration_authorized_count": 0,
"telegram_send_authorized_count": 0,
"bot_api_call_authorized_count": 0,
"workflow_modification_authorized_count": 0,
"script_modification_authorized_count": 0,
"secret_value_collection_allowed_count": 0,
"raw_payload_storage_allowed_count": 0,
"production_write_authorized_count": 0,
"runtime_gate_count": 0,
"action_button_count": 0
},
"execution_boundaries": {
"runtime_execution_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"secret_hash_collection_allowed": false,
"partial_token_collection_allowed": false,
"raw_payload_storage_allowed": false,
"chat_route_change_authorized": false,
"bot_token_change_authorized": false,
"workflow_dispatch_authorized": false,
"production_deploy_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
"direct_bot_api_calls": [
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd-dev.yaml:54",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd-dev.yaml",
"line": 54,
"line_hash": "f503c2c0f61100a9",
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd-dev.yaml:241",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd-dev.yaml",
"line": 241,
"line_hash": "c41f88fbca91a4b9",
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd-dev.yaml:262",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd-dev.yaml",
"line": 262,
"line_hash": "eaa9a6cb8326dc79",
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd.yaml:113",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd.yaml",
"line": 113,
"line_hash": "b57e6587a106976b",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd.yaml:305",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd.yaml",
"line": 305,
"line_hash": "19c1de8d67af874a",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd.yaml:1203",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd.yaml",
"line": 1203,
"line_hash": "6ef020c2b6eac91f",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd.yaml:1552",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd.yaml",
"line": 1552,
"line_hash": "d029b95242f39c03",
"sanitized_excerpt": "printf '%b' \"$TG_MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/cd.yaml:1575",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/cd.yaml",
"line": 1575,
"line_hash": "d62c45a8595984fc",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/code-review.yaml:137",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/code-review.yaml",
"line": 137,
"line_hash": "a7ebbd735dad5ab2",
"sanitized_excerpt": "curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/code-review.yaml:216",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/code-review.yaml",
"line": 216,
"line_hash": "f10f7782dc7c8125",
"sanitized_excerpt": "curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/deploy-alerts.yaml:69",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/deploy-alerts.yaml",
"line": 69,
"line_hash": "79e83190f68f27c9",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/e2e-health.yaml:98",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/e2e-health.yaml",
"line": 98,
"line_hash": "d73ce94678f970a9",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:gitea_workflow_direct_bot_api:.gitea/workflows/run-migration.yml:210",
"surface_kind": "gitea_workflow_direct_bot_api",
"path": ".gitea/workflows/run-migration.yml",
"line": 210,
"line_hash": "934a8dd69fca99b3",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:api_direct_bot_api:apps/api/src/services/channel_hub.py:1138",
"surface_kind": "api_direct_bot_api",
"path": "apps/api/src/services/channel_hub.py",
"line": 1138,
"line_hash": "9e418fa74c83815a",
"sanitized_excerpt": "f\"https://api.telegram.org/bot<redacted>/sendMessage\",",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:ops_script_direct_bot_api:scripts/ops/backup-from-110.sh:64",
"surface_kind": "ops_script_direct_bot_api",
"path": "scripts/ops/backup-from-110.sh",
"line": 64,
"line_hash": "ff5ffbeca44d679b",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:ops_script_direct_bot_api:scripts/ops/docker-health-monitor.sh:90",
"surface_kind": "ops_script_direct_bot_api",
"path": "scripts/ops/docker-health-monitor.sh",
"line": 90,
"line_hash": "6611406903bc7d65",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:ops_script_direct_bot_api:scripts/ops/dr-drill.sh:63",
"surface_kind": "ops_script_direct_bot_api",
"path": "scripts/ops/dr-drill.sh",
"line": 63,
"line_hash": "b7cf532f3c5509fc",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"egress_surface_id": "telegram_egress:ops_script_direct_bot_api:scripts/ops/pg-backup.sh:52",
"surface_kind": "ops_script_direct_bot_api",
"path": "scripts/ops/pg-backup.sh",
"line": 52,
"line_hash": "8268f3d6f14d66a3",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"required_owner_fields": [
"egress_surface_id",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_plan",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"reviewer_checks": [
"direct_bot_api_surface_identified",
"owner_role_present",
"target_route_is_sre_owned",
"message_shape_is_ai_automation_card_or_documented_exception",
"redaction_contract_present",
"formatter_convergence_path_present",
"delivery_receipt_metadata_only",
"dedup_or_fingerprint_present",
"fallback_mode_does_not_leak_raw_payload",
"secret_name_only_no_value",
"workflow_or_script_change_requires_separate_approval",
"telegram_send_not_executed_by_inventory",
"no_false_green_claim",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"waiting_owner_response",
"request_owner_route_supplement",
"request_formatter_convergence_plan",
"request_redaction_contract",
"request_delivery_receipt_metadata",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_notification_egress_review",
"waiting_runtime_gate"
],
"blocked_actions": [
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification_without_owner",
"secret_value_collection",
"secret_hash_collection",
"partial_token_collection",
"chat_id_collection_without_owner",
"store_raw_message_payload",
"store_unredacted_workflow_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"workflow_dispatch",
"production_deploy",
