long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: project docs, scripts, deployment configs, and evidence

Browse Source
This commit is contained in:
long-agent
2026-04-02 11:22:17 +08:00
parent 4718980ab5
commit bbeeb63dfa
396 changed files with 165018 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/evidence/ops/2026-03-29/alerting/20260329-100125/ALERTMANAGER_LIVE_DELIVERY_DRILL.md Normal file
View File

@@ -0,0 +1,29 @@
# Alertmanager Live Delivery Drill
- Generated at: 2026-03-29 10:01:25 +08:00
- Template file: D:\project\deployment\\alertmanager\\alertmanager.yml
- Env source: D:\project\deployment\alertmanager\alertmanager.env.example
- Redacted rendered config: not-generated
## Strict Preconditions
- Required variables present: True
- Placeholder/example-value findings: ALERTMANAGER_WARNING_TO still uses example domain; ALERTMANAGER_CRITICAL_TO still uses example domain; ALERTMANAGER_AUTH_USERNAME still uses example domain; ALERTMANAGER_SMARTHOST still uses example domain; ALERTMANAGER_DEFAULT_TO still uses example domain; ALERTMANAGER_AUTH_PASSWORD still uses placeholder secret; ALERTMANAGER_FROM still uses example domain
- Render path succeeded: False
## Delivery Attempt
- SMTP host: unparsed
- SMTP port: unparsed
- TLS enabled: True
- TCP connectivity succeeded: False
- TCP connectivity error: not-run
## Conclusion
- Live external delivery closed: False
- Failure reason: placeholder or example values detected
- This drill fails closed on unresolved placeholders, example domains, and placeholder secrets.
- The evidence intentionally stores only redacted config output and masked recipient information.
- A successful run proves real secret injection plus SMTP server acceptance for the configured on-call routes; it does not by itself prove downstream human acknowledgment.

17
docs/evidence/ops/2026-03-29/alerting/20260329-100125/ALERTMANAGER_RENDER_DRILL.md Normal file
View File

@@ -0,0 +1,17 @@
# Alertmanager Render Drill
- Generated at: 2026-03-29 10:01:25 +08:00
- Template file: D:\project\deployment\alertmanager\alertmanager.yml
- Rendered file: D:\project\docs\evidence\ops\2026-03-29\alerting\20260329-100125\alertmanager.rendered.yaml
- Synthetic secret values were injected through process environment variables for this drill only.
- Result: template placeholders resolved successfully and the rendered config contains no unresolved `${ALERTMANAGER_*}` tokens.
## Scope Note
- This drill validates the config injection/rendering path only.
- It does not prove real SMTP delivery, real contact routing, or production secret manager integration.
## Evidence Files
- alertmanager.rendered.yaml

85
docs/evidence/ops/2026-03-29/alerting/20260329-100125/alertmanager.rendered.yaml Normal file
View File

@@ -0,0 +1,85 @@
global:
resolve_timeout: 5m
# 注意:
# 该文件为模板文件,生产环境必须先注入并渲染 `${ALERTMANAGER_*}` 变量,
# 再将渲染结果交给 Alertmanager 使用。
# 告警路由
route:
group_by: ['alertname', 'service']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'default'
# 子路由,根据严重级别分发
routes:
# Critical 告警
- match:
severity: critical
receiver: 'critical-alerts'
group_wait: 10s
continue: true
# Warning 告警
- match:
severity: warning
receiver: 'warning-alerts'
continue: true
# 告警接收者
receivers:
# 默认接收者
- name: 'default'
email_configs:
- to: 'ops-team@example.org'
from: 'alertmanager@example.org'
smarthost: 'smtp.example.org:587'
auth_username: 'alertmanager@example.org'
auth_password: 'synthetic-secret-for-render-drill'
headers:
Subject: '[{{ .Status | toUpper }}] {{ .GroupLabels.alertname }}'
# Critical 告警接收者
- name: 'critical-alerts'
email_configs:
- to: 'critical-oncall@example.org'
from: 'alertmanager@example.org'
smarthost: 'smtp.example.org:587'
auth_username: 'alertmanager@example.org'
auth_password: 'synthetic-secret-for-render-drill'
headers:
Subject: '[CRITICAL] {{ .GroupLabels.alertname }}'
# Warning 告警接收者
- name: 'warning-alerts'
email_configs:
- to: 'warning-oncall@example.org'
from: 'alertmanager@example.org'
smarthost: 'smtp.example.org:587'
auth_username: 'alertmanager@example.org'
auth_password: 'synthetic-secret-for-render-drill'
headers:
Subject: '[WARNING] {{ .GroupLabels.alertname }}'
# 告警抑制规则
inhibit_rules:
# 如果有 critical 告警,抑制同一服务的 warning 告警
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
equal: ['service']
# 告警静默规则(按需配置)
# silences:
# - matchers:
# - name: alertname
# value: LowOnlineUsers
# - name: severity
# value: info
# startsAt: "2026-03-12T00:00:00+08:00"
# endsAt: "2026-03-12T23:59:59+08:00"
# comment: "维护期间静默低在线用户告警"

29
docs/evidence/ops/2026-03-29/alerting/20260329-100315/ALERTMANAGER_LIVE_DELIVERY_DRILL.md Normal file
View File

