| capability.security.iam-tooling-suite |
NetKingdom Security/IAM Tooling Suite |
Dynamic, self-optimizing security platform for Kubernetes-deployed IT infrastructure; owns canonical IAM/security standards and executable conformance tooling (IAM profile conformance, playbook capability contract validation, security bootstrap console). |
net-kingdom |
draft |
infotech |
| security |
| iam |
| kubernetes |
| conformance |
|
| discovery |
availability |
| current |
target |
confidence |
rationale |
| D3 |
D5 |
medium |
README plus docs/secrets-engine-security-infrastructure-boundary.md describe an explicit integration boundary with OpenBao, flex-auth, user-engine, ops-warden, ops-bridge, info-tech-canon, and State Hub; canon/standards/ holds versioned standards (iam-profile_v0.2.md, playbook-capability-contract_v0.1.md) that key-cape and other repos implement against. |
|
| current |
target |
confidence |
rationale |
| A2 |
A3 |
medium |
No top-level package manifest, but tools/ holds three real, independently documented and runnable tools: iam-profile-conformance (executable checks, pytest fixtures), playbook-capability-contract (executable validator), and security-bootstrap-console (local console + localhost web UI). |
|
|
| completeness |
reliability |
| level |
confidence |
basis |
satisfied_expectations |
broken_expectations |
out_of_scope_expectations |
| C1 |
low |
scope_vs_intent_and_consumer_expectations |
| versioned canon standards already implemented by a sibling repo (key-cape) |
| three documented, runnable conformance/bootstrap tools under tools/ |
|
|
|
|
| level |
confidence |
basis |
known_reliability_risks |
| R1 |
low |
consumer_quality_signals |
| no top-level packaging; each tool under tools/ has its own runtime dependencies, no unified install path yet |
|
|
|
| intent |
includes |
excludes |
assumptions |
use_cases |
research_memos |
| Own the canonical IAM/security standards for the Coulomb ecosystem and provide executable conformance tooling so implementers (like key-cape) can verify against the standard rather than guessing. |
| canon/standards/ versioned IAM and playbook-capability-contract standards |
| IAM profile conformance checker |
| playbook capability contract validator |
| security bootstrap console (local, non-secret-collecting) |
|
| concrete IAM implementations themselves (see key-cape for lightweight mode) |
| live secret value handling (bootstrap console explicitly refuses live OpenBao initialization) |
|
|
|
|
|
| current_level |
target_level |
current_artifacts |
target_artifacts |
consumption_modes |
| A2 |
A3 |
| tools/iam-profile-conformance |
| tools/playbook-capability-contract |
| tools/security-bootstrap-console |
|
|
|
|
| depends_on |
supports |
related_to |
|
|
|
|
|
| documentation |
tests |
consumer_feedback |
bug_reports |
incidents |
| README.md |
| docs/secrets-engine-security-infrastructure-boundary.md |
| tools/*/README.md |
|
| tools/iam-profile-conformance (pytest fixtures) |
|
|
|
|
|
| recommended_for |
not_recommended_for |
known_limitations |
| implementers needing to verify IAM/security conformance against Coulomb's canonical standards |
|
| needs for a packaged, single-install security suite (currently three separate tools) |
|
| no unified top-level packaging across the three tools |
|
|
|