generated from coulomb/repo-seed
review(NET-WP-0018): update frontmatter, add Related section, and dated notes (2026-06-03) across T02-T09 for 0019 polish artifacts + user-engine/net-kingdom assessment
- T04: assessment fulfills UE boundary/intent/scope review (7 gaps detailed) - T02/T03/T05/T06/T08/T09: note post-0017/0019 state, enablers (orchestrator, console subcmds, make targets, claims helper, evidence/validators, runbook exposure), remaining work, cross-refs to assessment - T07 note enhanced with pointer to 0019 impl - T01 note trimmed to pointer - updated date + Related section - Prepares for impl readiness assessment; no status changes (still 1/9 in file/hub pending tasks) See docs/user-engine-netkingdom-integration-assessment.md and NET-WP-0019.
This commit is contained in:
@@ -8,7 +8,7 @@ status: active
|
||||
owner: codex
|
||||
topic_slug: netkingdom
|
||||
created: "2026-06-01"
|
||||
updated: "2026-06-01"
|
||||
updated: "2026-06-03"
|
||||
depends_on:
|
||||
- NET-WP-0015
|
||||
- NET-WP-0017
|
||||
@@ -63,6 +63,10 @@ say which interactions remain genuinely unavoidable.
|
||||
that can be automated safely, and document why each remaining human action is
|
||||
required.
|
||||
|
||||
## Related (post-0019 + assessment)
|
||||
- NET-WP-0019 (T06-adjacent user lifecycle dry-run polish; advanced control surface, evidence, claims for T06/T07/T08)
|
||||
- docs/user-engine-netkingdom-integration-assessment.md (detailed T04 boundary/intent/scope review for user-engine integration + 7 gaps; cross-referenced from SCOPE etc.)
|
||||
|
||||
## Tasks
|
||||
|
||||
### T01 - Close Or Hand Off NET-WP-0015 Remaining Gates
|
||||
@@ -91,6 +95,8 @@ path retirement and credential reset/rotation; T07 owns final archive review.
|
||||
`NET-WP-0018` now continues with architecture documentation, retrospective,
|
||||
guide, UI automation, validations, and rebuild-risk assessment.
|
||||
|
||||
**2026-06-03:** 0019 polish (dry-run orchestrator, console subcommands/make targets/claims/validators/runbook) and the user-engine/net-kingdom assessment (see T04) are cross-cutting enablers. See per-task notes (T02–T09) for specifics; 0019 advances T06/T07/T08 for lifecycle automation; assessment fulfills UE boundary review portion of T04. Related: NET-WP-0019, docs/user-engine-netkingdom-integration-assessment.md.
|
||||
|
||||
### T02 - Document The Runtime Architecture
|
||||
|
||||
```task
|
||||
@@ -109,6 +115,15 @@ The document should explain the working system as deployed, not an idealized
|
||||
future architecture. It should be specific enough to guide a scratch rebuild
|
||||
without requiring the operator to rediscover the same integration details.
|
||||
|
||||
**2026-06-03 (post 0017/0019 + assessment):** The runtime now includes the
|
||||
T06-adjacent dry-run tooling (orchestrator + console/make exposure + evidence
|
||||
discipline) as part of the control surface. Per the persisted assessment, the
|
||||
arch doc must capture: current direct LLDAP/KeyCape paths for bootstrap users
|
||||
(vs. future UE claims_enrichment adapter), membership facts in LLDAP groups
|
||||
vs. UE Membership (owning_system etc.), bootstrap local-identity vs. UE local
|
||||
mode, and the boundary contract as the governance layer. Include refs to
|
||||
canon/standards/user-engine-boundary-contract_v0.1.md and the assessment.
|
||||
|
||||
### T03 - Produce A Bootstrap Retrospective And Automation Gap Matrix
|
||||
|
||||
```task
|
||||
@@ -127,6 +142,18 @@ matrix covering state persistence, privacyIDEA realm repair, KeyCape image
|
||||
delivery, OIDC callbacks, OpenBao claim mapping, token revocation, audit,
|
||||
escrow, and rebuild verification.
