Record platform-root OIDC verification

workplans/NET-WP-0015-platform-root-custody-and-openbao-identity-bootstrap.md

@@ -207,6 +207,15 @@ was `ou=users`. KeyCape commit `06d20c3` makes the LLDAP OU settings explicit
 in YAML, live `keycape-config` now sets `userOU: ou=people` and
 `groupOU: ou=groups`, and Railiance runs image `main-06d20c3`.
 
+**2026-05-25:** End-to-end OIDC login verification succeeded for
+`platform-root`. The local bootstrap-console callback exchanged the code and
+showed issuer `https://kc.coulomb.social`, audience
+`netkingdom-bootstrap-console`, subject
+`uid=platform-root,ou=people,dc=netkingdom,dc=local`, email
+`bernd.worsch@gmail.com`, and group `net-kingdom-admins`. Local non-secret
+bootstrap progress now records both MFA enrollment confirmation and OIDC login
+verification.
+
 **2026-05-24:** Stepped back from ad hoc secret rollout and added the
 custodian age-key bootstrap model to the control surface. The UI now records
 the custodian public age recipient, a derived fingerprint, and a non-secret