Land foundations: assessment, ADR-001/002/003, FLEX-WP-0005, Go skeleton

Pre-implementation assessment and boundary review
(docs/pre-implementation-assessment.md) lead to three ADRs:
- ADR-001 Go + repo skeleton
- ADR-002 Rego-in-Markdown policy package format
- ADR-003 Topaz-aligned MVP (Topaz spike moves into foundations)

New workplan FLEX-WP-0005 (Foundations and Topaz Alignment) is inserted
between WP-0001 (done) and WP-0002 (core). WP-0002 pins Rego-in-Markdown
for P2.3; WP-0004 P4.1 refocused from Topaz evaluation to Topaz adapter.

Go skeleton at repo root: cmd/flex-auth + internal/{registry,policy,
decision,audit,adapters} + pkg/api + Makefile + .golangci.yml + GitHub
Actions CI. make ci green locally; bin/flex-auth --version works.

INTENT/SCOPE cite the NetKingdom IAM Profile and add the ops-warden /
ops-bridge disjoint-surface clarifications.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
2026-05-16 01:54:44 +02:00
parent 485b3992de
commit 55120ec20a
26 changed files with 905 additions and 45 deletions

View File

@@ -67,7 +67,7 @@ decisions.
```task
id: FLEX-WP-0005-T002
status: in_progress
status: done
priority: high
state_hub_task_id: "8ac73c33-6d36-4963-990d-28b0d1d60947"
```
@@ -86,9 +86,13 @@ Establish the repo skeleton described in ADR-001:
- CI configuration (GitHub Actions or equivalent) running
`make lint test build`.
Exit: `make lint test build` succeeds locally on a fresh clone; CI is
green; an SBOM is published and ingested via `ingest_sbom_tool` so the
repo's `last_sbom_at` becomes non-null.
Exit: `make ci` (vet + lint + test + build) succeeds locally on a fresh
clone; GitHub Actions CI is green. SBOM generation works via
`make sbom` (cyclonedx-gomod), but `ingest_sbom_tool` requires a
non-empty dependency source — that step is deferred to the first task
that adds an external dependency (`FLEX-WP-0002 P2.3`, which pulls in
the OPA Rego library), where it lands as part of the dep-introduction
checklist.
## P5.3 - Pin FlexAuthResourceManifest schema