44r0n7
0265afa054
Import the runnable game code, content, docs, scripts, and repo guidance while leaving local agent state, dependency installs, build output, and backup copies out of the published tree.
234 lines
7.5 KiB
JSON
234 lines
7.5 KiB
JSON
{
|
|
"_schema_version": "1.1",
|
|
"_description": "Central registry of all world flags. Every flag used in any quest, incident, or dialogue must be declared here. Flags not in this registry will fail content validation.",
|
|
|
|
"flags": [
|
|
{
|
|
"id": "player_ssh_configured",
|
|
"description": "Player has added their public key to ~/.ssh/authorized_keys on the workstation with correct permissions.",
|
|
"set_by": ["Q001"],
|
|
"read_by": ["Q002", "Q003", "Q004", "Q005", "Q006", "Q007", "Q008"],
|
|
"gates": ["quest_unlock:Q002", "quest_unlock:Q003", "quest_unlock:Q004"],
|
|
"persists": true
|
|
},
|
|
{
|
|
"id": "player_loose_permissions",
|
|
"description": "Player set up authorized_keys but with overly permissive file or directory permissions.",
|
|
"set_by": ["Q001"],
|
|
"read_by": ["marcus-Q001"],
|
|
"gates": [],
|
|
"persists": true
|
|
},
|
|
{
|
|
"id": "nginx_stable",
|
|
"description": "Nginx is correctly configured, running, and enabled on hermes.",
|
|
"set_by": ["Q002"],
|
|
"read_by": ["Q003"],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["nginx_unstable"]
|
|
},
|
|
{
|
|
"id": "nginx_unstable",
|
|
"description": "Nginx is running but has a known fragility — not enabled on boot, or a quick-fix config.",
|
|
"set_by": ["Q002"],
|
|
"read_by": ["Q003"],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["nginx_stable"]
|
|
},
|
|
{
|
|
"id": "hermes_web_healthy",
|
|
"description": "The web server on hermes is responding to requests normally.",
|
|
"set_by": ["Q002"],
|
|
"read_by": ["Q003", "Q004"],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_web_down"]
|
|
},
|
|
{
|
|
"id": "hermes_web_down",
|
|
"description": "Nginx on hermes is inactive.",
|
|
"set_by": ["Q002", "Q003"],
|
|
"read_by": ["sarah-Q003-angry"],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_web_healthy"]
|
|
},
|
|
{
|
|
"id": "hermes_logrotate_healthy",
|
|
"description": "Nginx logrotate config exists and is correctly configured on hermes.",
|
|
"set_by": ["Q003"],
|
|
"read_by": ["I001"],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_log_pressure_pending"]
|
|
},
|
|
{
|
|
"id": "hermes_disk_healthy",
|
|
"description": "Disk utilization on hermes is below the alert threshold.",
|
|
"set_by": ["Q003"],
|
|
"read_by": ["I001"],
|
|
"gates": [],
|
|
"persists": false
|
|
},
|
|
{
|
|
"id": "hermes_log_pressure_pending",
|
|
"description": "Disk was cleared on hermes but logrotate is not configured. Log will grow again.",
|
|
"set_by": ["Q003"],
|
|
"read_by": ["I001"],
|
|
"gates": ["incident_trigger:I001"],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_logrotate_healthy"]
|
|
},
|
|
{
|
|
"id": "web_disk_pressure_active",
|
|
"description": "Disk pressure on hermes is actively worsening due to unrotated logs.",
|
|
"set_by": ["I001"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": false
|
|
},
|
|
{
|
|
"id": "hermes_deploy_healthy",
|
|
"description": "Web root ownership on hermes is correct and the deploy service can run without errors.",
|
|
"set_by": ["Q004"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_deploy_partial"]
|
|
},
|
|
{
|
|
"id": "hermes_deploy_partial",
|
|
"description": "Web root top-level ownership is corrected but child files are still root-owned.",
|
|
"set_by": ["Q004"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_deploy_healthy"]