|
||||
|
||||
**2026-06-03 (post 0017 close + 0019 polish):** Retrospective should now
|
||||
incorporate: successful S6 reopen + platform_reopened flag + cleanup_complete
|
||||
in .local/security-bootstrap.json; T06 dry-run evidence discipline (12+ bools
|
||||
incl. effective_access_before_save, no_secret_material_recorded, lldap_identity_verified,
|
||||
keycape_oidc_claims_verified, actor_class != king, !net-kingdom-admins for non-root);
|
||||
safer secret handling via /tmp WORKSPACE + trap + k8s fallback (never write
|
||||
sso-mfa/bootstrap/secrets for dry-runs); console as non-secret control surface
|
||||
with runbooks + templates + validators; 0019 make targets and orchestrator as
|
||||
repeatable automation. Gaps remaining: UE adapter integration (see assessment).
|
||||
The first bootstrap's interactive repairs (realm drift, callbacks, claim shape,
|
||||
token expiry, operator-state) are now partially automated via console/evidence.
|
||||
|
||||
### T04 - Review Repository Intent And Scope Boundaries
|
||||
|
||||
```task
|
||||
@@ -147,6 +174,26 @@ unclear. The result should answer: where should a bug fix live, where should a
|
||||
runbook live, where should validation live, and which repo owns live
|
||||
deployment state.
|
||||
|
||||
**2026-06-03:** The user-engine/net-kingdom integration assessment (persisted in
|
||||
`docs/user-engine-netkingdom-integration-assessment.md`, cross-referenced from
|
||||
SCOPE.md Getting Oriented, canon/standards/user-engine-boundary-contract_v0.1.md,
|
||||
docs/responsibility-map.md, user-engine-interface-guidance.md, and this/0019
|
||||
workplans) provides a comprehensive review of intent, implemented scope (UE:
|
||||
headless domain models + in-mem MVP + ports/adapters for claims/audit/projections;
|
||||
NK: IAM orchestration + contracts + bootstrap), architectural fit (no intent
|
||||
conflicts; UE owns user-domain facts/projections, NK orchestrates boundaries per
|
||||
ADR-0007/0010/contract), and 7 specific gaps/risks (1. Missing Platform Integration
|
||||
Adapters -- biggest; 2. Bootstrap/Platform Users vs. Governed UE Lifecycle;
|
||||
3. App Onboarding "Application" concept overload; 4. Membership/Group overlap;
|
||||
5. Governance/Workplan/Brief split (UE brief stale); 6. Claims Enrichment Path
|
||||
drift (current direct LLDAP in NK/keycape paths); 7. Audit correlation). NK
|
||||
bootstrap (0015-0017/0019) is allowed for local/non-prod per contract. This
|
||||
largely fulfills the UE + boundary review portion of T04. Recommend follow-up
|
||||
reviews or work items for key-cape (OIDC client vs UE Application Binding),
|
||||
railiance-platform (deployment refs), and explicit transition rules for seeding
|
||||
externally_provisioned memberships from IAM groups. The assessment recommends
|
||||
using 0018's T07/T08 to drive integration tests/dry-runs once adapters exist.
|
||||
|
||||
### T05 - Create The Smooth Bootstrap Guide
|
||||
|
||||
```task
|
||||
@@ -165,6 +212,18 @@ KeyCape deployment and client registration, OpenBao init/unseal/configuration,
|
||||
OIDC admin binding, token cleanup, State Hub sync, and handoff to production
|
||||
readiness.
