coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fae0f00a692226eeddcdcf83124b4f2c525b7812
flex-auth/workplans/FLEX-WP-0001-repo-intent-and-architecture-baseline.md
tegwick 8a913d6163
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
Normalize agent instructions and workplan frontmatter (STATE-WP-0067) 
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
2026-06-22 23:16:25 +02:00

2.7 KiB
Raw Blame History

id, type, title, domain, status, owner, topic_slug, planning_priority, planning_order, created, updated, state_hub_workstream_id
id type title domain status owner topic_slug planning_priority planning_order created updated state_hub_workstream_id
FLEX-WP-0001 workplan Repo Intent and Authorization Architecture Baseline infotech done flex-auth flex-auth complete 10 2026-05-04 2026-05-04 4dbefd19-bb7d-405c-9a50-e7dbd11cf4d9

FLEX-WP-0001: Repo Intent and Authorization Architecture Baseline

Purpose

Fixate flex-auth as the NetKingdom-side policy-as-code authorization registry and control plane, distinct from key-cape identity and from protected systems such as Markitect.

Implementation Summary

Completed the initial project baseline:

  • INTENT.md defines purpose, scope, responsibility boundaries, design principles, core concepts, standalone/delegated modes, first consumer, and non-goals.
  • docs/flex-auth-authorization-registry-research.md captures product and component research across Keycloak Authorization Services, Entra, Topaz, OpenFGA, SpiceDB, OPA/OPAL, Cedar, Cerbos, Casbin, Oso, and related authorization patterns.
  • README.md points newcomers at intent and research.
  • The repo has been registered in State Hub under the NetKingdom authorization area.

P1.1 - Define project intent

id: FLEX-WP-0001-T001
status: done
priority: high
state_hub_task_id: "5af30b01-ea72-4f87-b74e-a595fd3a5bd7"

Define flex-auth as a policy-as-code authorization registry and control plane that can run standalone or coordinate with Topaz, OpenFGA, SpiceDB, OPA, Cedar, Keycloak Authorization Services, Entra/Graph, and directory systems.

P1.2 - Define responsibility boundaries

id: FLEX-WP-0001-T002
status: done
priority: high
state_hub_task_id: "145ec0ec-130a-4209-9028-1ae06e3664e3"

Capture boundaries:

  • key-cape/NetKingdom owns identity.
  • flex-auth owns authorization registry, policy packages, relationships, decision logging, and PDP coordination.
  • protected systems own enforcement.

P1.3 - Capture open-source and enterprise landscape

id: FLEX-WP-0001-T003
status: done
priority: high
state_hub_task_id: "c52a9e3e-e264-418d-b462-d5a9d6e22b30"

Document relevant concepts and lessons from current authorization tools and enterprise IAM patterns.

P1.4 - Establish first-consumer architecture

id: FLEX-WP-0001-T004
status: done
priority: medium
state_hub_task_id: "7756c4c5-598a-4894-9352-6e7145cb3522"

Use Markitect as the first concrete protected-system consumer while keeping the flex-auth model generic enough for other systems.

Exit Criteria

  • Repository purpose is explicit.
  • Boundaries are clear enough to prevent identity and protected-system logic from creeping into flex-auth.
  • Initial research informs implementation workplans.
Reference in New Issue View Git Blame Copy Permalink