Follows resolved decisions D4 and D5 (2026-03-01, Tegwick):
D4 — ESO chosen as secret injection strategy. NK-WP-0001 T01 Phase 0b
updated to specify ESO; T01 done-criteria updated to require a working ESO
test injection.
D5 — Local Identity implemented in-repo (not a separate repo). Four
deliverables:
- docs/LocalIdentity.md: capability overview, design principles, user
schema, OIDC provider description, risk mitigations, scope boundaries
- workplans/NK-WP-0002-local-identity.md: four-stage implementation plan
(core file store, bootstrap integration, minimal OIDC, security hardening)
with State Hub task IDs
- NK-WP-0001 updated: D2/D4/D5 rows resolved, T07 bootstrap section now
references NK-WP-0002 and documents the export→Keycloak migration path,
Open Questions condensed to two remaining artefacts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Extend decisions table with D4 (secret injection, pending) and D5
(file-based bootstrap user store, pending with SWOT)
- Add explicit prerequisite block to T02: T01 Phase 0a must complete first
- Update T07: reference EP-NK-001 (LDAP/Entra extension point) by ID
- Condense Open Questions into a reference table pointing to State Hub artefacts
- Ecosystem ADR recommendation recorded as [repo:custodian] task in hub
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Initialises the net-kingdom project structure:
- README.md: updated title and description
- CLAUDE.md: project instructions and State Hub integration config
- wiki/: three reference docs (NetKingdom overview, ChatGPT and Grok
protoplans for the SSO/MFA platform)
- workplans/NK-WP-0001-sso-mfa-platform.md: combined workplan (8 phases,
8 tasks) synthesised from the two protoplans; registered in the
Custodian State Hub (workstream 39263c4b)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