|
|
},
|
|
{
|
|
"id": "hermes_backup_healthy",
|
|
"description": "Backup cron job runs as backup-agent, old files cleaned, disk below threshold.",
|
|
"set_by": ["Q005"],
|
|
"read_by": ["I002"],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_backup_partial", "hermes_backup_root_running"]
|
|
},
|
|
{
|
|
"id": "hermes_backup_partial",
|
|
"description": "Cron job user corrected but old root-owned backup files not cleaned up.",
|
|
"set_by": ["Q005"],
|
|
"read_by": ["I002"],
|
|
"gates": ["incident_trigger:I002"],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_backup_healthy"]
|
|
},
|
|
{
|
|
"id": "hermes_backup_root_running",
|
|
"description": "Disk was cleared but the cron job is still running as root. Problem will recur.",
|
|
"set_by": ["Q005"],
|
|
"read_by": ["I002"],
|
|
"gates": ["incident_trigger:I002"],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_backup_healthy"]
|
|
},
|
|
{
|
|
"id": "vulcan_ntp_healthy",
|
|
"description": "Time synchronization is active and enabled at boot on vulcan.",
|
|
"set_by": ["Q006"],
|
|
"read_by": ["Q008"],
|
|
"gates": ["quest_unlock:Q008"],
|
|
"persists": true,
|
|
"conflicts_with": ["vulcan_ntp_fragile"]
|
|
},
|
|
{
|
|
"id": "vulcan_ntp_fragile",
|
|
"description": "NTP is running on vulcan but not enabled at boot.",
|
|
"set_by": ["Q006"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["vulcan_ntp_healthy"]
|
|
},
|
|
{
|
|
"id": "vulcan_builds_healthy",
|
|
"description": "Package management on vulcan works without signature errors.",
|
|
"set_by": ["Q006"],
|
|
"read_by": ["Q008"],
|
|
"gates": [],
|
|
"persists": true
|
|
},
|
|
{
|
|
"id": "hermes_ssh_hardened_correct",
|
|
"description": "sshd on hermes uses AllowGroups with web-admin, correctly restricting access.",
|
|
"set_by": ["Q007"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_ssh_allowusers_fragile", "hermes_ssh_unrestricted"]
|
|
},
|
|
{
|
|
"id": "hermes_ssh_allowusers_fragile",
|
|
"description": "sshd uses AllowUsers — works but requires manual updates for new users.",
|
|
"set_by": ["Q007"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_ssh_hardened_correct", "hermes_ssh_unrestricted"]
|
|
},
|
|
{
|
|
"id": "hermes_ssh_unrestricted",
|
|
"description": "SSH hardening was removed entirely from hermes.",
|
|
"set_by": ["Q007"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["hermes_ssh_hardened_correct", "hermes_ssh_allowusers_fragile"]
|
|
},
|
|
{
|
|
"id": "priya_access_restored",
|
|
"description": "Priya Nair can SSH to hermes again.",
|
|
"set_by": ["Q007"],
|
|
"read_by": ["priya-Q007"],
|
|
"gates": [],
|
|
"persists": true
|
|
},
|
|
{
|
|
"id": "hermes_app_running",
|
|
"description": "axiomworks-app is active and serving on hermes.",
|
|
"set_by": ["Q008"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true
|
|
},
|
|
{
|
|
"id": "hermes_app_pinned_2-1-0",
|
|
"description": "axiomworks-app is pinned to version 2.1.0 on hermes to avoid the broken 2.1.1.",
|
|
"set_by": ["Q008"],
|
|
"read_by": ["I003"],
|
|
"gates": [],
|
|
"persists": true
|
|
},
|
|
{
|
|
"id": "vulcan_bad_build_known",
|
|
"description": "The broken 2.1.1 build on vulcan has been identified but not yet fixed.",
|
|
"set_by": ["Q008"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["vulcan_build_fixed"]
|
|
},
|
|
{
|
|
"id": "vulcan_build_fixed",
|
|
"description": "The broken 2.1.1 build was rebuilt correctly on vulcan and republished.",
|
|
"set_by": ["Q008"],
|
|
"read_by": [],
|
|
"gates": [],
|
|
"persists": true,
|
|
"conflicts_with": ["vulcan_bad_build_known"]
|
|
}
|
|
]
|
|
}
|