jarvis / docs /operations /operator-control-runbook.md
Jonathan Haas
refactor: close waves 108-112 runtime and reliability hardening
d6acd97
|
Raw
History Blame Contribute Delete
1.7 kB
# Operator Control Incident Runbook
## Scope
Use this runbook when operator auth or control-plane behavior is degraded:
- unexpected operator write actions
- auth mode drift (`observe`/`standard`/`strict`) or risk mismatch
- repeated unauthorized control attempts
## Immediate Containment
1. Reduce operator blast radius:
- set operator auth mode to `strict`
- disable non-essential integrations if incident involves external calls
2. Capture current control state and recent actions:
- `system_status`
- `tool_summary`
- `tool_summary_text`
3. Preserve artifacts:
- `~/.jarvis/audit.jsonl*`
- observability DB/event log snapshots
## Triage Procedure
1. Verify auth and trust posture:
- `system_status` (check `operator_auth`, `risk`, `identity`)
- `identity_trust` (verify requester profile/session posture)
2. Confirm whether unsafe actions were preview-gated:
- inspect `plan_preview` and strict confirmation fields in status payload
3. Correlate timeline:
- operator server events (`/events`)
- recent tool records (`tool_summary`, `tool_summary_text`)
## Rollback Procedure
1. Revoke temporary guest sessions and elevated approvals:
- terminate guest capability windows via `identity_trust`
2. Reapply known-good operator config:
- restore expected auth mode and control preset
3. Validate safe behavior:
- run read-only checks (`system_status`, `jarvis_scorecard`)
- run one controlled mutating preview flow and verify explicit ack is required
## Exit Criteria
- operator auth mode and risk signals stable for one observation window
- no unauthorized actions in recent audit timeline
- alert stream clear of control-plane anomalies