feat(ops): align inventory probe activity source
This commit is contained in:
@@ -52,6 +52,15 @@ Current active runner:
|
|||||||
- Prompt source:
|
- Prompt source:
|
||||||
`/home/worsch/the-custodian/runtime/prompts/daily_statehub_wsgi_triage.md`
|
`/home/worsch/the-custodian/runtime/prompts/daily_statehub_wsgi_triage.md`
|
||||||
|
|
||||||
|
Railiance projection note:
|
||||||
|
|
||||||
|
- This Custodian file remains the canonical prompt, schedule, and governance
|
||||||
|
contract.
|
||||||
|
- The Railiance activity-core projection may rewrite runtime-only paths, such
|
||||||
|
as `output_schema` to `/etc/activity-core/schemas/daily-triage-report.json`,
|
||||||
|
and mounts working-memory storage for the worker. Those container-local paths
|
||||||
|
are deployment wiring, not the source contract.
|
||||||
|
|
||||||
Deprecated fallback runner:
|
Deprecated fallback runner:
|
||||||
|
|
||||||
- Codex app automation: `daily-state-hub-wsjf-triage`
|
- Codex app automation: `daily-state-hub-wsjf-triage`
|
||||||
|
|||||||
@@ -14,38 +14,50 @@ trigger:
|
|||||||
timezone: Europe/Berlin
|
timezone: Europe/Berlin
|
||||||
misfire_policy: skip
|
misfire_policy: skip
|
||||||
context_sources:
|
context_sources:
|
||||||
- type: static
|
- type: ops-inventory
|
||||||
bind_to: context.inventory_path
|
query: probe_services
|
||||||
config:
|
required: false
|
||||||
value: /home/worsch/the-custodian/ops/service-inventory.yml
|
params:
|
||||||
- type: static
|
inventory_path: /etc/activity-core/ops/service-inventory.yml
|
||||||
bind_to: context.catalog_path
|
timeout_seconds: 10
|
||||||
config:
|
include_kinds:
|
||||||
value: /home/worsch/the-custodian/docs/ops-hub-service-catalog.md
|
- http
|
||||||
|
- https
|
||||||
|
allow_network: true
|
||||||
|
evidence_sinks:
|
||||||
|
- type: state-hub-progress
|
||||||
|
event_type: ops_inventory_probe
|
||||||
|
author: activity-core
|
||||||
|
bind_to: context.ops_inventory_probe
|
||||||
---
|
---
|
||||||
|
|
||||||
# ActivityDefinition: Ops Service Inventory Probes
|
# ActivityDefinition: Ops Service Inventory Probes
|
||||||
|
|
||||||
## Purpose
|
## Purpose
|
||||||
|
|
||||||
This disabled draft is the activity-core handoff point for
|
This disabled source definition is the activity-core handoff point for
|
||||||
`CUST-WP-0047 - Ops Hub Service Inventory Now View`.
|
`CUST-WP-0047 - Ops Hub Service Inventory Now View`.
|
||||||
|
|
||||||
The future enabled routine should read the non-secret inventory, run repeatable
|
When enabled by the activity-core runtime, it reads the non-secret service
|
||||||
probes for declared endpoints and access paths, render the catalog view, and
|
inventory through the `ops-inventory` context resolver, runs bounded HTTP/HTTPS
|
||||||
submit non-secret ops evidence events against stable inventory ids.
|
endpoint probes, and submits compact non-secret evidence to State Hub progress.
|
||||||
|
|
||||||
## Runner Status
|
## Runner Status
|
||||||
|
|
||||||
This definition is intentionally `enabled: false`.
|
This source definition remains intentionally `enabled: false`.
|
||||||
|
|
||||||
Do not enable it until both of these are true:
|
Do not enable it until live Railiance verification confirms both of these are
|
||||||
|
true:
|
||||||
|
|
||||||
- activity-core has an inventory probe runner or State Hub resolver that can
|
- activity-core has projected this definition with the container-local
|
||||||
execute the checks without embedding secrets in ActivityRun context
|
inventory snapshot at `/etc/activity-core/ops/service-inventory.yml`
|
||||||
- the ops-hub Inter-Hub widget/event sink can accept `ops-service-observed`,
|
- the State Hub `ops_inventory_probe` evidence sink is reachable from the
|
||||||
`ops-endpoint-verified`, `ops-access-path-checked`, `ops-backup-verified`,
|
worker without embedding secrets in ActivityRun context
|
||||||
and `ops-inventory-drift` events
|
|
||||||
|
The Inter-Hub ops-hub widget/event sink remains the promotion target for
|
||||||
|
`ops-service-observed`, `ops-endpoint-verified`, `ops-access-path-checked`,
|
||||||
|
`ops-backup-verified`, and `ops-inventory-drift` events. It is not required for
|
||||||
|
the current State Hub progress evidence path.
|
||||||
|
|
||||||
## Trigger
|
## Trigger
|
||||||
|
|
||||||
@@ -53,26 +65,41 @@ Hourly at minute 15 in `Europe/Berlin`, with `misfire_policy: skip`.