@@ -0,0 +1,29 @@
# Alertmanager Live Delivery Drill
- Generated at: 2026-03-29 10:03:15 +08:00
- Template file: D:\project\deployment\alertmanager\alertmanager.yml
- Env source: D:\project\deployment\alertmanager\alertmanager.env.example
- Redacted rendered config: not-generated
## Strict Preconditions
- Required variables present: True
- Placeholder/example-value findings: ALERTMANAGER_WARNING_TO still uses example domain; ALERTMANAGER_CRITICAL_TO still uses example domain; ALERTMANAGER_AUTH_USERNAME still uses example domain; ALERTMANAGER_SMARTHOST still uses example domain; ALERTMANAGER_DEFAULT_TO still uses example domain; ALERTMANAGER_AUTH_PASSWORD still uses placeholder secret; ALERTMANAGER_FROM still uses example domain
- Render path succeeded: False
## Delivery Attempt
- SMTP host: unparsed
- SMTP port: unparsed
- TLS enabled: True
- TCP connectivity succeeded: False
- TCP connectivity error: not-run
## Conclusion
- Live external delivery closed: False
- Failure reason: placeholder or example values detected
- This drill fails closed on unresolved placeholders, example domains, and placeholder secrets.
- The evidence intentionally stores only redacted config output and masked recipient information.
- A successful run proves real secret injection plus SMTP server acceptance for the configured on-call routes; it does not by itself prove downstream human acknowledgment.

17
docs/evidence/ops/2026-03-29/alerting/20260329-100315/ALERTMANAGER_RENDER_DRILL.md Normal file
View File

@@ -0,0 +1,17 @@
# Alertmanager Render Drill
- Generated at: 2026-03-29 10:03:16 +08:00
- Template file: D:\project\deployment\alertmanager\alertmanager.yml
- Rendered file: D:\project\docs\evidence\ops\2026-03-29\alerting\20260329-100315\alertmanager.rendered.yaml
- Synthetic secret values were injected through process environment variables for this drill only.
- Result: template placeholders resolved successfully and the rendered config contains no unresolved `${ALERTMANAGER_*}` tokens.
## Scope Note
- This drill validates the config injection/rendering path only.
- It does not prove real SMTP delivery, real contact routing, or production secret manager integration.
## Evidence Files
- alertmanager.rendered.yaml

85
docs/evidence/ops/2026-03-29/alerting/20260329-100315/alertmanager.rendered.yaml Normal file
View File

@@ -0,0 +1,85 @@
global:
resolve_timeout: 5m
# 注意:
# 该文件为模板文件,生产环境必须先注入并渲染 `${ALERTMANAGER_*}` 变量,
# 再将渲染结果交给 Alertmanager 使用。
# 告警路由
route:
group_by: ['alertname', 'service']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'default'
# 子路由,根据严重级别分发
routes:
# Critical 告警
- match:
severity: critical
receiver: 'critical-alerts'
group_wait: 10s
continue: true
# Warning 告警
- match:
severity: warning
receiver: 'warning-alerts'
continue: true
# 告警接收者
receivers:
# 默认接收者
- name: 'default'
email_configs:
- to: 'ops-team@example.org'
from: 'alertmanager@example.org'
smarthost: 'smtp.example.org:587'
auth_username: 'alertmanager@example.org'
auth_password: 'synthetic-secret-for-render-drill'
headers:
Subject: '[{{ .Status | toUpper }}] {{ .GroupLabels.alertname }}'
# Critical 告警接收者
- name: 'critical-alerts'
email_configs:
- to: 'critical-oncall@example.org'
from: 'alertmanager@example.org'
smarthost: 'smtp.example.org:587'
auth_username: 'alertmanager@example.org'
auth_password: 'synthetic-secret-for-render-drill'
headers:
Subject: '[CRITICAL] {{ .GroupLabels.alertname }}'
# Warning 告警接收者
- name: 'warning-alerts'
email_configs:
- to: 'warning-oncall@example.org'
from: 'alertmanager@example.org'
smarthost: 'smtp.example.org:587'
auth_username: 'alertmanager@example.org'
auth_password: 'synthetic-secret-for-render-drill'
headers:
Subject: '[WARNING] {{ .GroupLabels.alertname }}'
# 告警抑制规则
inhibit_rules:
# 如果有 critical 告警,抑制同一服务的 warning 告警
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
equal: ['service']
# 告警静默规则(按需配置)
# silences:
# - matchers:
# - name: alertname
# value: LowOnlineUsers
# - name: severity
# value: info
# startsAt: "2026-03-12T00:00:00+08:00"
# endsAt: "2026-03-12T23:59:59+08:00"
# comment: "维护期间静默低在线用户告警"

34
docs/evidence/ops/2026-03-29/alerting/ALERTING_PACKAGE_20260329-100315.md Normal file
View File

@@ -0,0 +1,34 @@
# Alerting Package Validation
- Generated at: 2026-03-29 10:03:16 +08:00
- Alerts file: D:\project\deployment\alertmanager\alerts.yml
- Alertmanager file: D:\project\deployment\alertmanager\alertmanager.yml
- Baseline report: D:\project\docs\evidence\ops\2026-03-27\observability\LOCAL_BASELINE_20260327-182005.md
## Structural Validation
- Rule inventory: critical=3, warning=4, info=2
- Missing required rules: none
- Root receiver: default
- Critical route receiver: critical-alerts
- Warning route receiver: warning-alerts
- Missing required receivers: none
- Structural ready: True
## Threshold Alignment
- HighResponseTime threshold: 1s
- Latest browser max baseline: 186ms
- Latest browser timings: login-desktop=186ms, login-initial=99ms, login-mobile=96ms, login-tablet=117ms
## External Delivery Readiness
- Placeholder findings: \$\{ALERTMANAGER_[A-Z0-9_]+\}
- External delivery closed: False
- Interpretation: rules and route topology can be reviewed locally, but unresolved template variables or example SMTP/accounts mean real notification delivery evidence is still open until environment-specific contacts and secrets are injected.
## Conclusion
- Repo-level alerting package structurally ready: True
- Repo-level oncall/delivery package fully closed: False