coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b1aac08eb2a7fd565bacfa638537066d13565688
the-custodian/activity-definitions/ops-service-inventory-probes.md
tegwick b1aac08eb2 feat(ops): add ops-hub service inventory now view (CUST-WP-0047) 
Seed a non-secret service inventory (environments, hosts, clusters,
services, endpoints, access paths, evidence, gaps) with a JSON schema,
a renderer, and a generated service-catalog view. Adds the
`make ops-inventory-view` target, probe ActivityDefinition, and docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 00:12:30 +02:00

89 lines
2.8 KiB
Markdown
Raw Blame History

---
id: "40d15a87-7ff6-4d8e-992c-37df15f95110"
name: "Ops Service Inventory Probes"
type: activity-definition
version: "0.1"
enabled: false
owner: custodian
governance: custodian
status: proposed
created: "2026-06-05"
trigger:
type: cron
cron_expression: "15 * * * *"
timezone: Europe/Berlin
misfire_policy: skip
context_sources:
- type: static
bind_to: context.inventory_path
config:
value: /home/worsch/the-custodian/ops/service-inventory.yml
- type: static
bind_to: context.catalog_path
config:
value: /home/worsch/the-custodian/docs/ops-hub-service-catalog.md
---
# ActivityDefinition: Ops Service Inventory Probes
## Purpose
This disabled draft is the activity-core handoff point for
`CUST-WP-0047 - Ops Hub Service Inventory Now View`.
The future enabled routine should read the non-secret inventory, run repeatable
probes for declared endpoints and access paths, render the catalog view, and
submit non-secret ops evidence events against stable inventory ids.
## Runner Status
This definition is intentionally `enabled: false`.
Do not enable it until both of these are true:
- activity-core has an inventory probe runner or State Hub resolver that can
execute the checks without embedding secrets in ActivityRun context
- the ops-hub Inter-Hub widget/event sink can accept `ops-service-observed`,
`ops-endpoint-verified`, `ops-access-path-checked`, `ops-backup-verified`,
and `ops-inventory-drift` events
## Trigger
Hourly at minute 15 in `Europe/Berlin`, with `misfire_policy: skip`.
This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
## Probe Candidates
Initial deterministic probes:
- State Hub local health endpoint:
`http://127.0.0.1:8000/state/health`
- Inter-Hub OpenAPI endpoint:
`https://hub.coulomb.social/api/v2/openapi.json`
- Gitea OCI registry auth challenge:
`https://gitea.coulomb.social/v2/`
- activity-core API health and Temporal schedule availability
- ops-bridge tunnel reachability
- Haskell build-agent State Hub registration and tunnel state
## Output Contract
Each successful run should produce:
- an updated `docs/ops-hub-service-catalog.md`
- one evidence event per checked service/endpoint/access path
- one ActivityRun with compact non-secret summary metadata
- no credentials, tokens, cookies, private key material, or sensitive command
output in context snapshots, event metadata, reports, or logs
## Event Mapping
| Probe result | Event type |
|---|---|
| Runtime object observed | `ops-service-observed` |
| HTTP/HTTPS/tunnel endpoint matches expected signal | `ops-endpoint-verified` |
| SSH, Kubernetes, or HTTP access path checked | `ops-access-path-checked` |
| Backup and restore evidence found | `ops-backup-verified` |
| Observed runtime differs from inventory | `ops-inventory-drift` |
Reference in New Issue View Git Blame Copy Permalink