364 lines
13 KiB
JSON
364 lines
13 KiB
JSON
{
|
||
"config_surfaces": [
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "docker_compose_source",
|
||
"control_tier": "C1",
|
||
"current_state": "repo_source_visible",
|
||
"expected_host_scope": "local_dev_only",
|
||
"label": "AWOOOI local development compose",
|
||
"line_count": 137,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "確認本檔僅供 local dev,不得作為 production compose;補 dev secret placeholder policy。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": false,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"web",
|
||
"api",
|
||
"postgres",
|
||
"redis"
|
||
],
|
||
"sha256": "4a27bcde139b5aef6a9f3080187af5bec73d1efd9c09ed2752b0baaa5f507024",
|
||
"source_exists": true,
|
||
"source_path": "docker-compose.yml",
|
||
"surface_id": "local_dev_compose"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "docker_compose_source",
|
||
"control_tier": "C1",
|
||
"current_state": "repo_source_visible_with_live_drift_warning",
|
||
"expected_host_scope": "192.168.0.110",
|
||
"label": "110 monitoring docker compose",
|
||
"line_count": 148,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 110 live compose hash、restart window、rollback owner、post-check 指標與 drift disposition。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"cadvisor",
|
||
"prometheus",
|
||
"grafana",
|
||
"blackbox-exporter",
|
||
"alertmanager",
|
||
"github-exporter"
|
||
],
|
||
"sha256": "00126e9a5cb7a3cf2bf02cfddefea11f05849b46835a4e602eac4777fcb25281",
|
||
"source_exists": true,
|
||
"source_path": "k8s/monitoring/docker-compose-110.yml",
|
||
"surface_id": "monitoring_110_compose"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "docker_compose_source",
|
||
"control_tier": "C1",
|
||
"current_state": "repo_source_visible_needs_live_hash",
|
||
"expected_host_scope": "192.168.0.188",
|
||
"label": "188 database exporters compose",
|
||
"line_count": 69,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 188 exporter compose live hash、env source policy、restart window 與 rollback owner。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"postgres-exporter",
|
||
"redis-exporter"
|
||
],
|
||
"sha256": "3ffb3bd2e98091d18e60b74721904777c27f279c37ab6e873b82e6ef73eb87d4",
|
||
"source_exists": true,
|
||
"source_path": "ops/monitoring/docker-compose.exporters.yaml",
|
||
"surface_id": "monitoring_exporters_188_compose"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "docker_compose_reference",
|
||
"control_tier": "C1",
|
||
"current_state": "reference_only_not_runtime_source",
|
||
"expected_host_scope": "192.168.0.110",
|
||
"label": "110 Sentry self-hosted reference compose",
|
||
"line_count": 49,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "確認 110 Sentry 實際 source-of-truth、official self-hosted revision、backup path 與 rollback owner。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"sentry-placeholder-reference"
|
||
],
|
||
"sha256": "bba852dc0d73934998fa375130168615f9ac7611ce3f3efaa901e3b7e222eae3",
|
||
"source_exists": true,
|
||
"source_path": "ops/sentry-self-hosted/docker-compose.yml",
|
||
"surface_id": "sentry_110_reference_compose"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "docker_compose_source",
|
||
"control_tier": "C1",
|
||
"current_state": "repo_source_visible_needs_secret_policy_review",
|
||
"expected_host_scope": "192.168.0.110",
|
||
"label": "110 Langfuse compose",
|
||
"line_count": 71,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 110 live compose hash、secret placeholder disposition、restart window 與 rollback owner。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"langfuse",
