Commit Graph

  • cfd8231849 Add OpenBao admin token action tegwick 2026-05-26 00:23:06 +02:00
  • d0c7ff9f3b Clarify OpenBao rotation flow tegwick 2026-05-26 00:09:19 +02:00
  • 8520ae8d7d Fix OpenBao rotation commands tegwick 2026-05-25 23:56:55 +02:00
  • d39dbe14b8 Add bootstrap stage rail tegwick 2026-05-25 23:36:45 +02:00
  • cd043ca471 Refine bootstrap actions and runbook templates tegwick 2026-05-25 23:10:02 +02:00
  • 20fd300e88 Exploring multi tenancy tegwick 2026-05-25 21:47:40 +02:00
  • 82d69e006f Add OpenBao restore drill actions tegwick 2026-05-25 18:48:23 +02:00
  • e2540529f0 Add OpenBao emergency lockdown runbook tegwick 2026-05-25 18:31:48 +02:00
  • b9bad47a21 Split OpenBao initial config progress tegwick 2026-05-25 15:14:59 +02:00
  • 9afe30f49f Show compromised OpenBao paths as tainted tegwick 2026-05-25 14:57:53 +02:00
  • 907675b4f4 Track OpenBao post-unseal verification tegwick 2026-05-25 14:30:57 +02:00
  • d964cf46a3 Fix OpenBao unseal command card tegwick 2026-05-25 13:54:21 +02:00
  • 7a060a0ee6 Add OpenBao compromise runbooks to bootstrap UI tegwick 2026-05-25 13:38:03 +02:00
  • 976f399342 Refine bootstrap responsibilities and command states tegwick 2026-05-25 13:13:47 +02:00
  • 4982c92fb1 Restructure bootstrap UI around artefact model tegwick 2026-05-25 11:49:51 +02:00
  • 07c98b564a Show OpenBao ceremony as next action tegwick 2026-05-25 10:50:24 +02:00
  • e45dd4f9eb Guide OpenBao custody ceremony order tegwick 2026-05-25 02:02:14 +02:00
  • 83cf2111c1 Clarify bootstrap custody UI flow tegwick 2026-05-25 01:25:47 +02:00
  • 711c451d43 Record platform-root OIDC verification tegwick 2026-05-25 00:46:44 +02:00
  • dc70cd9fab Configure KeyCape LLDAP people OU tegwick 2026-05-25 00:32:43 +02:00
  • 5af876eb8c Enable KeyCape bootstrap MFA mode tegwick 2026-05-25 00:16:05 +02:00
  • 4cc22bec9e Record Railiance KeyCape rollout tegwick 2026-05-24 18:12:41 +02:00
  • d555a33695 bootstrapping guidance ui and missing stuff tegwick 2026-05-24 17:04:15 +02:00
  • 1d0b0e7330 openbao king credential bootstrapping tegwick 2026-05-24 09:26:02 +02:00
  • 7d55cb8bd3 chore(consistency): sync task status from DB [auto] tegwick 2026-05-24 02:10:38 +02:00
  • a9da2c1a88 chore(consistency): sync task status from DB [auto] tegwick 2026-05-24 01:49:24 +02:00
  • 712106f1af chore(consistency): sync task status from DB [auto] tegwick 2026-05-24 01:44:36 +02:00
  • a103efc1d8 chore(consistency): sync task status from DB [auto] tegwick 2026-05-24 01:28:02 +02:00
  • d30ad74e40 chore(consistency): sync task status from DB [auto] tegwick 2026-05-24 01:24:15 +02:00
  • 4b77cc6f8b chore(consistency): sync task status from DB [auto] tegwick 2026-05-24 00:31:23 +02:00
  • 97423c6110 Complete user-engine boundary contracts tegwick 2026-05-22 22:26:36 +02:00
  • 69c57f8af5 chore(consistency): sync task status from DB [auto] tegwick 2026-05-22 21:29:20 +02:00
  • c8e2b142db Split user-engine implementation planning tegwick 2026-05-22 19:50:12 +02:00
  • 6892dfd758 chore(consistency): sync task status from DB [auto] tegwick 2026-05-22 19:45:22 +02:00
  • 28da204cf2 Add user-engine architecture workplans tegwick 2026-05-22 19:28:00 +02:00
  • 6aec040046 chore(consistency): sync task status from DB [auto] tegwick 2026-05-22 19:24:16 +02:00
  • 8e720dd78a Implement NK-WP-0013 playbook capability contract tegwick 2026-05-22 14:49:25 +02:00
