generated from coulomb/repo-seed
Hand off durable audit fabric to audit-core
This commit is contained in:
@@ -43,8 +43,11 @@ first non-root onboarding dry run must prove the lifecycle model.
|
||||
- OpenBao OIDC auth configuration is applied; MFA-backed OpenBao admin login
|
||||
completed successfully and the resulting token lookup showed the
|
||||
`platform-admin` policy for `platform-root`.
|
||||
- Declarative/durable audit handling, residual taint closeout, cleanup/rotation,
|
||||
and the first ordinary-user onboarding dry run are still pending.
|
||||
- Declarative local OpenBao audit and authenticated audit visibility are
|
||||
complete; enterprise durable tenant-aware audit retention has been split into
|
||||
the standalone `audit-core` product. Residual taint closeout,
|
||||
cleanup/rotation, and the first ordinary-user onboarding dry run are still
|
||||
pending.
|
||||
|
||||
## Tasks
|
||||
|
||||
@@ -132,7 +135,10 @@ state_hub_task_id: "909944bd-843a-4a63-8c87-536cea052a88"
|
||||
Resolve the remaining OpenBao production-trust gates:
|
||||
|
||||
- configure audit declaratively if API-managed audit remains rejected;
|
||||
- confirm where audit logs are durably shipped beyond the audit PVC;
|
||||
- record the interim Audit Core interface used before enterprise durable audit
|
||||
retention is implemented;
|
||||
- hand off durable tenant-aware audit shipping beyond the audit PVC to
|
||||
`audit-core`;
|
||||
- retain non-secret restore-drill evidence and repeat the drill if any
|
||||
material changed;
|
||||
- record emergency seal/unseal drill evidence; and
|
||||
@@ -189,6 +195,21 @@ then revoked with `bao token revoke -self`. T02 remains open for durable audit
|
||||
shipping beyond the audit PVC, restore-drill evidence, emergency seal/unseal
|
||||
drill evidence, and the next independent escrow holder.
|
||||
|
||||
**2026-06-01:** Split enterprise audit retention out of this task and into the
|
||||
new standalone `/home/worsch/audit-core` repo. `audit-core` now has
|
||||
`INTENT.md`, a product requirements definition, and a minimal replaceable mock
|
||||
backend that writes JSONL audit events to
|
||||
`/tmp/audit-core/audit-YYYYMMDDTHH.jsonl` and cleans up files older than seven
|
||||
days. A smoke event for the OpenBao authenticated readiness proof was written
|
||||
through the mock interface, and `audit-core` tests pass. This mock backend is
|
||||
acceptable for bootstrap/development wiring and NetKingdom UI integration, but
|
||||
it is not durable audit custody and must not be presented as enterprise
|
||||
retention. NET-WP-0017-T02 now treats the full tenant-aware durable audit
|
||||
fabric as an `audit-core` follow-up rather than an OpenBao bootstrap subtask.
|
||||
Remaining T02 gates are restore-drill evidence, emergency seal/unseal drill
|
||||
evidence, the next independent escrow holder, and an explicit risk note if
|
||||
ordinary onboarding proceeds before the production Audit Core sink exists.
|
||||
|
||||
### T03 - Close Trial Taint And Retire Bootstrap Admin Paths
|
||||
|
||||
```task
|
||||
|
||||
Reference in New Issue
Block a user