generated from coulomb/repo-seed
Finish NET-WP-0015 bootstrap handoff
This commit is contained in:
@@ -4,7 +4,7 @@ type: workplan
|
||||
title: "King Credential And OpenBao Identity Bootstrap"
|
||||
domain: netkingdom
|
||||
repo: net-kingdom
|
||||
status: active
|
||||
status: finished
|
||||
owner: codex
|
||||
topic_slug: netkingdom
|
||||
created: "2026-05-24"
|
||||
@@ -447,7 +447,7 @@ disclosed tokens, both keeping OpenBao token values off the local command line.
|
||||
|
||||
```task
|
||||
id: NET-WP-0015-T07
|
||||
status: in_progress
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "aa40cbb4-36d3-405d-b59d-0c21ae8c9539"
|
||||
```
|
||||
@@ -461,11 +461,19 @@ verification, and restore-drill confirmation are recorded. This task remains
|
||||
open for declarative audit configuration/durable audit shipping, residual
|
||||
taint-response closeout, and the next independent escrow holder.
|
||||
|
||||
**2026-06-01:** Closed for the bootstrap handoff scope. The bootstrap plan has
|
||||
confirmed the available recovery/audit/rotation evidence and, more
|
||||
importantly, now has explicit production-readiness follow-up gates:
|
||||
`NET-WP-0017-T02` owns declarative/durable audit, restore evidence,
|
||||
emergency seal/unseal drill evidence, and the next independent escrow holder;
|
||||
`NET-WP-0017-T03` owns residual taint closeout. These items are no longer
|
||||
tracked as unfinished bootstrap ceremony work.
|
||||
|
||||
### T08 - Reset, Rotate, And Reopen Under King Oversight
|
||||
|
||||
```task
|
||||
id: NET-WP-0015-T08
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "e6a60dca-547b-4493-a36c-f6b668d1bf52"
|
||||
```
|
||||
@@ -475,6 +483,26 @@ database credentials, admin passwords, service tokens, OpenBao tokens, and
|
||||
temporary access paths. Run host/workload checks and reopen the platform only
|
||||
after the new custody state is verified.
|
||||
|
||||
**2026-06-01:** Closed as a bootstrap-plan handoff rather than as a claim that
|
||||
all production cleanup is complete. `NET-WP-0017-T03` owns retirement of
|
||||
bootstrap admin paths and residual taint response, `NET-WP-0017-T04` owns
|
||||
bootstrap-era credential rotation/reset plus host/workload checks, and
|
||||
`NET-WP-0017-T07` owns final review and retirement/archive of superseded
|
||||
bootstrap workplans. `NET-WP-0018` will turn those gates into a smoother
|
||||
bootstrap guide, control-surface automation, validations, and rebuild-risk
|
||||
assessment.
|
||||
|
||||
## Closeout
|
||||
|
||||
**2026-06-01:** `NET-WP-0015` is finished. The first safe bridge is in place:
|
||||
the dedicated `platform-root` identity exists outside day-to-day operator use,
|
||||
custody mode is recorded, OpenBao was initialized and configured under the
|
||||
bootstrap ceremony, the initial root token is not the normal admin path, and
|
||||
routine OpenBao administration now works through NetKingdom/KeyCape OIDC with
|
||||
MFA and the `platform-admin` policy. Remaining production-readiness work is
|
||||
explicitly tracked in `NET-WP-0017`; rebuild automation and validation
|
||||
improvements are tracked in `NET-WP-0018`.
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- The setup operator and king credential model are recorded without secret
|
||||
|
||||
@@ -4,7 +4,7 @@ type: workplan
|
||||
title: "Bootstrap Automation And Rebuild Readiness"
|
||||
domain: netkingdom
|
||||
repo: net-kingdom
|
||||
status: ready
|
||||
status: active
|
||||
owner: codex
|
||||
topic_slug: netkingdom
|
||||
created: "2026-06-01"
|
||||
@@ -69,7 +69,7 @@ say which interactions remain genuinely unavoidable.
|
||||
|
||||
```task
|
||||
id: NET-WP-0018-T01
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "7ff22629-838b-41df-9feb-bb36c5d57cc1"
|
||||
```
|
||||
@@ -83,6 +83,14 @@ Done when `NET-WP-0015` is either finished and ready to archive, or its
|
||||
remaining tasks have precise owners, target workplans, and non-duplicative
|
||||
acceptance criteria.
|
||||
|
||||
**2026-06-01:** Completed. `NET-WP-0015` was scope-closed as finished after
|
||||
the OpenBao admin bridge was proven through KeyCape/MFA. Its remaining
|
||||
production-readiness concerns were reconciled into `NET-WP-0017`: T02 owns
|
||||
audit, restore, emergency drill evidence, and escrow; T03/T04 own bootstrap
|
||||
path retirement and credential reset/rotation; T07 owns final archive review.
|
||||
`NET-WP-0018` now continues with architecture documentation, retrospective,
|
||||
guide, UI automation, validations, and rebuild-risk assessment.
|
||||
|
||||
### T02 - Document The Runtime Architecture
|
||||
|
||||
```task
|
||||
|
||||
Reference in New Issue
Block a user