All 3 KeyCape test packages pass (migration, negative, profile).
DNS resolves for all 4 subdomains; Go 1.22.10 available at ~/go/bin/go.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pod Running with correct image and config. enckey, audit keys, pi-admin,
trigger-admin all created via agent bootstrap (NK-WP-0005).
Remaining: TLS cert + trigger-admin policy via WebUI.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- NK-WP-0003 T08: replace hardcoded /home/worsch/key-cape with
$(git rev-parse --show-toplevel)/../key-cape so acceptance tests
run correctly on any machine
- NK-WP-0005 T04: create .claude/commands/creds-init.md — the
autonomous credential bootstrap skill (reads creds-state.yaml,
resumes from current phase, honours emergency bundle gate)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
NK-WP-0005: mark all tasks done, status → done
NK-WP-0003: T01 marked done (NK-WP-0004/0005 complete); pre-conditions
updated; done criteria reflect agent-bootstrap model (no KeePassXC)
NK-WP-0001: status → deferred; T05-T08 (Keycloak) deferred indefinitely;
superseded_by: NK-WP-0003 added
Active work path is now NK-WP-0003 T02-T09.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
privacyidea/privacyidea:3.12 does not exist on Docker Hub.
Correct image: privacyidea/otpserver:3.12.2 (port 5001).
Updated files:
- deployment.yaml: image, containerPort, probes, service port
- ingress.yaml: backend service port
- netpol-mfa.yaml: ingress port + keycloak → keycape label
- netpol-sso.yaml: KeyCape egress port to privacyIDEA
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
