coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
55ba80e58402bb1eed6405cc6c1df8c82cd4b11e
the-custodian/activity-definitions/ops-service-inventory-probes.md
tegwick b1aac08eb2 feat(ops): add ops-hub service inventory now view (CUST-WP-0047) 
Seed a non-secret service inventory (environments, hosts, clusters,
services, endpoints, access paths, evidence, gaps) with a JSON schema,
a renderer, and a generated service-catalog view. Adds the
`make ops-inventory-view` target, probe ActivityDefinition, and docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 00:12:30 +02:00

2.8 KiB
Raw Blame History

id, name, type, version, enabled, owner, governance, status, created, trigger, context_sources
id name type version enabled owner governance status created trigger context_sources
40d15a87-7ff6-4d8e-992c-37df15f95110 Ops Service Inventory Probes activity-definition 0.1 false custodian custodian proposed 2026-06-05
type cron_expression timezone misfire_policy
cron 15 * * * * Europe/Berlin skip
type bind_to config
static context.inventory_path
value
/home/worsch/the-custodian/ops/service-inventory.yml
type bind_to config
static context.catalog_path
value
/home/worsch/the-custodian/docs/ops-hub-service-catalog.md

ActivityDefinition: Ops Service Inventory Probes

Purpose

This disabled draft is the activity-core handoff point for CUST-WP-0047 - Ops Hub Service Inventory Now View.

The future enabled routine should read the non-secret inventory, run repeatable probes for declared endpoints and access paths, render the catalog view, and submit non-secret ops evidence events against stable inventory ids.

Runner Status

This definition is intentionally enabled: false.

Do not enable it until both of these are true:

  • activity-core has an inventory probe runner or State Hub resolver that can execute the checks without embedding secrets in ActivityRun context
  • the ops-hub Inter-Hub widget/event sink can accept ops-service-observed, ops-endpoint-verified, ops-access-path-checked, ops-backup-verified, and ops-inventory-drift events

Trigger

Hourly at minute 15 in Europe/Berlin, with misfire_policy: skip.

This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.

Probe Candidates

Initial deterministic probes:

  • State Hub local health endpoint: http://127.0.0.1:8000/state/health
  • Inter-Hub OpenAPI endpoint: https://hub.coulomb.social/api/v2/openapi.json
  • Gitea OCI registry auth challenge: https://gitea.coulomb.social/v2/
  • activity-core API health and Temporal schedule availability
  • ops-bridge tunnel reachability
  • Haskell build-agent State Hub registration and tunnel state

Output Contract

Each successful run should produce:

  • an updated docs/ops-hub-service-catalog.md
  • one evidence event per checked service/endpoint/access path
  • one ActivityRun with compact non-secret summary metadata
  • no credentials, tokens, cookies, private key material, or sensitive command output in context snapshots, event metadata, reports, or logs

Event Mapping

Probe result Event type
Runtime object observed ops-service-observed
HTTP/HTTPS/tunnel endpoint matches expected signal ops-endpoint-verified
SSH, Kubernetes, or HTTP access path checked ops-access-path-checked
Backup and restore evidence found ops-backup-verified
Observed runtime differs from inventory ops-inventory-drift
Reference in New Issue View Git Blame Copy Permalink