{
  "package_id": "yeffai_readonly_discovery_audit_commands",
  "created_at": "2026-07-08T18:18:36.989272Z",
  "status": "MISSING",
  "source_discovery_plan": "/home/yeff/public_html/devon/canon/execution/state/yeffai_readonly_discovery_plan_for_ui_item_evidence_groups_latest.json",
  "cause": "Commands are defined but not executed; execution must occur separately as read-only YEFF AI audit.",
  "policy": {
    "source_of_truth": "YEFFAI",
    "waresites_role": "UI_PULL_RUNTIME_ONLY",
    "remote_yeffai_mutation": "NO",
    "commands_executed": "NO",
    "installation_command_executed": "NO",
    "installation_started": "NO",
    "scope": "READ_ONLY_DISCOVERY_COMMAND_PACKAGE_ONLY",
    "no_invented_yeffai_paths_or_commands": "YES"
  },
  "totals": {
    "groups_detected": 3,
    "items_requiring_readonly_discovery": 220,
    "base_command_count": 7,
    "group_command_count": 8
  },
  "base_commands": [
    {
      "command_id": "HOST_IDENTITY_READ",
      "purpose": "Ler identidade básica do host YEFF AI sem mutação.",
      "command": "printf \"hostname=\"; hostname; printf \"kernel=\"; uname -a; printf \"os_release=\"; cat /etc/os-release 2>/dev/null",
      "mutates_system": "NO"
    },
    {
      "command_id": "TIME_AND_UPTIME_READ",
      "purpose": "Ler horário, uptime e carga do host.",
      "command": "date -Is; uptime",
      "mutates_system": "NO"
    },
    {
      "command_id": "PROCESS_READ",
      "purpose": "Ler processos ativos para evidência de runtime/observer/serviços.",
      "command": "ps aux --sort=comm | head -n 200",
      "mutates_system": "NO"
    },
    {
      "command_id": "SYSTEMD_SERVICE_READ",
      "purpose": "Ler serviços systemd sem iniciar, parar ou reiniciar nada.",
      "command": "systemctl list-units --type=service --all --no-pager 2>/dev/null | head -n 300",
      "mutates_system": "NO"
    },
    {
      "command_id": "LISTENING_PORTS_READ",
      "purpose": "Ler portas em escuta e processos associados.",
      "command": "ss -tulpn 2>/dev/null || netstat -tulpn 2>/dev/null",
      "mutates_system": "NO"
    },
    {
      "command_id": "DISK_AND_MOUNTS_READ",
      "purpose": "Ler discos, mounts e espaço sem alterar arquivos.",
      "command": "df -hT; printf \"\\n--- mounts ---\\n\"; mount | head -n 200",
      "mutates_system": "NO"
    },
    {
      "command_id": "TOP_LEVEL_TREE_READ",
      "purpose": "Ler estrutura de diretórios prováveis sem conteúdo sensível.",
      "command": "find /home /opt /srv /var/www -maxdepth 3 -type d 2>/dev/null | sort | head -n 500",
      "mutates_system": "NO"
    }
  ],
  "audit_groups": [
    {
      "group_id": "RUNTIME_OBSERVABILITY",
      "human_name": "Runtime, logs, auditoria e observabilidade",
      "item_count": 172,
      "commands": [
        {
          "command_id": "RUNTIME_LOG_PATHS_READ",
          "purpose": "Descobrir caminhos de logs e runtime state sem ler segredo.",
          "command": "find /var/log /run /var/run /opt /srv /home -maxdepth 4 \\( -iname \"*log*\" -o -iname \"*runtime*\" -o -iname \"*status*\" -o -iname \"*observer*\" -o -iname \"*audit*\" \\) 2>/dev/null | sort | head -n 500",
          "mutates_system": "NO"
        },
        {
          "command_id": "RECENT_LOG_METADATA_READ",
          "purpose": "Ler metadados de logs recentes sem truncar ou modificar.",
          "command": "find /var/log -type f -maxdepth 3 -printf \"%TY-%Tm-%Td %TH:%TM %s %p\\n\" 2>/dev/null | sort | tail -n 200",
          "mutates_system": "NO"
        }
      ],
      "forbidden_actions": [
        "service restart",
        "service enable",
        "package install",
        "file write",
        "log truncate",
        "daemon start"
      ],
      "expected_result": "Map each item in this group to a real YEFF AI evidence path or read-only command. Do not mark PASS yet."
