awoooi/docs/evaluations/backup_notification_policy_2026-06-04.json

{
  "schema_version": "backup_notification_policy_v1",
  "generated_at": "2026-06-04T21:42:18+08:00",
  "source_readiness_matrix_ref": "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
  "source_refs": [
    "docs/runbooks/BACKUP-STATUS.md",
    "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
    "docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md",
    "scripts/backup/backup-status.sh",
    "scripts/ops/backup-alert-label-contract-check.py",
    "scripts/ops/backup-health-textfile-exporter.py"
  ],
  "program_status": {
    "overall_completion_percent": 100,
    "current_priority": "P1",
    "current_task_id": "P1-103",
    "next_task_id": "P1-104",
    "read_only_mode": true
  },
  "rollups": {
    "total_rules": 8,
    "by_decision": {
      "suppress_immediate_success": 2,
      "escalate_immediate": 4,
      "create_action_required": 2
    },
    "immediate_escalation_rule_ids": [
      "backup_warning_stale",
      "backup_failed",
      "offsite_verify_failure",
      "backup_status_core_blocker"
    ],
    "suppressed_success_rule_ids": [
      "scheduled_backup_success",
      "offsite_sync_success"
    ]
  },
  "notification_channels": [
    {
      "channel_id": "awooop_operator_event",
      "purpose": "承載需要人工處理、incident 或批准證據的 operator-visible event。",
      "immediate_allowed": true,
      "success_immediate_allowed": false,
      "requires_operator_action": true
    },
    {
      "channel_id": "telegram_ops",
      "purpose": "只承載 failure、warning 或 action-required 即時升級；正常成功不得即時送出。",
      "immediate_allowed": true,
      "success_immediate_allowed": false,
      "requires_operator_action": true
    },
    {
      "channel_id": "prometheus_textfile",
      "purpose": "承載成功、失敗與新鮮度證據，供每日摘要與 alert rule 讀取。",
      "immediate_allowed": false,
      "success_immediate_allowed": false,
      "requires_operator_action": false
    },
    {
      "channel_id": "daily_status_summary",
      "purpose": "每日 06:05 台北時間摘要成功狀態、警告、阻擋與下一步。",
      "immediate_allowed": false,
      "success_immediate_allowed": false,
      "requires_operator_action": false
    }
  ],
  "policy_rules": [
    {
      "rule_id": "scheduled_backup_success",
      "event_kind": "backup_job_completed",
      "backup_state": "success",
      "severity": "info",
      "decision": "suppress_immediate_success",
      "channels": ["prometheus_textfile", "daily_status_summary"],
      "owner_agent": "hermes",
      "requires_incident": false,
      "requires_approval_record": false,
      "message_contract": "成功只寫入 metrics / textfile 與每日 06:05 摘要；不得送 Telegram / AwoooP 即時成功訊息。",
      "evidence_refs": ["docs/runbooks/BACKUP-STATUS.md"]
    },
    {
      "rule_id": "offsite_sync_success",
      "event_kind": "offsite_verify_completed",
      "backup_state": "success",
      "severity": "info",
      "decision": "suppress_immediate_success",
      "channels": ["prometheus_textfile", "daily_status_summary"],
      "owner_agent": "hermes",
      "requires_incident": false,
      "requires_approval_record": false,
      "message_contract": "異地 verify 成功不即時洗版；只進 latest-only freshness 證據與每日摘要。",
      "evidence_refs": [
        "docs/runbooks/BACKUP-STATUS.md",
        "scripts/backup/verify-offsite-full-sync.sh"
      ]
    },
    {
      "rule_id": "backup_warning_stale",
      "event_kind": "backup_freshness_warning",
      "backup_state": "warning",
      "severity": "warning",
      "decision": "escalate_immediate",
      "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"],
      "owner_agent": "openclaw",
      "requires_incident": true,
      "requires_approval_record": false,
      "message_contract": "警告必須帶 target、freshness、last_success_at、evidence ref 與下一個 read-only check；不得夾帶 secret。",
      "evidence_refs": [
        "docs/runbooks/BACKUP-STATUS.md",
        "scripts/backup/backup-status.sh"
      ]
    },
    {
      "rule_id": "backup_failed",
      "event_kind": "backup_job_failed",
      "backup_state": "failed",
      "severity": "critical",
      "decision": "escalate_immediate",
      "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"],
      "owner_agent": "openclaw",
      "requires_incident": true,
      "requires_approval_record": false,
      "message_contract": "失敗立即升級，必須包含 target、job、exit code、last success、log evidence ref 與人工處置入口。",
      "evidence_refs": [
        "docs/runbooks/BACKUP-STATUS.md",
        "scripts/backup/backup-status.sh"
      ]
    },
    {
      "rule_id": "offsite_verify_failure",
      "event_kind": "offsite_verify_failed",
      "backup_state": "failed",
      "severity": "critical",
      "decision": "escalate_immediate",
      "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"],