|
||||
|
||||
**2026-06-03:** Base material exists in piecemeal form: docs/security-bootstrap-*.md
|
||||
(user-lifecycle.md, operator-journey.md, king-credential-kit.md, openbao-ceremony-ux.md,
|
||||
handover-cleanup.md, etc.), console lifecycle-guide (T05/T06 flows with previews),
|
||||
and security-bootstrap-user-lifecycle.md (UX contract for show-effective-before-save,
|
||||
actor classes, blocked conditions). The 0019 polish extended the console lifecycle-guide
|
||||
with T06 DRY-RUN EXECUTION section (though that section still lists pre-orchestrator
|
||||
manual secret steps; update to prefer make security-bootstrap-onboarding-dry-run +
|
||||
dry-run-nonroot-user.sh + k8s fallback). T05 should consolidate into one
|
||||
"NET-WP-0018 smooth bootstrap guide" (or update operator-journey) with explicit
|
||||
evidence per step (linking the validate-* make targets and templates). 0019's
|
||||
dry-run + evidence is the model for user-lifecycle portion of the guide.
|
||||
|
||||
### T06 - Align The Control Surface With The Bootstrap Guide
|
||||
|
||||
```task
|
||||
@@ -183,6 +242,27 @@ clear when human custody or secret handling is required.
|
||||
Done when the UI guides the same sequence as the bootstrap guide and makes
|
||||
wrong-order execution visibly hard.
|
||||
|
||||
**2026-06-03 (0019 polish delivered):** Control surface now includes (in status,
|
||||
available actions, parser, dispatch, runbook_payloads, web-ui capable):
|
||||
- onboarding-dry-run-template / validate-onboarding-dry-run
|
||||
- onboarding-dry-run (delegates to sso-mfa/k8s/lldap/dry-run-nonroot-user.sh)
|
||||
- onboarding-dry-run-claims (uses print_dry_run_oidc_claims_verification, warns on
|
||||
platform-root/admins groups)
|
||||
- lifecycle-cleanup-dryrun-users (pattern offboard)
|
||||
- lifecycle-guide (with T06 section)
|
||||
- make targets: security-bootstrap-onboarding-dry-run (SUBJECT/EMAIL/DISPLAY),
|
||||
security-bootstrap-lifecycle-cleanup-dryrun-users PATTERN=..., security-bootstrap-*
|
||||
-validate-onboarding-dry-run etc.
|
||||
The orchestrator (dry-run-nonroot-user.sh) uses /tmp workspace + EXIT trap,
|
||||
prefers env/k8s for LLDAP_ADMIN_PASS (k8s fallback added to create-user.sh),
|
||||
runs create --test, verifs (check-user-mfa, verify-openbao-client), optional
|
||||
GraphQL lock/offboard, populates /tmp/.../evidence.json from template + live jq
|
||||
data, then runs validate. Non-secret only. This fulfills much of the "convert
|
||||
fragile copy-paste into scripts", "persist non-secret progress", "expose repair"
|
||||
for the user-lifecycle slice. Full alignment awaits T05 guide + more validators
|
||||
in T08 (e.g. for OIDC client, OpenBao config). See 0019 workplan for details;
|
||||
lifecycle_guide T06 section needs refresh to deprecate old secret-mkdir path.
|
||||
|
||||
### T07 - Add Automated Tests For Bootstrap UI Sections And Runbooks
|
||||
|
||||
```task
|
||||
@@ -208,7 +288,7 @@ impossible state.
|
||||
|
||||
**Note (NET-WP-0019 polish):** Include tests for the user-lifecycle dry-run (T06 from 0017/0019): the orchestrator script, onboarding-dry-run console command, claims verification (T05), cleanup helper, and evidence validators. See NET-WP-0019 workplan and sso-mfa/k8s/lldap/dry-run-nonroot-user.sh . This cross-links the T06-adjacent polish into 0018's automation goals.
|
||||
|
||||
See also `docs/user-engine-netkingdom-integration-assessment.md` for the broader intent/scope fit, gaps (esp. adapters), and recommendations.
|
||||
See also `docs/user-engine-netkingdom-integration-assessment.md` for the broader intent/scope fit, gaps (esp. adapters), and recommendations. (The 0019 artifacts -- script, console subcmds, make targets, runbook entry, templates/validators -- are now the concrete implementation to cover with the layered tests in T07.)