  • c3f721397a Implement NK-WP-0012 IAM profile specification tegwick 2026-05-22 14:35:31 +02:00
  • 48cd174b00 Register NK-WP-0013 in State Hub tegwick 2026-05-21 02:43:58 +02:00
  • 09534f6617 Draft NK-WP-0013: Playbook Capability Contract tegwick 2026-05-21 02:41:17 +02:00
  • e852c23f5f Register NK-WP-0012 in State Hub tegwick 2026-05-21 02:25:26 +02:00
  • b29d30ff10 Draft NK-WP-0012: NetKingdom IAM Profile specification tegwick 2026-05-21 02:21:59 +02:00
  • 84e9a56f6c Add responsibility map; link from ADR-0010 tegwick 2026-05-21 02:05:37 +02:00
  • 6973440b3c Add ADR-0010: orchestration vs dependency, self-coherent intent tegwick 2026-05-21 01:26:31 +02:00
  • 88a30e3c0a Add meta-orchestration layer to ADR-0007; deepen NetKingdom INTENT tegwick 2026-05-21 01:00:39 +02:00
  • 1bff863143 Frame NetKingdom as capability-driven turn-key IT-sec framework tegwick 2026-05-21 00:35:12 +02:00
  • 57073af68c Register NK-WP-0011 in State Hub; archive NK-WP-0001 tegwick 2026-05-21 00:07:06 +02:00
  • ab79a32eba Cancel NK-WP-0001-T04; extract Keycloak federation into NK-WP-0011 tegwick 2026-05-20 23:48:51 +02:00
  • 2037df49bc chore(consistency): sync task status from DB [auto] tegwick 2026-05-20 22:52:26 +02:00
  • 7b211acd57 Add OpenBao runtime secret authority; complete NK-WP-0006/0007/0008 tegwick 2026-05-20 22:51:20 +02:00
  • b49631acef Add NK-WP-0010 genesis pattern completion plan tegwick 2026-05-19 07:12:08 +02:00
  • 520bd6cb3d chore(consistency): sync task status from DB [auto] tegwick 2026-05-19 04:20:30 +02:00
  • 4b5679d24f Refresh agent instruction files tegwick 2026-05-18 16:55:46 +02:00
  • 8910aae655 Improved documentation tegwick 2026-05-17 22:36:31 +02:00
  • d4adfa2c1b Add security architecture workplans tegwick 2026-05-17 14:17:55 +02:00
  • e528ea38a5 chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 14:15:02 +02:00
  • 1ad75b7a56 chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 12:24:35 +02:00
  • f37a62ff61 chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 12:24:35 +02:00
  • a826d789ee chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 12:24:35 +02:00
  • 5c21cd7b18 chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 12:24:35 +02:00
  • 81fe5b7381 chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 12:24:35 +02:00
  • 3cffff1d42 chore(consistency): sync task status from DB [auto] tegwick 2026-05-17 12:23:12 +02:00
  • 64a112f70c Document recursive platform security architecture tegwick 2026-05-17 12:18:29 +02:00
  • 88fdb89e7d Formalized repo intent to INTENT.md tegwick 2026-05-03 19:38:55 +02:00
  • fafa3c83d1 chore(consistency): sync task status from DB [auto] tegwick 2026-05-02 17:32:24 +02:00
  • 9009ca6b56 Net Kingdom cluster deployment finished tegwick 2026-05-02 17:28:44 +02:00
  • 576cf0d95b Local Identity OICD bootstrap tegwick 2026-05-02 16:58:44 +02:00
  • d8fea09de7 chore(consistency): sync task status from DB [auto] tegwick 2026-05-01 23:20:21 +02:00
  • f172f50f95 chore(consistency): sync task status from DB [auto] tegwick 2026-05-01 23:05:42 +02:00
  • d13a2b9b39 Scope update from repo-scoping refactor tegwick 2026-05-01 12:28:04 +02:00
  • 69763056fa chore(session): read .custodian-brief.md before MCP call in session init tegwick 2026-03-26 17:48:52 +01:00
  • 4942ee1bba chore(consistency): sync task status from DB [auto] tegwick 2026-03-26 17:47:51 +01:00
