3.8 KiB
id, name, type, version, enabled, owner, governance, status, created, trigger, context_sources
| id | name | type | version | enabled | owner | governance | status | created | trigger | context_sources | ||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 40d15a87-7ff6-4d8e-992c-37df15f95110 | Ops Service Inventory Probes | activity-definition | 0.1 | false | custodian | custodian | proposed | 2026-06-05 |
|
|
ActivityDefinition: Ops Service Inventory Probes
Purpose
This disabled source definition is the activity-core handoff point for
CUST-WP-0047 - Ops Hub Service Inventory Now View.
When enabled by the activity-core runtime, it reads the non-secret service
inventory through the ops-inventory context resolver, runs bounded HTTP/HTTPS
endpoint probes, and submits compact non-secret evidence to State Hub progress.
Runner Status
This source definition remains intentionally enabled: false.
Do not enable it until live Railiance verification confirms both of these are true:
- activity-core has projected this definition with the container-local
inventory snapshot at
/etc/activity-core/ops/service-inventory.yml - the State Hub
ops_inventory_probeevidence sink is reachable from the worker without embedding secrets in ActivityRun context
The Inter-Hub ops-hub widget/event sink remains the promotion target for
ops-service-observed, ops-endpoint-verified, ops-access-path-checked,
ops-backup-verified, and ops-inventory-drift events. It is not required for
the current State Hub progress evidence path.
Trigger
Hourly at minute 15 in Europe/Berlin, with misfire_policy: skip.
This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
Context Source
The source contract matches the activity-core ops-inventory resolver:
query: probe_servicesbind_to: context.ops_inventory_probeparams.inventory_path: /etc/activity-core/ops/service-inventory.ymlparams.include_kinds: [http, https]params.evidence_sinks: State Hub progress eventops_inventory_probebyactivity-core
The /etc/activity-core/... path is intentional. Custodian owns the source
definition and inventory file; the Railiance activity-core projection supplies
the container-local ConfigMap path at runtime.
Probe Candidates
Initial deterministic HTTP/HTTPS probes:
- Inter-Hub OpenAPI endpoint:
https://hub.coulomb.social/api/v2/openapi.json - Gitea OCI registry auth challenge:
https://gitea.coulomb.social/v2/
The Railiance projection rewrites the State Hub inventory endpoint to the in-cluster bridge URL before probing. Non-HTTP access paths, cluster-local checks, SSH, tunnel, backup, and authenticated checks are skipped by this first safe slice rather than treated as failures.
Output Contract
Each successful run should produce:
- a compact
context.ops_inventory_probesummary - one State Hub progress event with
event_type: ops_inventory_probe - one ActivityRun with compact non-secret summary metadata
- no credentials, tokens, cookies, private key material, or sensitive command output in context snapshots, event metadata, reports, or logs
Event Mapping
| Probe result | Event type |
|---|---|
| Runtime object observed | ops-service-observed |
| HTTP/HTTPS/tunnel endpoint matches expected signal | ops-endpoint-verified |
| SSH, Kubernetes, or HTTP access path checked | ops-access-path-checked |
| Backup and restore evidence found | ops-backup-verified |
| Observed runtime differs from inventory | ops-inventory-drift |