    },
    {
      "group_id": "SECURITY_BASELINE",
      "human_name": "Segurança, acesso e hardening",
      "item_count": 29,
      "commands": [
        {
          "command_id": "UFW_STATUS_READ",
          "purpose": "Ler status do UFW sem habilitar firewall.",
          "command": "ufw status verbose 2>/dev/null || true",
          "mutates_system": "NO"
        },
        {
          "command_id": "SSH_CONFIG_READ",
          "purpose": "Ler configuração SSH efetiva e arquivos principais sem editar.",
          "command": "sshd -T 2>/dev/null | egrep \"^(permitrootlogin|passwordauthentication|pubkeyauthentication|port|allowusers|denyusers)\"; printf \"\\n--- sshd_config ---\\n\"; grep -RIn \"^PermitRootLogin\\|^PasswordAuthentication\\|^PubkeyAuthentication\\|^Port\\|^AllowUsers\\|^DenyUsers\" /etc/ssh/sshd_config /etc/ssh/sshd_config.d 2>/dev/null || true",
          "mutates_system": "NO"
        },
        {
          "command_id": "SECURITY_PACKAGES_STATUS_READ",
          "purpose": "Ler presença/status de fail2ban, auditd e inotify-tools sem instalar.",
          "command": "dpkg -l 2>/dev/null | egrep \"fail2ban|auditd|audispd|inotify-tools\" || true; printf \"\\n--- services ---\\n\"; systemctl status fail2ban auditd --no-pager 2>/dev/null || true",
          "mutates_system": "NO"
        },
        {
          "command_id": "PERMISSIONS_SECURITY_READ",
          "purpose": "Ler permissões de arquivos/diretórios críticos sem alterar.",
          "command": "ls -ld /root /home /etc/ssh /var/log /opt /srv /var/www 2>/dev/null; find /etc/ssh -maxdepth 2 -type f -printf \"%m %u %g %p\\n\" 2>/dev/null | sort",
          "mutates_system": "NO"
        }
      ],
      "forbidden_actions": [
        "ufw enable",
        "firewall change",
        "ssh config edit",
        "package install",
        "service restart",
        "permission mutation",
        "key generation"
      ],
      "expected_result": "Map each item in this group to a real YEFF AI evidence path or read-only command. Do not mark PASS yet."
    },
    {
      "group_id": "BACKUP_RECOVERY",
      "human_name": "Backup, restauração e recuperação",
      "item_count": 19,
      "commands": [
        {
          "command_id": "BACKUP_PATHS_DISCOVERY_READ",
          "purpose": "Descobrir diretórios e manifests de backup sem executar backup ou restore.",
          "command": "find /home /opt /srv /var/backups /backup /backups -maxdepth 5 \\( -iname \"*backup*\" -o -iname \"*restore*\" -o -iname \"*snapshot*\" -o -iname \"*manifest*\" -o -iname \"*rollback*\" \\) 2>/dev/null | sort | head -n 500",
          "mutates_system": "NO"
        },
        {
          "command_id": "BACKUP_METADATA_READ",
          "purpose": "Ler metadados de arquivos de backup sem copiar, deletar ou restaurar.",
          "command": "find /var/backups /backup /backups /home /opt /srv -maxdepth 4 -type f \\( -iname \"*manifest*\" -o -iname \"*.sha256\" -o -iname \"*.json\" -o -iname \"*.txt\" \\) -printf \"%TY-%Tm-%Td %TH:%TM %s %p\\n\" 2>/dev/null | sort | head -n 500",
          "mutates_system": "NO"
        }
      ],
      "forbidden_actions": [
        "backup execution",
        "restore execution",
        "snapshot creation",
        "file deletion",
        "retention mutation",
        "replication start"
      ],
      "expected_result": "Map each item in this group to a real YEFF AI evidence path or read-only command. Do not mark PASS yet."
    }
  ],
  "forbidden_global_actions": [
    "apt install",
    "apt upgrade",
    "systemctl restart",
    "systemctl enable",
    "systemctl start",
    "ufw enable",
    "ufw allow",
    "ufw deny",
    "sed -i",
    "tee into system file",
    "rm",
    "mv",
    "cp into system path",
    "chmod",
    "chown",
    "restore",
    "backup execution",
    "application install",
    "application start"
  ],
  "next_required_action": "RUN_YEFFAI_READONLY_DISCOVERY_AUDIT_ON_TARGET_SERVER_WITH_OPERATOR_APPROVAL"
}