  • 8612e6b8a2 Decision for KeyCape Implementation Language Go tegwick 2026-03-26 09:21:17 +01:00
  • c054241a5c feat(t09): backup, break-glass, DR drill — NK-WP-0003-T09 done Bernd Worsch 2026-03-25 23:56:40 +00:00
  • 4c47c9035f chore(workplan): NK-WP-0003 T04+T08 — testuser provisioned, pi-admin TOTP deferred Bernd Worsch 2026-03-25 02:54:11 +00:00
  • 331eeaf378 fix(lldap): fix gql() brace bug + use LDAP for password setting Bernd Worsch 2026-03-25 02:42:15 +00:00
  • 3a76774dec feat(lldap): add --test flag to create-user.sh for auto-derived passwords Bernd Worsch 2026-03-25 02:29:58 +00:00
  • ca69f6bb73 fix(lldap): use env vars in create-user.sh to avoid shell injection Bernd Worsch 2026-03-25 02:27:01 +00:00
  • e802fe3a9d feat(lldap): add create-user.sh for user provisioning Bernd Worsch 2026-03-25 02:14:42 +00:00
  • 35fa3a5767 fix(privacyidea): create pi-admin-all-rights policy in bootstrap-admin.sh Bernd Worsch 2026-03-25 02:11:39 +00:00
  • afbf968c76 fix(privacyidea): bootstrap-realm scope fixes + netpol for PI→LLDAP Bernd Worsch 2026-03-25 02:10:53 +00:00
  • 88bbd585fd fix(privacyidea): rename realm netkingdom → coulomb in bootstrap-realm.sh Bernd Worsch 2026-03-25 02:03:38 +00:00
  • c0e330ee4e fix(privacyidea): disable response signing + raise rate limit to unblock login Bernd Worsch 2026-03-25 01:55:10 +00:00
  • 23e0b43318 fix(netpol): allow Traefik→ACME solver pods; mark T02–T07 done on RAILIANCE01 Bernd Worsch 2026-03-25 00:56:53 +00:00
  • df09dd42f4 feat(close): mark NK-WP-0003 T08/T08a/T08b done — acceptance tests passing tegwick 2026-03-25 11:52:11 +01:00
  • eebaa4fc81 chore(workplan): add T08a (DNS records) and T08b (Go install) tasks Bernd Worsch 2026-03-22 00:40:40 +00:00
  • d1fd73e7ed chore(workplan): NK-WP-0003-T08 blocked — DNS records + Go missing Bernd Worsch 2026-03-22 00:36:56 +00:00
  • c8c6efbc55 chore(workplan): NK-WP-0003-T07 done — KeyCape running Bernd Worsch 2026-03-22 00:32:45 +00:00
  • 880f89bf98 fix(keycape): NK-WP-0003-T07 — fix deployment image + add demo-app client Bernd Worsch 2026-03-22 00:30:58 +00:00
  • d0629e7f20 chore(workplan): NK-WP-0003-T07 blocked — awaiting GHCR image from key-cape Bernd Worsch 2026-03-21 22:24:32 +00:00
  • f2f07871eb fix(sso-mfa): commit T02–T06 fixes and workplan status updates Bernd Worsch 2026-03-21 20:25:03 +00:00
  • a60f4fc834 chore(workplan): NK-WP-0003-T04 done — privacyIDEA deployed and bootstrapped Bernd Worsch 2026-03-21 12:13:52 +00:00
  • 59ba9e6fe1 fix(creds-bootstrap): harden agent bootstrap for non-interactive execution Bernd Worsch 2026-03-21 12:11:13 +00:00
  • 56036cd4be chore(creds): bootstrap complete [agent NK-WP-0005] Bernd Worsch 2026-03-21 12:10:53 +00:00
  • 329f086743 chore(creds): encrypted secrets [agent NK-WP-0005] Bernd Worsch 2026-03-21 12:09:53 +00:00
  • aa0edabb81 chore(creds): encrypted secrets [agent NK-WP-0005] Bernd Worsch 2026-03-21 11:43:02 +00:00
  • 49ded70e4b chore(creds): encrypted secrets [agent NK-WP-0005] Bernd Worsch 2026-03-21 11:37:13 +00:00
  • eb7c21a00c chore(creds): encrypted secrets [agent NK-WP-0005] Bernd Worsch 2026-03-21 11:34:50 +00:00
  • 152c2aac72 chore(creds): encrypted secrets [agent NK-WP-0005] Bernd Worsch 2026-03-21 11:24:38 +00:00
  • daeeb863cb chore(creds): encrypted secrets [agent NK-WP-0005] Bernd Worsch 2026-03-21 11:22:53 +00:00