Files
net-kingdom/registry/capabilities/capability.security.iam-tooling-suite.md
tegwick 9767f7230f Draft capability entry (reuse-surface REUSE-WP-0017-T04, cohort 2)
Honest first-pass maturity vector grounded in README/docs/tests present
in this repo; no invented evidence. Flagged for human review before
publish. See reuse-surface history/2026-07-06-coverage-classification.md.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-06 19:41:37 +02:00

5.3 KiB

id, name, summary, owner, status, domain, tags, maturity, external_evidence, discovery, availability, relations, evidence, consumer_guidance, promotion_history
id name summary owner status domain tags maturity external_evidence discovery availability relations evidence consumer_guidance promotion_history
capability.security.iam-tooling-suite NetKingdom Security/IAM Tooling Suite Dynamic, self-optimizing security platform for Kubernetes-deployed IT infrastructure; owns canonical IAM/security standards and executable conformance tooling (IAM profile conformance, playbook capability contract validation, security bootstrap console). net-kingdom draft infotech
security
iam
kubernetes
conformance
discovery availability
current target confidence rationale
D3 D5 medium README plus docs/secrets-engine-security-infrastructure-boundary.md describe an explicit integration boundary with OpenBao, flex-auth, user-engine, ops-warden, ops-bridge, info-tech-canon, and State Hub; canon/standards/ holds versioned standards (iam-profile_v0.2.md, playbook-capability-contract_v0.1.md) that key-cape and other repos implement against.
current target confidence rationale
A2 A3 medium No top-level package manifest, but tools/ holds three real, independently documented and runnable tools: iam-profile-conformance (executable checks, pytest fixtures), playbook-capability-contract (executable validator), and security-bootstrap-console (local console + localhost web UI).
completeness reliability
level confidence basis satisfied_expectations broken_expectations out_of_scope_expectations
C1 low scope_vs_intent_and_consumer_expectations
versioned canon standards already implemented by a sibling repo (key-cape)
three documented, runnable conformance/bootstrap tools under tools/
level confidence basis known_reliability_risks
R1 low consumer_quality_signals
no top-level packaging; each tool under tools/ has its own runtime dependencies, no unified install path yet
intent includes excludes assumptions use_cases research_memos
Own the canonical IAM/security standards for the Coulomb ecosystem and provide executable conformance tooling so implementers (like key-cape) can verify against the standard rather than guessing.
canon/standards/ versioned IAM and playbook-capability-contract standards
IAM profile conformance checker
playbook capability contract validator
security bootstrap console (local, non-secret-collecting)
concrete IAM implementations themselves (see key-cape for lightweight mode)
live secret value handling (bootstrap console explicitly refuses live OpenBao initialization)
current_level target_level current_artifacts target_artifacts consumption_modes
A2 A3
tools/iam-profile-conformance
tools/playbook-capability-contract
tools/security-bootstrap-console
cli
local web ui
depends_on supports related_to
documentation tests consumer_feedback bug_reports incidents
README.md
docs/secrets-engine-security-infrastructure-boundary.md
tools/*/README.md
tools/iam-profile-conformance (pytest fixtures)
recommended_for not_recommended_for known_limitations
implementers needing to verify IAM/security conformance against Coulomb's canonical standards
needs for a packaged, single-install security suite (currently three separate tools)
no unified top-level packaging across the three tools

NetKingdom Security/IAM Tooling Suite

Overview

net-kingdom provides a dynamic, self-optimizing security platform for Kubernetes-deployed infrastructure. It owns the canonical IAM and security standards (implemented by sibling repos like key-cape) and ships three executable conformance/bootstrap tools under tools/: IAM profile conformance checks, a playbook capability contract validator, and a non-secret-collecting security bootstrap console.

Assessment notes

Discovery

README plus docs/secrets-engine-security-infrastructure-boundary.md describe an explicit integration boundary with OpenBao, flex-auth, user-engine, ops-warden, ops-bridge, info-tech-canon, and State Hub; canon/standards/ holds versioned standards (iam-profile_v0.2.md, playbook-capability-contract_v0.1.md) that key-cape and other repos implement against.

Availability

No top-level package manifest, but tools/ holds three real, independently documented and runnable tools: iam-profile-conformance (executable checks, pytest fixtures), playbook-capability-contract (executable validator), and security-bootstrap-console (local console + localhost web UI).

Completeness

First-pass honest assessment from the REUSE-WP-0017 coverage campaign (reuse-surface). No external consumer feedback exists yet; levels reflect scope-vs-intent documentation quality, not internal code quality.

Reliability

No production consumer telemetry exists yet; reliability level is intentionally conservative pending REUSE-WP-0019 reuse-telemetry evidence.

Promotion checklist

  • ID follows capability.<domain>.<name> pattern
  • Maturity enums match specs/CapabilityMaturityStandard.md
  • external_evidence is populated separately from maturity
  • Relations reference valid capability IDs (none yet)
  • Index entry added in registry/indexes/capabilities.yaml