up

ops/devops/provenance/alerts.yaml

@@ -0,0 +1,22 @@
+groups:
+  - name: provenance
+    rules:
+      - alert: ProvenanceKeyRotationOverdue
+        expr: (time() - provenance_last_key_rotation_seconds) > 60*60*24*90
+        for: 10m
+        labels:
+          severity: warning
+          team: devops
+        annotations:
+          summary: "Provenance signing key rotation overdue"
+          description: "Last rotation {{ $value }} seconds ago (>90d)."
+
+      - alert: ProvenanceSignerFailures
+        expr: rate(provenance_sign_failures_total[5m]) > 0
+        for: 5m
+        labels:
+          severity: critical
+          team: devops
+        annotations:
+          summary: "Provenance signer failures detected"
+          description: "Signer failure rate non-zero in last 5m."

ops/devops/provenance/grafana/provenance-overview.json

@@ -0,0 +1,22 @@
+{
+  "title": "Provenance Signing",
+  "time": { "from": "now-24h", "to": "now" },
+  "panels": [
+    {
+      "type": "stat",
+      "title": "Last key rotation (days)",
+      "targets": [
+        { "expr": "(time() - provenance_last_key_rotation_seconds) / 86400" }
+      ]
+    },
+    {
+      "type": "timeseries",
+      "title": "Signing failures",
+      "targets": [
+        { "expr": "rate(provenance_sign_failures_total[5m])", "legendFormat": "failures/s" }
+      ]
+    }
+  ],
+  "schemaVersion": 39,
+  "version": 1
+}