jarvis / docs /operations /operator-control-runbook.md
Jonathan Haas
refactor: close waves 108-112 runtime and reliability hardening
d6acd97
|
Raw
History Blame Contribute Delete
1.7 kB

Operator Control Incident Runbook

Scope

Use this runbook when operator auth or control-plane behavior is degraded:

  • unexpected operator write actions
  • auth mode drift (observe/standard/strict) or risk mismatch
  • repeated unauthorized control attempts

Immediate Containment

  1. Reduce operator blast radius:
    • set operator auth mode to strict
    • disable non-essential integrations if incident involves external calls
  2. Capture current control state and recent actions:
    • system_status
    • tool_summary
    • tool_summary_text
  3. Preserve artifacts:
    • ~/.jarvis/audit.jsonl*
    • observability DB/event log snapshots

Triage Procedure

  1. Verify auth and trust posture:
    • system_status (check operator_auth, risk, identity)
    • identity_trust (verify requester profile/session posture)
  2. Confirm whether unsafe actions were preview-gated:
    • inspect plan_preview and strict confirmation fields in status payload
  3. Correlate timeline:
    • operator server events (/events)
    • recent tool records (tool_summary, tool_summary_text)

Rollback Procedure

  1. Revoke temporary guest sessions and elevated approvals:
    • terminate guest capability windows via identity_trust
  2. Reapply known-good operator config:
    • restore expected auth mode and control preset
  3. Validate safe behavior:
    • run read-only checks (system_status, jarvis_scorecard)
    • run one controlled mutating preview flow and verify explicit ack is required

Exit Criteria

  • operator auth mode and risk signals stable for one observation window
  • no unauthorized actions in recent audit timeline
  • alert stream clear of control-plane anomalies