feat(NET-WP-0018-T02): Document The Runtime Architecture

- Created docs/NetkingdomRuntimeArchitecture.md (comprehensive, specific-as-deployed):
  - Planes (bootstrap/control/tenant + recursive trust)
  - Identity/MFA/OIDC (lightweight key-cape: LLDAP/Authelia/privacyIDEA + KeyCape https://kc.coulomb.social; clients, claims, groups)
  - Authelia handoff, OpenBao OIDC+secrets path (SOPS/age -> runtime leases/K8s/audit)
  - Bootstrap console/UI state (S6, gates, 0019 dry-run additions, web-ui, evidence)
  - State Hub relation, k8s/DNS/routes/ingress/trust (concrete hosts/ns)
  - Pragmatic audit paths (local-identity TSV, PVC+mock, State Hub/console)
  - UE integration points + 7 gaps (per assessment + boundary contract refs)
  - Operational assumptions + rebuild notes
- Updated NET-WP-0018 workplan: T02 status done + detailed 2026-06-03 completion note
- Used pragmatic tracking throughout (progress events with task_id 121ee797..., file notes, this commit)
- Per T02 spec + Coordination Notes guidance on pragmatic for impl/retrospect

This doc is now the baseline for T03 retrospective/gap matrix (incl. audit), T05 guide, T06/T08 control surface/validations, T09 risk assessment.
This commit is contained in:
2026-06-03 16:27:22 +02:00
parent 6e05946163
commit d09843c17e
2 changed files with 210 additions and 1 deletions

View File

@@ -117,7 +117,7 @@ guide, UI automation, validations, and rebuild-risk assessment.
```task
id: NET-WP-0018-T02
status: todo
status: done
priority: high
state_hub_task_id: "121ee797-e3f5-4d3e-9baa-cfa8c92f8a66"
```
@@ -140,6 +140,10 @@ vs. UE Membership (owning_system etc.), bootstrap local-identity vs. UE local
mode, and the boundary contract as the governance layer. Include refs to
canon/standards/user-engine-boundary-contract_v0.1.md and the assessment.
**2026-06-03:** Started T02. Using pragmatic tracking (this note + will POST /progress/ with task). Gathering deployed components from existing docs, code, and configs to produce specific-as-deployed doc (not idealized). Will cover all listed items + pragmatic audit paths, dry-run 0019 additions, UE integration points/gaps per assessment.
**2026-06-03:** T02 complete. Created docs/NetkingdomRuntimeArchitecture.md (comprehensive sections on planes model, identity stores/MFA/OIDC flows (lightweight key-cape: LLDAP at lldap.coulomb.social + Authelia + privacyIDEA + KeyCape issuer https://kc.coulomb.social with bootstrap clients), Authelia handoff, OpenBao OIDC admin + secrets/credential path (SOPS/age bootstrap -> runtime with K8s auth, ESO, leases), bootstrap console/UI state (S6 Reopen, full gates incl. audit_core_posture, 0019 dry-run orchestrator/console subcmds/make targets/evidence/validators/runbook entry), State Hub relation (progress/decisions for tracking), k8s/DNS/routes/ingress/trust boundaries (sso/openbao ns, recursive rule, concrete hosts), operational assumptions + rebuild notes. Explicitly includes current pragmatic audit paths (local-identity/audit.py TSV, OpenBao PVC+mock, State Hub/console evidence) and UE integration points + 7 gaps (from assessment + contract refs). Specific as-deployed for rebuild guidance. This doc now feeds T03 retrospective, T05 guide, T09 risk, and T02/T08 validation targets.
### T03 - Produce A Bootstrap Retrospective And Automation Gap Matrix
```task