|
||||
|
||||
### T08 - Integrate Validations Into The UI State Model
|
||||
|
||||
@@ -230,6 +310,22 @@ config, token policy proof, audit status, restore evidence, and State Hub sync.
|
||||
Done when the UI can distinguish success, failure, error, and unknown states
|
||||
for the critical bootstrap gates and the live setup satisfies those checks.
|
||||
|
||||
**2026-06-03 (0019 contribution):** Dry-run specific validators now exist:
|
||||
onboarding_dry_run_template() + require_evidence_fields match + make
|
||||
security-bootstrap-validate-onboarding-dry-run (calls console which runs
|
||||
print_validate_onboarding_dry_run or equivalent, checks all *_true bools,
|
||||
actor_class, groups, no secret markers, effective_access_summary etc.).
|
||||
Console status/metadata shows many gates as "done" from prior evidence-driven
|
||||
flags (e.g. platform_reopened, cleanup_complete, oidc_login_verified). The
|
||||
evidence_validator_gate and build_gates logic support computing ok/fail from
|
||||
live evidence rather than manual. Extend this pattern to other T08 targets
|
||||
(KeyCape client, privacyIDEA realm, LLDAP membership, OpenBao OIDC, Authelia
|
||||
routes, State Hub sync). 0019 also added claims verification as a hook that
|
||||
can feed validation (infers from LLDAP groups + T01 role binding, surfaces
|
||||
warnings). Use the dry-run orchestrator + /tmp evidence as a repeatable
|
||||
fixture for these validators. See assessment for UE-side validation targets
|
||||
once adapters land (e.g. claims_enrichment projection).
|
||||
|
||||
### T09 - Assess Scratch-Rebuild Risk And Define A Rehearsal Plan
|
||||
|
||||
```task
|
||||
@@ -248,6 +344,26 @@ method, mitigation, and remaining human interaction. It should also recommend
|
||||
whether the next rebuild should be a full teardown, an isolated parallel
|
||||
cluster rehearsal, a namespace-level rehearsal, or a scripted dry run.
|
||||
|
||||
**2026-06-03 (post 0017/0019 + assessment):** Rebuild risk assessment (T09) will
|
||||
be informed by: T02 arch (incl. UE integration points/gaps), T03 retrospective
|
||||
(capturing what was fragile vs now automated via console/evidence/orchestrator),
|
||||
T05 guide + evidence per step, T07 tests, T08 live validations (current metadata
|
||||
shows S6 reopen with many flags true, but adapter gaps remain). From assessment:
|
||||
- IAM-orchestration bootstrap (creds via creds-init skill, LLDAP/Keycloak direct,
|
||||
OpenBao via KeyCape OIDC) is repeatable and rehearsable today with 0019 tooling.
|
||||
- Full UE-backed user facts in rebuild: blocked until net-kingdom-specific
|
||||
adapters (IdentityClaimsAdapter from KeyCape claims, AuthorizationCheckPort to
|
||||
flex-auth, SecretProvider OpenBao, EventOutbox, AuditWriter, MembershipFactExporter)
|
||||
are implemented (primarily in user-engine per contract; NK orchestrates).
|
||||
- Other: direct LLDAP in paths (create-user, keycape) must route via claims_enrichment
|
||||
adapter post-adapter to avoid drift. Bootstrap users (platform-root etc.) stay
|
||||
IAM-side or seed externally_provisioned in UE. Recommend: T09 classify "UE
|
||||
integration" as separate risk item with mitigation "implement adapters + NK
|
||||
wiring + update dry-run to exercise UE projection"; current 0019 dry-run proves
|
||||
the IAM-lifecycle contract. creds-init skill (in .claude/commands) provides
|
||||
automated cred bootstrap entrypoint for rehearsal. No live destructive rebuild
|
||||
as non-goal.
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- `NET-WP-0015` is closed, archived, or explicitly reconciled with remaining
|
||||
|
||||
Reference in New Issue
Block a user