---
id: "40d15a87-7ff6-4d8e-992c-37df15f95110"
name: "Ops Service Inventory Probes"
type: activity-definition
version: "0.1"
enabled: false
owner: custodian
governance: custodian
status: proposed
created: "2026-06-05"
trigger:
  type: cron
  cron_expression: "15 * * * *"
  timezone: Europe/Berlin
  misfire_policy: skip
context_sources:
  - type: ops-inventory
    query: probe_services
    required: false
    params:
      inventory_path: /etc/activity-core/ops/service-inventory.yml
      timeout_seconds: 10
      include_kinds:
        - http
        - https
      allow_network: true
      evidence_sinks:
        - type: state-hub-progress
          event_type: ops_inventory_probe
          author: activity-core
    bind_to: context.ops_inventory_probe
---

# ActivityDefinition: Ops Service Inventory Probes

## Purpose

This disabled source definition is the activity-core handoff point for
`CUST-WP-0047 - Ops Hub Service Inventory Now View`.

When enabled by the activity-core runtime, it reads the non-secret service
inventory through the `ops-inventory` context resolver, runs bounded HTTP/HTTPS
endpoint probes, and submits compact non-secret evidence to State Hub progress.

## Runner Status

This source definition remains intentionally `enabled: false`.

Do not enable it until live Railiance verification confirms both of these are
true:

- activity-core has projected this definition with the container-local
  inventory snapshot at `/etc/activity-core/ops/service-inventory.yml`
- the State Hub `ops_inventory_probe` evidence sink is reachable from the
  worker without embedding secrets in ActivityRun context

The Inter-Hub ops-hub widget/event sink remains the promotion target for
`ops-service-observed`, `ops-endpoint-verified`, `ops-access-path-checked`,
`ops-backup-verified`, and `ops-inventory-drift` events. It is not required for
the current State Hub progress evidence path.

## Trigger

Hourly at minute 15 in `Europe/Berlin`, with `misfire_policy: skip`.

This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.

## Context Source

The source contract matches the activity-core `ops-inventory` resolver:

- `query: probe_services`
- `bind_to: context.ops_inventory_probe`
- `params.inventory_path: /etc/activity-core/ops/service-inventory.yml`
- `params.include_kinds: [http, https]`
- `params.evidence_sinks`: State Hub progress event
  `ops_inventory_probe` by `activity-core`

The `/etc/activity-core/...` path is intentional. Custodian owns the source
definition and inventory file; the Railiance activity-core projection supplies
the container-local ConfigMap path at runtime.

## Probe Candidates

Initial deterministic HTTP/HTTPS probes:

- Inter-Hub OpenAPI endpoint:
  `https://hub.coulomb.social/api/v2/openapi.json`
- Gitea OCI registry auth challenge:
  `https://gitea.coulomb.social/v2/`

The Railiance projection rewrites the State Hub inventory endpoint to the
in-cluster bridge URL before probing. Non-HTTP access paths, cluster-local
checks, SSH, tunnel, backup, and authenticated checks are skipped by this first
safe slice rather than treated as failures.

## Output Contract

Each successful run should produce:

- a compact `context.ops_inventory_probe` summary
- one State Hub progress event with `event_type: ops_inventory_probe`
- one ActivityRun with compact non-secret summary metadata
- no credentials, tokens, cookies, private key material, or sensitive command
  output in context snapshots, event metadata, reports, or logs

## Event Mapping

| Probe result | Event type |
|---|---|
| Runtime object observed | `ops-service-observed` |
| HTTP/HTTPS/tunnel endpoint matches expected signal | `ops-endpoint-verified` |
| SSH, Kubernetes, or HTTP access path checked | `ops-access-path-checked` |
| Backup and restore evidence found | `ops-backup-verified` |
| Observed runtime differs from inventory | `ops-inventory-drift` |