|
||
"langfuse-db"
|
||
],
|
||
"sha256": "6c703a27525e62ef4d4d3c4cba8a89d64f646b01020782e35d22a3bf73f2dc83",
|
||
"source_exists": true,
|
||
"source_path": "infra/langfuse/docker-compose.yml",
|
||
"surface_id": "langfuse_110_compose"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "ansible_service_executor",
|
||
"control_tier": "C1",
|
||
"current_state": "executor_role_visible_needs_gate_mapping",
|
||
"expected_host_scope": "multi_host",
|
||
"label": "Ansible docker-compose-service role",
|
||
"line_count": 18,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 role 使用範圍、allowed service_dir、check-mode plan、rollback owner 與人工批准 gate。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"docker compose up -d"
|
||
],
|
||
"sha256": "cee214a8651f46c2d8be05054dddadc243a26bff51a64bd9cf42dd2ec0b7b1b3",
|
||
"source_exists": true,
|
||
"source_path": "infra/ansible/roles/docker-compose-service/tasks/main.yml",
|
||
"surface_id": "ansible_docker_compose_service_role"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "host_repair_whitelist",
|
||
"control_tier": "C1",
|
||
"current_state": "write_capable_whitelist_visible_gate_closed",
|
||
"expected_host_scope": "192.168.0.110",
|
||
"label": "110 repair-bot compose whitelist",
|
||
"line_count": 67,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 authorized_keys command binding、disable switch、audit log path、rollback owner 與 post-check 指標。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"sentry",
|
||
"harbor",
|
||
"gitea",
|
||
"gitea-runner",
|
||
"langfuse",
|
||
"alertmanager",
|
||
"signoz"
|
||
],
|
||
"sha256": "093d4f85c398806dee62c2831fa4fe7e1f8fddca6e3cfcc9dbe4d5e0d66cdf3b",
|
||
"source_exists": true,
|
||
"source_path": "scripts/repair-bot/repair-bot-110.sh",
|
||
"surface_id": "repair_bot_110_whitelist"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "host_repair_whitelist",
|
||
"control_tier": "C1",
|
||
"current_state": "write_capable_whitelist_visible_gate_closed",
|
||
"expected_host_scope": "192.168.0.188",
|
||
"label": "188 repair-bot compose/systemd whitelist",
|
||
"line_count": 85,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner 與 route smoke。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"openclaw",
|
||
"minio",
|
||
"signoz",
|
||
"redis",
|
||
"nginx",
|
||
"ollama"
|
||
],
|
||
"sha256": "fb2eb786d04edbf5d5be581a53bbe188ac66f0895aa016328b031c72f6182918",
|
||
"source_exists": true,
|
||
"source_path": "scripts/repair-bot/repair-bot-188.sh",
|
||
"surface_id": "repair_bot_188_whitelist"
|
||
},
|
||
{
|
||
"action_buttons_allowed": false,
|
||
"config_kind": "backup_capture_contract",
|
||
"control_tier": "C1",
|
||
"current_state": "capture_script_visible_not_executed_by_this_inventory",
|
||
"expected_host_scope": "110_188_120_121_cluster",
|
||
"label": "host config backup capture contract",
|
||
"line_count": 359,
|
||
"live_evidence_received": false,
|
||
"next_owner_action": "補 latest backup status、restore drill owner、secret handling proof、retention owner 與 restore validation plan。",
|
||
"owner_response_accepted": false,
|
||
"owner_response_received": false,
|
||
"requires_live_evidence": true,
|
||
"requires_owner_response": true,
|
||
"restart_window_accepted": false,
|
||
"rollback_owner_accepted": false,
|
||
"runtime_gate_open": false,
|
||
"service_scope": [
|
||
"systemd",
|
||
"docker",
|
||
"nginx",
|
||
"cron",
|
||
"k8s",
|
||
"host-configs"
|
||
],
|
||
"sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e",
|
||
"source_exists": true,
|
||
"source_path": "scripts/backup/backup-configs.sh",
|
||
"surface_id": "config_backup_host_capture"
