4.3 KiB
id, type, title, domain, repo, status, owner, topic_slug, created, updated, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | created | updated | state_hub_workstream_id |
|---|---|---|---|---|---|---|---|---|---|---|
| PMEM-WP-0014 | workplan | Live Credential Execution And Managed Deployment Hardening | markitect | phase-memory | finished | codex | phase-memory | 2026-05-19 | 2026-05-19 | 312a04cb-124d-41b3-9fc0-292281f420ab |
PMEM-WP-0014: Live Credential Execution And Managed Deployment Hardening
Goal
Use the credential-gated drill and service packaging created in PMEM-WP-0013 to exercise real operator environments, harden deployment packaging, and preserve evaluation trend history.
Current Evidence
PMEM-WP-0013 added credential-gated drill helpers, stdlib service packaging,
operator readiness docs, audit retention apply, evaluation trend artifacts, and
release-note discipline. The scorecard now rates the repo at 4.3 / 5.
Non-Goals
- Commit credentials, tokens, or live endpoints.
- Make credentialed tests mandatory in default CI.
- Take ownership of Markitect or Kontextual service internals.
T01 - Run credentialed adapter drills in operator mode
id: PMEM-WP-0014-T01
status: done
priority: high
state_hub_task_id: "1d0eb51c-60ce-47ad-bd91-6ce1ee91f0f8"
Exercise the credential-gated smoke drill against real operator-provided Markitect/Kontextual endpoints.
Acceptance:
- Default suite still skips without credentials.
- Operator run records a redacted report with no tokens.
- Any live incompatibility is captured as explicit diagnostics.
T02 - Add managed deployment packaging
id: PMEM-WP-0014-T02
status: done
priority: high
state_hub_task_id: "37b03680-fcc4-46c2-9ce2-f6bf1f2ef35b"
Add deployment packaging around the stdlib service entrypoint.
Acceptance:
- Health and readiness probes are documented.
- Packaging can be validated without live credentials.
- Rollback and local-store mount expectations are explicit.
T03 - Persist evaluation trend history
id: PMEM-WP-0014-T03
status: done
priority: medium
state_hub_task_id: "a3260267-bc8f-4f17-abdd-2296ad2c6ed5"
Persist evaluation trend artifacts across runs for regression review.
Acceptance:
- Trend history format is deterministic.
- Deltas can be compared across commits or run ids.
- Regression diagnostics remain actionable.
T04 - Add credentialed telemetry retention drill
id: PMEM-WP-0014-T04
status: done
priority: medium
state_hub_task_id: "b68478ce-90c2-4e21-b621-569cb6925f74"
Exercise audit export and retention apply against a credentialed telemetry adapter or operator-approved fixture.
Acceptance:
- Tokens are never written to artifacts.
- Retention apply records an audit event.
- Pruned and retained operation ids are reviewable.
T05 - Expand operator troubleshooting matrix
id: PMEM-WP-0014-T05
status: done
priority: medium
state_hub_task_id: "b0974113-debd-4823-929a-761510132c09"
Collect expected operator failures and remediations.
Acceptance:
- Matrix covers credentials, readiness, migrations, audit retention, and adapter manifest failures.
- Each row includes diagnostic code, likely cause, and operator action.
Acceptance Criteria
- Evidence moves the project toward the 4.7+ scorecard gate.
- Credentialed runs are reproducible but optional.
- Managed deployment packaging is ready for operator review.
Closure Review
Implemented as a credential-safe operational hardening pass:
- Credentialed drill configs now persist only endpoint/credential fingerprints,
and
credentialed_operator_report/write_credentialed_operator_reportcreate redacted run artifacts. credentialed_telemetry_retention_drillexercises retention planning/apply through the live-shaped telemetry sink or an operator-approved fixture.managed_deployment_manifestandvalidate_managed_deployment_manifestdefine entrypoint, probe, rollback, replica, and local-store mount expectations without requiring credentials.- Evaluation trend artifacts can now be persisted into deterministic history files without duplicate run ids.
- The operator runbook and troubleshooting matrix cover credential, readiness, migration, retention, and adapter-manifest failures.
No real endpoint credentials or managed platform were available in the default workspace, so PMEM-WP-0015 should collect the first live credential and managed deployment pilot evidence.