diff --git a/workplans/HF-WP-0001-establish-ops-hub-first-extension.md b/workplans/HF-WP-0001-establish-ops-hub-first-extension.md index c076f5c..662c8fc 100644 --- a/workplans/HF-WP-0001-establish-ops-hub-first-extension.md +++ b/workplans/HF-WP-0001-establish-ops-hub-first-extension.md @@ -4,10 +4,10 @@ type: workplan title: "Establish ops-hub as the First VSM Inter-Hub Extension" domain: helix_forge repo: helix-forge -status: active +status: finished owner: worsch created: "2026-05-16" -updated: "2026-06-15" +updated: "2026-06-19" planning_priority: high planning_order: 1 related_repos: @@ -480,7 +480,7 @@ registry checks found all expected ops vocabulary values: ```task id: HF-WP-0001-T04 -status: wait +status: done priority: high state_hub_task_id: "ad08e729-8562-4a02-8bf6-dcdfebe430c8" ``` @@ -534,6 +534,23 @@ Current blocker: requires an attended OpenBao root/sudo token handoff, or the operator storing the local runtime key manually through the browser UI, before the temp file can be removed and this task can close. +Completed on 2026-06-19: + +- Regenerated the display-once runtime key through + `scripts/ops-hub-bootstrap-api.py` after the earlier 0600 temp file was no + longer present. +- Stored the runtime key in OpenBao at + `platform/operators/ops-hub/runtime`, field `OPS_HUB_KEY`, using an approved + operator token. No key values were copied into Git, State Hub, or chat. +- Removed the local runtime-key temp file after successful OpenBao write. +- Verified non-secret acceptance evidence with the custodied runtime key: + - `POST /api/v2/token` exchanges the static key for a short-lived Bearer + token (`expires_in=3600`). + - `GET /api/v2/hub-registry` returns HTTP `200` with the exchanged token. + - `GET /api/v2/widgets` returns all 14 `ops-hub` widgets with the exchanged + token. +- Current runtime key prefix: `c1f3ac3a`. + --- ### T05 — Seed first governed ops widgets @@ -740,7 +757,7 @@ implementation should happen in `ops-hub`. ```task id: HF-WP-0001-T10 -status: wait +status: done priority: high target_repo: inter-hub state_hub_task_id: "7fa54508-7add-4885-8913-12edaadc4d92" @@ -909,6 +926,20 @@ Current blocker: publish a Gitea registry image for Inter-Hub commit Railiance path and rerun the authenticated widget-create and hub-registry smoke checks. Railiance-apps no longer appears to be the blocking surface. +Completed on 2026-06-19: + +- Production Inter-Hub now runs image + `gitea.coulomb.social/coulomb/inter-hub:eed4322`, which is ahead of the + `5101eb5` COUNT-decode fix commit. +- Authenticated `GET /api/v2/hub-registry` returns HTTP `200` with the + bootstrap operator key and with a runtime key exchanged through + `POST /api/v2/token`. +- Authenticated `POST /api/v2/widgets` succeeds through the public API; a smoke + widget was created and deleted without using direct DB access. +- Result: the next VSM hub can bootstrap through the documented v2 API surface + without the earlier `COUNT(*)` decode failure class blocking widget creation + or hub-registry reads. + ## Initial Acceptance Criteria This workplan is complete when: @@ -1104,6 +1135,21 @@ Remaining operator action: - Track/fix the Inter-Hub `COUNT(*)` decode issues before declaring the next VSM hub fully scriptable through the public API. +### 2026-06-19 — HF-WP-0001 closed out + +Closed the remaining bootstrap custody and production verification gaps: + +- Stored the `ops-hub` runtime key in OpenBao at + `platform/operators/ops-hub/runtime` and removed the local temp file. +- Verified runtime-key token exchange, hub-registry reads, and widget listing + through the public Inter-Hub API. +- Confirmed production Inter-Hub image `eed4322` includes the deployed + COUNT-decode fix path; authenticated widget creation and hub-registry reads + now succeed without SQL fallback. + +No API keys, OpenBao tokens, or secret values were copied into Git, State Hub, +chat, or workplan text. + ## Notes `ops-hub` should complement State Hub during the transition: