docs: project docs, scripts, deployment configs, and evidence

docs/evidence/ops/2026-03-24/alerting/20260324-102553/ALERTMANAGER_RENDER_DRILL.md

@@ -0,0 +1,17 @@
+# Alertmanager Render Drill
+
+- Generated at: 2026-03-24 10:25:54 +08:00
+- Template file: D:\project\deployment\alertmanager\alertmanager.yml
+- Rendered file: D:\project\docs\evidence\ops\2026-03-24\alerting\20260324-102553\alertmanager.rendered.yaml
+- Synthetic secret values were injected through process environment variables for this drill only.
+- Result: template placeholders resolved successfully and the rendered config contains no unresolved `${ALERTMANAGER_*}` tokens.
+
+## Scope Note
+
+- This drill validates the config injection/rendering path only.
+- It does not prove real SMTP delivery, real contact routing, or production secret manager integration.
+
+## Evidence Files
+
+- alertmanager.rendered.yaml
+

docs/evidence/ops/2026-03-24/alerting/20260324-102553/alertmanager.rendered.yaml

@@ -0,0 +1,85 @@
+global:
+  resolve_timeout: 5m
+
+# 注意：
+# 该文件为模板文件，生产环境必须先注入并渲染 `${ALERTMANAGER_*}` 变量，
+# 再将渲染结果交给 Alertmanager 使用。
+
+# 告警路由
+route:
+  group_by: ['alertname', 'service']
+  group_wait: 30s
+  group_interval: 5m
+  repeat_interval: 12h
+  receiver: 'default'
+
+  # 子路由，根据严重级别分发
+  routes:
+    # Critical 告警
+    - match:
+        severity: critical
+      receiver: 'critical-alerts'
+      group_wait: 10s
+      continue: true
+
+    # Warning 告警
+    - match:
+        severity: warning
+      receiver: 'warning-alerts'
+      continue: true
+
+# 告警接收者
+receivers:
+  # 默认接收者
+  - name: 'default'
+    email_configs:
+      - to: 'ops-team@example.org'
+        from: 'alertmanager@example.org'
+        smarthost: 'smtp.example.org:587'
+        auth_username: 'alertmanager@example.org'
+        auth_password: 'synthetic-secret-for-render-drill'
+        headers:
+          Subject: '[{{ .Status | toUpper }}] {{ .GroupLabels.alertname }}'
+
+  # Critical 告警接收者
+  - name: 'critical-alerts'
+    email_configs:
+      - to: 'critical-oncall@example.org'
+        from: 'alertmanager@example.org'
+        smarthost: 'smtp.example.org:587'
+        auth_username: 'alertmanager@example.org'
+        auth_password: 'synthetic-secret-for-render-drill'
+        headers:
+          Subject: '[CRITICAL] {{ .GroupLabels.alertname }}'
+
+  # Warning 告警接收者
+  - name: 'warning-alerts'
+    email_configs:
+      - to: 'warning-oncall@example.org'
+        from: 'alertmanager@example.org'
+        smarthost: 'smtp.example.org:587'
+        auth_username: 'alertmanager@example.org'
+        auth_password: 'synthetic-secret-for-render-drill'
+        headers:
+          Subject: '[WARNING] {{ .GroupLabels.alertname }}'
+
+# 告警抑制规则
+inhibit_rules:
+  # 如果有 critical 告警，抑制同一服务的 warning 告警
+  - source_match:
+      severity: 'critical'
+    target_match:
+      severity: 'warning'
+    equal: ['service']
+
+# 告警静默规则（按需配置）
+# silences:
+#   - matchers:
+#       - name: alertname
+#         value: LowOnlineUsers
+#       - name: severity
+#         value: info
+#     startsAt: "2026-03-12T00:00:00+08:00"
+#     endsAt: "2026-03-12T23:59:59+08:00"
+#     comment: "维护期间静默低在线用户告警"
+

docs/evidence/ops/2026-03-24/alerting/ALERTING_PACKAGE_20260324-101306.md

@@ -0,0 +1,34 @@
+# Alerting Package Validation
+
+- Generated at: 2026-03-24 10:13:07 +08:00
+- Alerts file: D:\project\deployment\alertmanager\alerts.yml
+- Alertmanager file: D:\project\deployment\alertmanager\alertmanager.yml
+- Baseline report: D:\project\docs\evidence\ops\2026-03-24\observability\LOCAL_BASELINE_20260324-090637.md
+
+## Structural Validation
+
+- Rule inventory: critical=3, warning=4, info=2
+- Missing required rules: none
+- Root receiver: default
+- Critical route receiver: critical-alerts
+- Warning route receiver: warning-alerts
+- Missing required receivers: none
+- Structural ready: True
+
+## Threshold Alignment
+
+- HighResponseTime threshold: 1s
+- Latest browser max baseline: 242ms
+- Latest browser timings: login-desktop=242ms, login-initial=98ms, login-mobile=90ms, login-tablet=100ms
+
+## External Delivery Readiness
+
+- Placeholder findings: admin@example\.com, ops-team@example\.com, dev-team@example\.com, alertmanager@example\.com, smtp\.example\.com, auth_password:\s*'password'
+- External delivery closed: False
+- Interpretation: rules and route topology can be reviewed locally, but example SMTP/accounts mean real notification delivery evidence is still open until environment-specific contacts and secrets are injected.
+
+## Conclusion
+
+- Repo-level alerting package structurally ready: True
+- Repo-level oncall/delivery package fully closed: False
+

docs/evidence/ops/2026-03-24/alerting/ALERTING_PACKAGE_20260324-102540.md

@@ -0,0 +1,34 @@
+# Alerting Package Validation
+
+- Generated at: 2026-03-24 10:25:40 +08:00
+- Alerts file: D:\project\deployment\alertmanager\alerts.yml
+- Alertmanager file: D:\project\deployment\alertmanager\alertmanager.yml
+- Baseline report: D:\project\docs\evidence\ops\2026-03-24\observability\LOCAL_BASELINE_20260324-090637.md
+
+## Structural Validation
+
+- Rule inventory: critical=3, warning=4, info=2
+- Missing required rules: none
+- Root receiver: default
+- Critical route receiver: critical-alerts
+- Warning route receiver: warning-alerts
+- Missing required receivers: none
+- Structural ready: True
+
+## Threshold Alignment
+
+- HighResponseTime threshold: 1s
+- Latest browser max baseline: 242ms
+- Latest browser timings: login-desktop=242ms, login-initial=98ms, login-mobile=90ms, login-tablet=100ms
+
+## External Delivery Readiness
+
+- Placeholder findings: \$\{ALERTMANAGER_[A-Z0-9_]+\}
+- External delivery closed: False
+- Interpretation: rules and route topology can be reviewed locally, but unresolved template variables or example SMTP/accounts mean real notification delivery evidence is still open until environment-specific contacts and secrets are injected.
+
+## Conclusion
+
+- Repo-level alerting package structurally ready: True
+- Repo-level oncall/delivery package fully closed: False
+