IwoooS Backup / Restore / Escrow Owner Request Draft

項目	內容
日期	2026-06-14
狀態	`owner_request_draft_ready_not_dispatched`
工具	`scripts/security/backup-restore-owner-request-draft.py`
Snapshot	`docs/security/backup-restore-owner-request-draft.snapshot.json`
Source inventory	`docs/security/backup-restore-escrow-inventory.snapshot.json`
runtime gate	`0`

1. 目的

本文件承接 Backup / Restore / Escrow / Retention repo-only 清冊，把 38 個 surface 轉成人工送件前 request draft。它讓備份總控、服務備份、Restic retention、offsite sync、credential escrow、Velero、restore drill、alert / health 與 DR 文件有一致的 owner 回覆欄位。

這不是 live backup truth、不是備份成功證明、不是 restore drill 授權、不是 offsite sync 授權、不是 credential escrow marker 可寫入，也不是 retention policy 可變更。

2. 摘要

指標	目前值	說明
request draft	`38`	每個 backup / restore / escrow surface 一份草稿
write-capable request draft	`27`	backup、restore、offsite、escrow、retention、Velero、health exporter 等可寫 / 可執行 surface
live evidence required request	`38`	全部都需 owner 提供非敏感 live evidence
request field	`24`	草稿欄位總數
required owner field	`14`	owner 必填欄位
blocked action	`18`	backup、restore、offsite sync、remote delete、marker write、retention、prune、rclone、Velero、kubectl、SSH、secret collection、runtime gate 等
request sent / recipient confirmed	`0 / 0`	尚未送件
owner response received / accepted	`0 / 0`	尚未收到或驗收
live evidence received	`0`	不 SSH、不讀 offsite、不讀 live backup
restore / offsite / escrow / retention accepted	`0 / 0 / 0 / 0`	不得執行或標記完成
runtime gate / action button	`0 / 0`	不提供操作入口

3. Request Draft 類型

類型	代表 request	風險焦點
備份總控	`backup_restore_owner_request:backup_all_orchestrator`	全服務備份、cron、失敗通知、restore drill owner
服務備份	`backup_restore_owner_request:backup_awoooi_service_script`、`backup_restore_owner_request:backup_harbor_service_script`	DB / registry / route / trace data 的 freshness、restore target isolation、secret redaction
Restic / retention	`backup_restore_owner_request:backup_common_restic_retention`	B2 / rclone owner、retention owner、prune window、no-secret-value evidence
Offsite / escrow	`backup_restore_owner_request:offsite_sync_controller`、`backup_restore_owner_request:credential_escrow_marker`	remote delete、full sync window、escrow evidence id、marker write gate
Velero	`backup_restore_owner_request:velero_restore_cronjob`、`backup_restore_owner_request:velero_credentials_manifest`	RBAC、MinIO endpoint、restore isolation、secret manager source
Alert / health	`backup_restore_owner_request:backup_health_exporter`、`backup_restore_owner_request:backup_restore_alert_rules`	false-green metric、alert reload owner、freshness SLO
DR / cold-start	`backup_restore_owner_request:cold_start_sop`	runbook freshness、restore observer、stop condition、rollback owner

4. Owner 必填欄位

owner_role_or_team
decision
decision_reason
affected_scope
redacted_evidence_refs
latest_backup_status_ref
restore_drill_plan
offsite_sync_evidence_ref
credential_escrow_evidence_ref
maintenance_window
rollback_owner
validation_plan
retention_owner
followup_owner

5. 禁止動作

backup_run
restore_run
restore_drill
offsite_sync
offsite_remote_delete
credential_escrow_marker_write
retention_change
restic_prune
rclone_config
velero_restore
velero_backup
kubectl_action
ssh_read
ssh_write
secret_value_collection
host_write
active_scan
runtime_gate_open

6. 指令

產生 committed snapshot：

python3 scripts/security/backup-restore-owner-request-draft.py \
  --root . \
  --inventory-report docs/security/backup-restore-escrow-inventory.snapshot.json \
  --output docs/security/backup-restore-owner-request-draft.snapshot.json \
  --generated-at 2026-06-14T23:05:00+08:00

驗證 guard：

python3 scripts/security/security-mirror-progress-guard.py --root .

7. 完成度

工作	完成度	說明
owner request draft artifact	`100%`	38 份 request draft、snapshot、文件與 guard 已固定
request dispatch	`0%`	尚未送件
owner response received / accepted	`0%`	尚未收到，尚未驗收
live evidence collection	`0%`	未 SSH、未讀 offsite、未讀 live backup
backup / restore / offsite / escrow / retention gate	`0%`	未授權且未執行
runtime gate / production write	`0%`	未授權且未執行

5.0 KiB Raw Blame History Unescape Escape