# Custodian Brief — flex-auth **Domain:** netkingdom **Last synced:** 2026-05-17 03:01 UTC **State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)* ## Active Workstreams ### Standalone Policy-as-Code Core Progress: 1/8 done | workstream_id: `aa60e183-9a87-4e03-99b0-15786bfa11ae` **Open tasks:** - · P2.2 - Implement local registry store `d8045124` - · P2.3 - Implement policy package loader and validator `09be0f25` - · P2.4 - Implement deterministic check and batch_check APIs `f6427575` - · P2.5 - Implement list_allowed and explain `e8fcbabd` - · P2.6 - Add local decision log `2def10c1` - · P2.7 - Add CLI and service skeleton `ee9ae6dd` - · P2.8 - Add tests and examples `6cbe572a` ### Markitect Consumer Integration Progress: 0/6 done | workstream_id: `c0a6c9f6-bb6b-416d-b537-f30504c63d75` **Open tasks:** - · P3.1 - Define Markitect resource namespace `53f2fa67` - · P3.2 - Import Markitect resource manifests `90082eaf` - · P3.3 - Define Markitect action vocabulary `cfc78bbb` - · P3.4 - Implement Markitect check fixtures `1d5de3b2` - · P3.5 - Add Markitect adapter contract tests `f9297b0d` - · P3.6 - Document integration flow `e34b0303` ### Delegated PDP and Directory Adapters Progress: 0/6 done | workstream_id: `99a82976-d376-42b0-89cc-c44e01c0bec6` **Open tasks:** - · P4.1 - Evaluate Topaz as MVP delegated backend `9046418c` - · P4.2 - Add relationship PDP adapter boundary `b77a0b70` - · P4.3 - Add rule PDP adapter boundary `4e4e5e45` - · P4.4 - Add Keycloak Authorization Services adapter path `8d3bbc28` - · P4.5 - Add Entra/Graph and SCIM group resolver adapters `4fc3fb91` - · P4.6 - Add delegated-mode operations docs `491260f9` --- ## MCP Orientation (when available) If the state-hub MCP server is reachable, call: `get_domain_summary("netkingdom")` This provides richer cross-domain context. If the MCP call fails, use this file as your orientation source.