wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/telegram-notification-egress-migration-plan-draft.snapshot.json

1156 lines
44 KiB
JSON
Raw Permalink Blame History

{
"schema_version": "telegram_notification_egress_migration_plan_draft_v1",
"generated_at": "2026-06-18T23:00:00+08:00",
"git_commit": "f171ffc2",
"status": "migration_plan_draft_ready_no_runtime_action",
"mode": "metadata_only_no_workflow_script_api_change_no_telegram_send",
"source_snapshot": "docs/security/telegram-notification-egress-owner-request-draft.snapshot.json",
"source_schema_version": "telegram_notification_egress_owner_request_draft_v1",
"source_status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
"summary": {
"source_request_draft_count": 11,
"source_direct_bot_api_call_count": 18,
"migration_candidate_count": 11,
"workflow_migration_candidate_count": 6,
"ops_script_migration_candidate_count": 4,
"api_direct_migration_candidate_count": 1,
"proposed_wave_count": 3,
"plan_field_count": 17,
"reviewer_check_count": 15,
"outcome_lane_count": 9,
"blocked_action_count": 21,
"owner_response_required_count": 11,
"maintenance_window_required_count": 11,
"rollback_owner_required_count": 11,
"postcheck_required_count": 11,
"delivery_receipt_required_count": 11,
"owner_response_received_count": 0,
"owner_response_accepted_count": 0,
"migration_authorized_count": 0,
"workflow_modification_authorized_count": 0,
"script_modification_authorized_count": 0,
"api_sender_refactor_authorized_count": 0,
"telegram_send_authorized_count": 0,
"bot_api_call_authorized_count": 0,
"secret_value_collection_allowed_count": 0,
"raw_payload_storage_allowed_count": 0,
"production_write_authorized_count": 0,
"runtime_gate_count": 0,
"action_button_count": 0
},
"execution_boundaries": {
"runtime_execution_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
"proposed_waves": [
"wave_1_workflow_notification_wrapper",
"wave_2_ops_notification_wrapper",
"wave_3_api_sender_gateway"
],
"migration_candidates": [
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/cd-dev.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_dev_yaml",
"source_path": ".gitea/workflows/cd-dev.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 3,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/cd.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_yaml",
"source_path": ".gitea/workflows/cd.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 5,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/code-review.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_code_review_yaml",
"source_path": ".gitea/workflows/code-review.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 2,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/deploy-alerts.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_deploy_alerts_yaml",
"source_path": ".gitea/workflows/deploy-alerts.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/e2e-health.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_e2e_health_yaml",
"source_path": ".gitea/workflows/e2e-health.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/run-migration.yml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_run_migration_yml",
"source_path": ".gitea/workflows/run-migration.yml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:apps/api/src/services/channel_hub.py",
"source_request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
"source_path": "apps/api/src/services/channel_hub.py",
"surface_kind": "api_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_3_api_sender_gateway",
"proposed_target": "TelegramGateway final-exit formatter",
"proposed_change_summary": "Route API interim sender through TelegramGateway or equivalent final-exit normalization and mirror contract.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:scripts/ops/backup-from-110.sh",
"source_request_draft_id": "telegram_notification_egress_owner_request:scripts_ops_backup_from_110_sh",
"source_path": "scripts/ops/backup-from-110.sh",
"surface_kind": "ops_script_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_2_ops_notification_wrapper",
"proposed_target": "scripts/ops/notify-awoooi-ops.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct ops fallback send with normalized ops notification wrapper or documented break-glass fallback.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:scripts/ops/docker-health-monitor.sh",
"source_request_draft_id": "telegram_notification_egress_owner_request:scripts_ops_docker_health_monitor_sh",
"source_path": "scripts/ops/docker-health-monitor.sh",
"surface_kind": "ops_script_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_2_ops_notification_wrapper",
"proposed_target": "scripts/ops/notify-awoooi-ops.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct ops fallback send with normalized ops notification wrapper or documented break-glass fallback.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:scripts/ops/dr-drill.sh",
"source_request_draft_id": "telegram_notification_egress_owner_request:scripts_ops_dr_drill_sh",
"source_path": "scripts/ops/dr-drill.sh",
"surface_kind": "ops_script_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_2_ops_notification_wrapper",
"proposed_target": "scripts/ops/notify-awoooi-ops.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct ops fallback send with normalized ops notification wrapper or documented break-glass fallback.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:scripts/ops/pg-backup.sh",
"source_request_draft_id": "telegram_notification_egress_owner_request:scripts_ops_pg_backup_sh",
"source_path": "scripts/ops/pg-backup.sh",
"surface_kind": "ops_script_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_2_ops_notification_wrapper",
"proposed_target": "scripts/ops/notify-awoooi-ops.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct ops fallback send with normalized ops notification wrapper or documented break-glass fallback.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
}
],
"operator_interpretation": [
"This is a migration plan draft only; it does not authorize workflow, script, API, Telegram, or production changes.",
"Every candidate still requires owner response, maintenance window, rollback owner, receipt plan, and post-check evidence.",
"Direct Bot API convergence remains 0 until a separate runtime-approved change is implemented and verified."
]
}
Reference in New Issue View Git Blame Copy Permalink