Make the lightweight->expanded decision explicitly capability-driven (not
scale-driven) and capture the turn-key, capability-selectable framework
ambition.
- arch doc: add capability-driven rationale to the identity-mode choice;
add a "Capability Progression (Start Small -> Enterprise)" ladder
(C0 bootstrap -> C6 self-optimizing), including the C2a/C2b 2FA split
(Authelia built-in vs privacyIDEA); answer the lightweight/expanded
open question as capability-driven
- INTENT.md: recast Progressive Expansion as capability-driven with a
no-structural-breaks guarantee; add capability-selection + turn-key
orchestration to the mission and identity
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Refine the recursive platform security architecture to make OpenBao the
canonical runtime secret authority, with SOPS/age, K8s Secrets, and the
emergency bundle reframed as bootstrap/delivery/break-glass mechanisms.
- credential-management standard v0.2: add OpenBao runtime authority
section, rotation rules, and prohibited patterns (OpenBao-as-PDP,
tenant platform-root)
- platform-identity-security-architecture: mark implemented; add
flex-auth/Topaz implications, Coulomb onboarding path, and a
production-readiness checklist
- NK-WP-0004/0005: document bootstrap-to-OpenBao handoff boundary
- NK-WP-0006/0007: status -> done with implementation reviews; add
recursive platform/tenant split and OpenBao broker/audit role for
object-storage STS vending
- NK-WP-0008: status -> done; repoint corpus to infospace-bench
- new ADR-0007 (orchestration boundary), ADR-0008 (STS vending
boundary), and the object-storage STS credential-vending architecture
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