|
||
}
|
||
],
|
||
"execution_boundaries": {
|
||
"action_buttons_allowed": false,
|
||
"active_scan_authorized": false,
|
||
"ansible_apply_authorized": false,
|
||
"docker_compose_action_authorized": false,
|
||
"host_write_authorized": false,
|
||
"live_host_read_authorized": false,
|
||
"repair_bot_execution_authorized": false,
|
||
"runtime_execution_authorized": false,
|
||
"secret_value_collection_allowed": false,
|
||
"service_restart_authorized": false,
|
||
"ssh_read_authorized": false,
|
||
"ssh_write_authorized": false,
|
||
"sudo_action_authorized": false,
|
||
"systemctl_action_authorized": false
|
||
},
|
||
"expected_host_scopes": [
|
||
"110_188_120_121_cluster",
|
||
"192.168.0.110",
|
||
"192.168.0.188",
|
||
"local_dev_only",
|
||
"multi_host"
|
||
],
|
||
"generated_at": "2026-06-11T23:20:00+08:00",
|
||
"git_commit": "0a82648e",
|
||
"next_collection_order": [
|
||
"repair_bot_110_whitelist",
|
||
"repair_bot_188_whitelist",
|
||
"monitoring_110_compose",
|
||
"monitoring_exporters_188_compose",
|
||
"langfuse_110_compose",
|
||
"config_backup_host_capture",
|
||
"ansible_docker_compose_service_role",
|
||
"sentry_110_reference_compose",
|
||
"local_dev_compose"
|
||
],
|
||
"operator_interpretation": [
|
||
"這是 repo-only 主機服務配置清冊,不是 live host 盤點。",
|
||
"write-capable 白名單與 Ansible role 可見,不代表 repair-bot、docker compose、systemctl 或 sudo 已授權。",
|
||
"所有 live hash、restart window、rollback owner、post-check 指標都仍需 owner response。",
|
||
"本清冊讓 Docker/systemd 類別從 inventory_needed 進到 repo_only_inventory_ready,但 runtime gate 仍為 0。"
|
||
],
|
||
"schema_version": "host_service_config_inventory_v1",
|
||
"source_scope": "committed_repo_files_only",
|
||
"status": "repo_only_inventory_ready",
|
||
"summary": {
|
||
"action_button_count": 0,
|
||
"coverage_percent_after_inventory": 50,
|
||
"coverage_percent_before_inventory": 42,
|
||
"docker_compose_source_count": 5,
|
||
"expected_host_scope_count": 5,
|
||
"host_repair_whitelist_count": 2,
|
||
"live_evidence_received_count": 0,
|
||
"owner_response_accepted_count": 0,
|
||
"owner_response_received_count": 0,
|
||
"restart_window_accepted_count": 0,
|
||
"rollback_owner_accepted_count": 0,
|
||
"runtime_gate_count": 0,
|
||
"source_exists_count": 9,
|
||
"surface_count": 9,
|
||
"surfaces_requiring_live_evidence_count": 8,
|
||
"surfaces_requiring_owner_response_count": 9,
|
||
"systemd_restart_surface_count": 1,
|
||
"write_capable_surface_count": 3
|
||
},
|
||
"write_capable_surfaces": [
|
||
{
|
||
"config_kind": "ansible_service_executor",
|
||
"expected_host_scope": "multi_host",
|
||
"label": "Ansible docker-compose-service role",
|
||
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
|
||
"service_scope": [
|
||
"docker compose up -d"
|
||
],
|
||
"surface_id": "ansible_docker_compose_service_role"
|
||
},
|
||
{
|
||
"config_kind": "host_repair_whitelist",
|
||
"expected_host_scope": "192.168.0.110",
|
||
"label": "110 repair-bot compose whitelist",
|
||
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
|
||
"service_scope": [
|
||
"sentry",
|
||
"harbor",
|
||
"gitea",
|
||
"gitea-runner",
|
||
"langfuse",
|
||
"alertmanager",
|
||
"signoz"
|
||
],
|
||
"surface_id": "repair_bot_110_whitelist"
|
||
},
|
||
{
|
||
"config_kind": "host_repair_whitelist",
|
||
"expected_host_scope": "192.168.0.188",
|
||
"label": "188 repair-bot compose/systemd whitelist",
|
||
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
|
||
"service_scope": [
|
||
"openclaw",
|
||
"minio",
|
||
"signoz",
|
||
"redis",
|
||
"nginx",
|
||
"ollama"
|
||
],
|
||
"surface_id": "repair_bot_188_whitelist"
|
||
}
|
||
]
|
||
}
|