Add NET-WP-0017 T02 closure validator

This commit is contained in:
2026-06-02 00:24:18 +02:00
parent cd82285efe
commit 31e6d6660f
4 changed files with 257 additions and 5 deletions

View File

@@ -229,6 +229,16 @@ deliberately not automated because it seals OpenBao and requires threshold
unseal shares. T02 should count the emergency drill gate closed only after an
attended drill records non-secret evidence and that evidence validates.
**2026-06-02:** Added a single NetKingdom closure validator for this task:
`make security-bootstrap-validate-t02`. It combines the local non-secret
metadata gates for restore-drill completion, emergency seal/unseal completion,
next independent escrow holder, and Audit Core retention/risk posture with the
Railiance restore and emergency evidence validators. Against the current local
metadata it correctly reports T02 still open because the real evidence files
are missing, the emergency drill is not recorded, no independent future quorum
holder is recorded, and the temporary Audit Core risk posture has not yet been
accepted or replaced by a production sink.
### T03 - Close Trial Taint And Retire Bootstrap Admin Paths
```task