|
|||||||
|
|
||||||
This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
|
This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
|
||||||
|
|
||||||
|
## Context Source
|
||||||
|
|
||||||
|
The source contract matches the activity-core `ops-inventory` resolver:
|
||||||
|
|
||||||
|
- `query: probe_services`
|
||||||
|
- `bind_to: context.ops_inventory_probe`
|
||||||
|
- `params.inventory_path: /etc/activity-core/ops/service-inventory.yml`
|
||||||
|
- `params.include_kinds: [http, https]`
|
||||||
|
- `params.evidence_sinks`: State Hub progress event
|
||||||
|
`ops_inventory_probe` by `activity-core`
|
||||||
|
|
||||||
|
The `/etc/activity-core/...` path is intentional. Custodian owns the source
|
||||||
|
definition and inventory file; the Railiance activity-core projection supplies
|
||||||
|
the container-local ConfigMap path at runtime.
|
||||||
|
|
||||||
## Probe Candidates
|
## Probe Candidates
|
||||||
|
|
||||||
Initial deterministic probes:
|
Initial deterministic HTTP/HTTPS probes:
|
||||||
|
|
||||||
- State Hub local health endpoint:
|
|
||||||
`http://127.0.0.1:8000/state/health`
|
|
||||||
- Inter-Hub OpenAPI endpoint:
|
- Inter-Hub OpenAPI endpoint:
|
||||||
`https://hub.coulomb.social/api/v2/openapi.json`
|
`https://hub.coulomb.social/api/v2/openapi.json`
|
||||||
- Gitea OCI registry auth challenge:
|
- Gitea OCI registry auth challenge:
|
||||||
`https://gitea.coulomb.social/v2/`
|
`https://gitea.coulomb.social/v2/`
|
||||||
- activity-core API health and Temporal schedule availability
|
|
||||||
- ops-bridge tunnel reachability
|
The Railiance projection rewrites the State Hub inventory endpoint to the
|
||||||
- Haskell build-agent State Hub registration and tunnel state
|
in-cluster bridge URL before probing. Non-HTTP access paths, cluster-local
|
||||||
|
checks, SSH, tunnel, backup, and authenticated checks are skipped by this first
|
||||||
|
safe slice rather than treated as failures.
|
||||||
|
|
||||||
## Output Contract
|
## Output Contract
|
||||||
|
|
||||||
Each successful run should produce:
|
Each successful run should produce:
|
||||||
|
|
||||||
- an updated `docs/ops-hub-service-catalog.md`
|
- a compact `context.ops_inventory_probe` summary
|
||||||
- one evidence event per checked service/endpoint/access path
|
- one State Hub progress event with `event_type: ops_inventory_probe`
|
||||||
- one ActivityRun with compact non-secret summary metadata
|
- one ActivityRun with compact non-secret summary metadata
|
||||||
- no credentials, tokens, cookies, private key material, or sensitive command
|
- no credentials, tokens, cookies, private key material, or sensitive command
|
||||||
output in context snapshots, event metadata, reports, or logs
|
output in context snapshots, event metadata, reports, or logs
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ topic_slug: custodian
|
|||||||
planning_priority: high
|
planning_priority: high
|
||||||
planning_order: 47
|
planning_order: 47
|
||||||
created: "2026-06-05"
|
created: "2026-06-05"
|
||||||
updated: "2026-06-05"
|
updated: "2026-06-16"
|
||||||
state_hub_workstream_id: "656e435d-3a00-4f5e-a38e-114467f9062e"
|
state_hub_workstream_id: "656e435d-3a00-4f5e-a38e-114467f9062e"
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -190,7 +190,7 @@ activated.
|
|||||||
|
|
||||||
```task
|
```task
|
||||||
id: CUST-WP-0047-T07
|
id: CUST-WP-0047-T07
|
||||||
status: progress
|
status: done
|
||||||
priority: medium
|
priority: medium
|
||||||
state_hub_task_id: "5a972670-934f-458c-8274-acabc290992f"
|
state_hub_task_id: "5a972670-934f-458c-8274-acabc290992f"
|
||||||
```
|
```
|
||||||
@@ -216,8 +216,24 @@ Progress 2026-06-05:
|
|||||||
- The definition names the inventory/catalog paths, hourly trigger, first probe
|
- The definition names the inventory/catalog paths, hourly trigger, first probe
|
||||||
candidates, and evidence event mapping.
|
candidates, and evidence event mapping.
|
||||||
|
|
||||||
Remaining work: implement the activity-core probe runner/resolver and enable the
|
At this point the Custodian source definition still needed to be aligned with
|
||||||
definition only after the ops-hub Inter-Hub widget/event sink is active.
|
the activity-core probe runner/resolver before the disabled handoff could be
|
||||||
|
projected cleanly into Railiance.
|
||||||
|
|
||||||
|
Completed 2026-06-16:
|
||||||
|
|
||||||
|
- Updated `activity-definitions/ops-service-inventory-probes.md` from static
|
||||||
|
path handoff to the implemented activity-core `ops-inventory` resolver:
|
||||||
|
`query: probe_services`, `bind_to: context.ops_inventory_probe`, projected
|
||||||
|
inventory path `/etc/activity-core/ops/service-inventory.yml`, and first safe
|
||||||
|
`http`/`https` endpoint probes.
|
||||||
|
- Added the explicit State Hub progress evidence sink:
|
||||||
|
`type: state-hub-progress`, `event_type: ops_inventory_probe`,
|
||||||
|
`author: activity-core`.
|
||||||
|
- Kept the source definition disabled for live Railiance verification. The
|
||||||
|
source-owned probe contract is now ready; the remaining open work in this
|
||||||
|
workplan is the human/operator-gated Inter-Hub ops-hub widget activation in
|
||||||
|
T05.
|
||||||
|
|
||||||
## Acceptance Criteria
|
## Acceptance Criteria
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user