Add credential routing, actor patterns, security map, OpenBao SSH checklist, and policy-gated signing design. Update registry and SCOPE; record INTENT↔SCOPE reassessment (C3 completeness).
Add capability.security.ssh-certificate-issuance to the federation index with maturity vector D4/A3/C3/R2 and validated registry metadata.
