generated from coulomb/repo-seed
1.9 KiB
1.9 KiB
Flex-Auth Workplan Planning Map
Date: 2026-05-04
Purpose
This document captures the initial sequencing view for flex-auth workplans.
Priority Scale
| Priority | Meaning |
|---|---|
P0 |
Current mainline implementation work. |
P1 |
Next integration work once core contracts exist. |
P2 |
Delegated/backend expansion after core shape stabilizes. |
complete |
Finished foundation or completed decision work. |
Current Ordering
| Workplan | Priority | Status | Depends On | Current View |
|---|---|---|---|---|
FLEX-WP-0001 |
complete | done | none | Repo intent, boundaries, and authorization landscape research are complete. |
FLEX-WP-0002 |
P0 | todo | FLEX-WP-0001 |
Standalone policy-as-code core: schemas, local registry, policy packages, check APIs, explanations, decision log, CLI/service skeleton, tests. |
FLEX-WP-0003 |
P1 | todo | FLEX-WP-0002 |
Markitect consumer integration: resource namespace, manifest import, action vocabulary, decision fixtures, integration docs. |
FLEX-WP-0004 |
P2 | todo | FLEX-WP-0002 |
Delegated PDP and directory adapters: Topaz, OpenFGA/SpiceDB, OPA/Cedar, Keycloak Authorization Services, Entra/Graph/SCIM. |
Dependency Notes
FLEX-WP-0002 should come first because the protected-system-facing API must
be stable before flex-auth delegates decisions to external engines.
FLEX-WP-0003 follows the core and uses Markitect as the first concrete
consumer. Markitect has already completed its side of the initial contract in
MKTT-WP-0014, but flex-auth must still implement the service-side registry
and decision behavior.
FLEX-WP-0004 should wait for the standalone core so delegated engines do not
define the whole architecture accidentally.
State Hub Mirror
Native State Hub dependency edges should mirror:
FLEX-WP-0002 -> FLEX-WP-0001FLEX-WP-0003 -> FLEX-WP-0002FLEX-WP-0004 -> FLEX-WP-0002