Draft capability entry (reuse-surface REUSE-WP-0017-T04, cohort 2)

Honest first-pass maturity vector grounded in README/docs/tests present
in this repo; no invented evidence. Flagged for human review before
publish. See reuse-surface history/2026-07-06-coverage-classification.md.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-06 19:41:37 +02:00
parent d2c7473fb2
commit 9767f7230f
2 changed files with 150 additions and 2 deletions

View File

@@ -0,0 +1,130 @@
---
id: capability.security.iam-tooling-suite
name: NetKingdom Security/IAM Tooling Suite
summary: Dynamic, self-optimizing security platform for Kubernetes-deployed IT infrastructure; owns canonical
IAM/security standards and executable conformance tooling (IAM profile conformance, playbook capability
contract validation, security bootstrap console).
owner: net-kingdom
status: draft
domain: infotech
tags:
- security
- iam
- kubernetes
- conformance
maturity:
discovery:
current: D3
target: D5
confidence: medium
rationale: README plus docs/secrets-engine-security-infrastructure-boundary.md describe an explicit
integration boundary with OpenBao, flex-auth, user-engine, ops-warden, ops-bridge, info-tech-canon,
and State Hub; canon/standards/ holds versioned standards (iam-profile_v0.2.md, playbook-capability-contract_v0.1.md)
that key-cape and other repos implement against.
availability:
current: A2
target: A3
confidence: medium
rationale: 'No top-level package manifest, but tools/ holds three real, independently documented and
runnable tools: iam-profile-conformance (executable checks, pytest fixtures), playbook-capability-contract
(executable validator), and security-bootstrap-console (local console + localhost web UI).'
external_evidence:
completeness:
level: C1
confidence: low
basis: scope_vs_intent_and_consumer_expectations
satisfied_expectations:
- versioned canon standards already implemented by a sibling repo (key-cape)
- three documented, runnable conformance/bootstrap tools under tools/
broken_expectations: []
out_of_scope_expectations: []
reliability:
level: R1
confidence: low
basis: consumer_quality_signals
known_reliability_risks:
- no top-level packaging; each tool under tools/ has its own runtime dependencies, no unified install
path yet
discovery:
intent: Own the canonical IAM/security standards for the Coulomb ecosystem and provide executable conformance
tooling so implementers (like key-cape) can verify against the standard rather than guessing.
includes:
- canon/standards/ versioned IAM and playbook-capability-contract standards
- IAM profile conformance checker
- playbook capability contract validator
- security bootstrap console (local, non-secret-collecting)
excludes:
- concrete IAM implementations themselves (see key-cape for lightweight mode)
- live secret value handling (bootstrap console explicitly refuses live OpenBao initialization)
assumptions: []
use_cases: []
research_memos: []
availability:
current_level: A2
target_level: A3
current_artifacts:
- tools/iam-profile-conformance
- tools/playbook-capability-contract
- tools/security-bootstrap-console
target_artifacts: []
consumption_modes:
- cli
- local web ui
relations:
depends_on: []
supports: []
related_to: []
evidence:
documentation:
- README.md
- docs/secrets-engine-security-infrastructure-boundary.md
- tools/*/README.md
tests:
- tools/iam-profile-conformance (pytest fixtures)
consumer_feedback: []
bug_reports: []
incidents: []
consumer_guidance:
recommended_for:
- implementers needing to verify IAM/security conformance against Coulomb's canonical standards
not_recommended_for:
- needs for a packaged, single-install security suite (currently three separate tools)
known_limitations:
- no unified top-level packaging across the three tools
promotion_history: []
---
# NetKingdom Security/IAM Tooling Suite
## Overview
`net-kingdom` provides a dynamic, self-optimizing security platform for Kubernetes-deployed infrastructure. It owns the canonical IAM and security standards (implemented by sibling repos like `key-cape`) and ships three executable conformance/bootstrap tools under `tools/`: IAM profile conformance checks, a playbook capability contract validator, and a non-secret-collecting security bootstrap console.
## Assessment notes
### Discovery
README plus docs/secrets-engine-security-infrastructure-boundary.md describe an explicit integration boundary with OpenBao, flex-auth, user-engine, ops-warden, ops-bridge, info-tech-canon, and State Hub; canon/standards/ holds versioned standards (iam-profile_v0.2.md, playbook-capability-contract_v0.1.md) that key-cape and other repos implement against.
### Availability
No top-level package manifest, but tools/ holds three real, independently documented and runnable tools: iam-profile-conformance (executable checks, pytest fixtures), playbook-capability-contract (executable validator), and security-bootstrap-console (local console + localhost web UI).
### Completeness
First-pass honest assessment from the REUSE-WP-0017 coverage campaign
(reuse-surface). No external consumer feedback exists yet; levels reflect
scope-vs-intent documentation quality, not internal code quality.
### Reliability
No production consumer telemetry exists yet; reliability level is
intentionally conservative pending REUSE-WP-0019 reuse-telemetry evidence.
## Promotion checklist
- [x] ID follows `capability.<domain>.<name>` pattern
- [x] Maturity enums match `specs/CapabilityMaturityStandard.md`
- [x] `external_evidence` is populated separately from `maturity`
- [ ] Relations reference valid capability IDs (none yet)
- [x] Index entry added in `registry/indexes/capabilities.yaml`

View File

@@ -1,4 +1,22 @@
version: 1
updated: '2026-06-16'
updated: '2026-07-06'
domain: helix_forge
capabilities: []
capabilities:
- id: capability.security.iam-tooling-suite
name: NetKingdom Security/IAM Tooling Suite
summary: Dynamic, self-optimizing security platform for Kubernetes-deployed IT infrastructure; owns
canonical IAM/security standards and executable conformance tooling (IAM profile conformance, playbook
capability contract validation, security bootstrap console).
vector: D3 / A2 / C1 / R1
domain: infotech
status: draft
owner: net-kingdom
path: registry/capabilities/capability.security.iam-tooling-suite.md
tags:
- security
- iam
- kubernetes
- conformance
consumption_modes:
- cli
- local web ui