generated from coulomb/repo-seed
docs(NET-WP-0018): add explicit guidance in Coordination Notes on using pragmatic auditing/tracking infra (State Hub progress/decisions, workplan dated notes, git, console evidence/metadata, local audit) during 0018 implementation to feed T03 retrospective + optimization review
- References existing audit_core bootstrap risk acceptance (production sink deferred) - Cross-refs T03 gap matrix (includes audit), T02 (document current pragmatic audit paths), assessment gap 7 (correlation), local-identity/audit.py, contract requirements - Answers query: pragmatic is sufficient and intended for tracking the workplan work + retrospect; do not block on establishing full production Audit Core first (risk accepted for bootstrap phase) - Per session protocol + ADR-001 (file first)
This commit is contained in:
@@ -62,6 +62,22 @@ say which interactions remain genuinely unavoidable.
|
||||
- Treat interactive prompts as an explicit design boundary: automate everything
|
||||
that can be automated safely, and document why each remaining human action is
|
||||
required.
|
||||
- Pragmatic auditing / tracking for implementing *this workplan*: use State Hub
|
||||
/progress/ (and /decisions/ for key choices e.g. during T02/T04), dated notes
|
||||
+ task status in this file (source of truth per ADR-001), descriptive git
|
||||
commits, console evidence/validators + .local/security-bootstrap.json when
|
||||
exercising paths, /tmp evidence, and runbooks. These artifacts (plus bumps
|
||||
encountered while doing T02–T08) directly feed T03 retrospective and gap
|
||||
matrix (which explicitly covers "audit" among other items). This enables
|
||||
post-impl review for optimization potential without requiring production
|
||||
Audit Core first. See audit_core_* fields in metadata (bootstrap risk
|
||||
accepted=true; production sink ready=false; temp exception with owner/review
|
||||
2026-07-02 per .local and console gates). Proper cross-system audit
|
||||
correlation (UE + flex-auth + platform sinks per contract/assessment gap 7)
|
||||
remains a follow-up; document current pragmatic paths (local-identity/audit.py
|
||||
TSV, OpenBao PVC + mock, State Hub/console evidence, separate bootstrap
|
||||
audit) in T02 arch doc and T03 matrix. Do not block 0018 start on full Audit
|
||||
Core.
|
||||
|
||||
## Related (post-0019 + assessment)
|
||||
- NET-WP-0019 (T06-adjacent user lifecycle dry-run polish; advanced control surface, evidence, claims for T06/T07/T08)
|
||||
|
||||
Reference in New Issue
Block a user