coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eec96aa028c5f4d6905dfd4e03f30544c32d5ce
the-custodian/activity-definitions/ops-service-inventory-probes.md

116 lines
3.8 KiB
Markdown
Raw Blame History

---
id: "40d15a87-7ff6-4d8e-992c-37df15f95110"
name: "Ops Service Inventory Probes"
type: activity-definition
version: "0.1"
enabled: false
owner: custodian
governance: custodian
status: proposed
created: "2026-06-05"
trigger:
type: cron
cron_expression: "15 * * * *"
timezone: Europe/Berlin
misfire_policy: skip
context_sources:
- type: ops-inventory
query: probe_services
required: false
params:
inventory_path: /etc/activity-core/ops/service-inventory.yml
timeout_seconds: 10
include_kinds:
- http
- https
allow_network: true
evidence_sinks:
- type: state-hub-progress
event_type: ops_inventory_probe
author: activity-core
bind_to: context.ops_inventory_probe
---
# ActivityDefinition: Ops Service Inventory Probes
## Purpose
This disabled source definition is the activity-core handoff point for
`CUST-WP-0047 - Ops Hub Service Inventory Now View`.
When enabled by the activity-core runtime, it reads the non-secret service
inventory through the `ops-inventory` context resolver, runs bounded HTTP/HTTPS
endpoint probes, and submits compact non-secret evidence to State Hub progress.
## Runner Status
This source definition remains intentionally `enabled: false`.
Do not enable it until live Railiance verification confirms both of these are
true:
- activity-core has projected this definition with the container-local
inventory snapshot at `/etc/activity-core/ops/service-inventory.yml`
- the State Hub `ops_inventory_probe` evidence sink is reachable from the
worker without embedding secrets in ActivityRun context
The Inter-Hub ops-hub widget/event sink remains the promotion target for
`ops-service-observed`, `ops-endpoint-verified`, `ops-access-path-checked`,
`ops-backup-verified`, and `ops-inventory-drift` events. It is not required for
the current State Hub progress evidence path.
## Trigger
Hourly at minute 15 in `Europe/Berlin`, with `misfire_policy: skip`.
This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
## Context Source
The source contract matches the activity-core `ops-inventory` resolver:
- `query: probe_services`
- `bind_to: context.ops_inventory_probe`
- `params.inventory_path: /etc/activity-core/ops/service-inventory.yml`
- `params.include_kinds: [http, https]`
- `params.evidence_sinks`: State Hub progress event
`ops_inventory_probe` by `activity-core`
The `/etc/activity-core/...` path is intentional. Custodian owns the source
definition and inventory file; the Railiance activity-core projection supplies
the container-local ConfigMap path at runtime.
## Probe Candidates
Initial deterministic HTTP/HTTPS probes:
- Inter-Hub OpenAPI endpoint:
`https://hub.coulomb.social/api/v2/openapi.json`
- Gitea OCI registry auth challenge:
`https://gitea.coulomb.social/v2/`
The Railiance projection rewrites the State Hub inventory endpoint to the
in-cluster bridge URL before probing. Non-HTTP access paths, cluster-local
checks, SSH, tunnel, backup, and authenticated checks are skipped by this first
safe slice rather than treated as failures.
## Output Contract
Each successful run should produce:
- a compact `context.ops_inventory_probe` summary
- one State Hub progress event with `event_type: ops_inventory_probe`
- one ActivityRun with compact non-secret summary metadata
- no credentials, tokens, cookies, private key material, or sensitive command
output in context snapshots, event metadata, reports, or logs
## Event Mapping
| Probe result | Event type |
|---|---|
| Runtime object observed | `ops-service-observed` |
| HTTP/HTTPS/tunnel endpoint matches expected signal | `ops-endpoint-verified` |
| SSH, Kubernetes, or HTTP access path checked | `ops-access-path-checked` |
| Backup and restore evidence found | `ops-backup-verified` |
| Observed runtime differs from inventory | `ops-inventory-drift` |
Reference in New Issue View Git Blame Copy Permalink