      "owner_agent": "openclaw",
      "requires_incident": true,
      "requires_approval_record": false,
      "message_contract": "異地 verify 失敗必須升級並保留 local / remote repo、latest-only 狀態與 retry 建議；不得自動 sync。",
      "evidence_refs": [
        "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
        "scripts/backup/sync-offsite-backups.sh",
        "scripts/backup/verify-offsite-full-sync.sh"
      ]
    },
    {
      "rule_id": "backup_status_core_blocker",
      "event_kind": "backup_core_blocker_detected",
      "backup_state": "action_required",
      "severity": "critical",
      "decision": "escalate_immediate",
      "channels": ["awooop_operator_event", "telegram_ops", "prometheus_textfile"],
      "owner_agent": "openclaw",
      "requires_incident": true,
      "requires_approval_record": true,
      "message_contract": "核心阻擋必須連到 incident / approval / evidence；Agent 不得自行 restore、prune、寫 marker 或改排程。",
      "evidence_refs": [
        "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
        "docs/runbooks/BACKUP-STATUS.md"
      ]
    },
    {
      "rule_id": "credential_escrow_missing_markers",
      "event_kind": "credential_escrow_gap",
      "backup_state": "blocked",
      "severity": "high",
      "decision": "create_action_required",
      "channels": ["awooop_operator_event", "daily_status_summary"],
      "owner_agent": "openclaw",
      "requires_incident": false,
      "requires_approval_record": true,
      "message_contract": "缺 escrow marker 必須維持 action-required；不得自動寫 marker、不得輸出 credential 或要求 Agent 讀 secret。",
      "evidence_refs": [
        "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
        "scripts/backup/mark-credential-escrow-verified.sh",
        "scripts/backup/offsite-escrow-evidence-report.sh"
      ]
    },
    {
      "rule_id": "metric_binding_gap",
      "event_kind": "backup_metric_binding_gap",
      "backup_state": "needs_metric_binding",
      "severity": "warning",
      "decision": "create_action_required",
      "channels": ["awooop_operator_event", "daily_status_summary"],
      "owner_agent": "hermes",
      "requires_incident": false,
      "requires_approval_record": false,
      "message_contract": "metric binding gap 只建立 action-required 與 UI 證據缺口；不得直接修改 Prometheus rule 或 exporter。",
      "evidence_refs": [
        "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json",
        "scripts/ops/backup-alert-label-contract-check.py"
      ]
    }
  ],
  "daily_summary_contract": {
    "summary_time_taipei": "06:05",
    "success_immediate_notifications_allowed": false,
    "success_signal_sources": [
      "Prometheus / node-exporter textfile metrics",
      "scripts/backup/backup-status.sh --no-notify",
      "Backup / DR readiness matrix"
    ],
    "failure_rows_require_action_refs": true,
    "mandatory_sections": [
      "latest successful backup targets",
      "warning / failed targets",
      "blocked DR targets",
      "offsite latest-only verification",
      "credential escrow marker status",
      "next operator action"
    ]
  },
  "agent_roles": [
    {
      "agent_id": "openclaw",
      "role": "通知升級仲裁者，判斷 warning / failed / action-required 是否需要 incident、approval 與 operator action。",
      "allowed_actions": [
        "只讀仲裁嚴重度",
        "要求 incident / approval evidence",
        "拒絕成功即時洗版"
      ],
      "blocked_actions": [
        "未批准發送正式 Telegram 測試訊息",
        "未批准執行 restore 或 backup",
        "未批准寫 credential marker"
      ]
    },
    {
      "agent_id": "hermes",
      "role": "整理 runbook、每日摘要、降噪政策與 UI 可讀文字。",
      "allowed_actions": [
        "只讀整理通知政策",
        "彙整 daily summary 欄位",
        "標示 metric binding gap"
      ],
      "blocked_actions": [
        "直接送出 Telegram / AwoooP 訊息",
        "直接改排程或 workflow",
        "直接修改 Prometheus rule"
      ]
    },
    {
      "agent_id": "nemotron",
      "role": "可離線比較通知降噪 pattern 與摘要品質，但不是備份通知主控。",
      "allowed_actions": [
        "使用 sanitized evidence 做離線比較",
        "提出摘要品質建議"
      ],
      "blocked_actions": [
        "讀取 production secret",
        "送出通知",
        "觸發 backup / restore / offsite sync"
      ]
    }
  ],
  "operation_boundaries": {
    "read_only_policy_allowed": true,
    "notification_send_allowed": false,
    "backup_execution_allowed": false,
    "restore_execution_allowed": false,
    "offsite_sync_execution_allowed": false,
    "credential_marker_write_allowed": false,
    "schedule_change_allowed": false,
    "workflow_write_allowed": false,
    "telegram_test_message_allowed": false
  },
  "approval_boundaries": {
    "sdk_installation_allowed": false,
    "paid_api_call_allowed": false,
    "shadow_or_canary_allowed": false,
    "production_routing_allowed": false,
    "destructive_operation_allowed": false
  }
}