"accept_route_200_as_delivery_receipt",
"accept_cd_success_as_notification_acceptance",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_review",
"open_runtime_gate",
"add_action_button"
],
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
}
],
"gateway_normalized_callsite_refs": [
{
"path": "apps/api/src/api/v1/gitea_webhook.py",
"line": 426,
"line_hash": "2bba62c7403eeae5"
},
{
"path": "apps/api/src/api/v1/signoz_webhook.py",
"line": 619,
"line_hash": "980d3a75c1e608db"
},
{
"path": "apps/api/src/jobs/capacity_forecaster_job.py",
"line": 385,
"line_hash": "a7c5d5a21624db48"
},
{
"path": "apps/api/src/jobs/compliance_scanner_job.py",
"line": 528,
"line_hash": "a5cb293e694f4319"
},
{
"path": "apps/api/src/jobs/coverage_evaluator_job.py",
"line": 344,
"line_hash": "9d0733502b37bfed"
},
{
"path": "apps/api/src/jobs/hermes_rule_quality_job.py",
"line": 366,
"line_hash": "ad448bc99ba96d49"
},
{
"path": "apps/api/src/services/ai_router.py",
"line": 1333,
"line_hash": "202458f20c188326"
},
{
"path": "apps/api/src/services/approval_execution.py",
"line": 1191,
"line_hash": "5fc34226f6f9d1c7"
},
{
"path": "apps/api/src/services/converged_alert_recurrence_notifier.py",
"line": 169,
"line_hash": "891a543abef76ca8"
},
{
"path": "apps/api/src/services/decision_manager.py",
"line": 1220,
"line_hash": "f8477e7b398f9d72"
},
{
"path": "apps/api/src/services/drift_adopt_service.py",
"line": 475,
"line_hash": "59870f376c6ba34a"
},
{
"path": "apps/api/src/services/drift_remediator.py",
"line": 227,
"line_hash": "a9a6af0cb71e69f0"
},
{
"path": "apps/api/src/services/failover_alerter.py",
"line": 261,
"line_hash": "34684a93372ce6d7"
},
{
"path": "apps/api/src/services/failure_watcher.py",
"line": 747,
"line_hash": "8bee0a47e4dce615"
},
{
"path": "apps/api/src/services/failure_watcher.py",
"line": 779,
"line_hash": "dcc8fed7fe94b63d"
},
{
"path": "apps/api/src/services/gitea_webhook_service.py",
"line": 409,
"line_hash": "03ec3600dd9b7e8a"
},
{
"path": "apps/api/src/services/k3s_monitor_service.py",
"line": 222,
"line_hash": "b8fe78845628308a"
},
{
"path": "apps/api/src/services/notifications/telegram.py",
"line": 7,
"line_hash": "a5baed9efe0e0f85"
},
{
"path": "apps/api/src/services/notifications/telegram.py",
"line": 67,
"line_hash": "13a52baf484abbec"
},
{
"path": "apps/api/src/services/notifications/telegram.py",
"line": 91,
"line_hash": "875d9e9fbc2d75ce"
},
{
"path": "apps/api/src/services/runbook_generator.py",
"line": 392,
"line_hash": "771939312f164e0c"
},
{
"path": "apps/api/src/services/runbook_generator.py",
"line": 405,
"line_hash": "813d7d118fc840c4"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 4904,
"line_hash": "2ded92c9f0cf648c"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 5141,
"line_hash": "2c16c0d99e3ba896"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 5574,
"line_hash": "f9fa7599c8c630f3"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 5664,
"line_hash": "0cd3409b20409bd5"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 5667,
"line_hash": "4b46eec88f95b7fc"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 5725,
"line_hash": "435e4b8871b9ea20"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 5784,
"line_hash": "d67a07fbc4e8e104"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6107,
"line_hash": "57dff0f99cd63bb4"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6165,
"line_hash": "2cf36365a86d725d"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6221,
"line_hash": "9724fba690e79a29"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6278,
"line_hash": "c1481223ca6712a7"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6341,
"line_hash": "171855265b7f7b5f"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6416,
"line_hash": "f92bfa489791754e"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6459,
"line_hash": "a7c1d96474e5004c"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 6727,
"line_hash": "1b52a7acba5f263d"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7058,
"line_hash": "e4d15cc17412e1df"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7075,
"line_hash": "ef392666ead2a935"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7131,
"line_hash": "b01759a295fe888d"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7476,
"line_hash": "6de51111c3b3effb"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7633,
"line_hash": "3ae60919d622d66a"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7778,
"line_hash": "098e96b906782f66"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7852,
"line_hash": "cd2982fc71f17ded"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 7946,
"line_hash": "e3c7a73810453996"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8566,
"line_hash": "60fee84eb559944b"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8573,
"line_hash": "d7d36ac583acec88"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8700,
"line_hash": "eef16286b46db389"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8718,
"line_hash": "145af1001d016aef"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8732,
"line_hash": "71d1eae60f8d1eea"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8757,
"line_hash": "891f75aab51d14ce"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8783,
"line_hash": "3d838580c426d3f3"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 8819,
"line_hash": "85016472bc808598"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 9810,
"line_hash": "94c427fd9136122f"
},
{
"path": "apps/api/src/services/telegram_gateway.py",
"line": 9907,
"line_hash": "b57f776b5430f121"
},
{
"path": "apps/api/src/services/weekly_report_service.py",
"line": 277,
"line_hash": "aa0200c41090d012"
}
],
"operator_interpretation": [
"direct_bot_api_call_count 大於 0 代表仍有 workflow / ops / API 旁路可能繞過 TelegramGateway formatter。",
"本清冊只建立 metadata-only egress surface不送 Telegram、不修改 workflow / script、不讀 secret value。",
"後續要收斂 direct Bot API 必須另走 owner response、formatter convergence、redaction contract、delivery receipt 與維護窗口。"
]
}
Reference in New Issue View Git Blame Copy Permalink