coulomb/phase-memory
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1924f9286c8f603b49efd329e8bb5f149aaea9ff
phase-memory/workplans/PMEM-WP-0014-live-credential-execution-and-managed-deployment-hardening.md

148 lines
4.3 KiB
Markdown
Raw Blame History

---
id: PMEM-WP-0014
type: workplan
title: "Live Credential Execution And Managed Deployment Hardening"
domain: markitect
repo: phase-memory
status: finished
owner: codex
topic_slug: phase-memory
created: "2026-05-19"
updated: "2026-05-19"
state_hub_workstream_id: "312a04cb-124d-41b3-9fc0-292281f420ab"
---
# PMEM-WP-0014: Live Credential Execution And Managed Deployment Hardening
## Goal
Use the credential-gated drill and service packaging created in PMEM-WP-0013 to
exercise real operator environments, harden deployment packaging, and preserve
evaluation trend history.
## Current Evidence
`PMEM-WP-0013` added credential-gated drill helpers, stdlib service packaging,
operator readiness docs, audit retention apply, evaluation trend artifacts, and
release-note discipline. The scorecard now rates the repo at **4.3 / 5**.
## Non-Goals
- Commit credentials, tokens, or live endpoints.
- Make credentialed tests mandatory in default CI.
- Take ownership of Markitect or Kontextual service internals.
## T01 - Run credentialed adapter drills in operator mode
```task
id: PMEM-WP-0014-T01
status: done
priority: high
state_hub_task_id: "1d0eb51c-60ce-47ad-bd91-6ce1ee91f0f8"
```
Exercise the credential-gated smoke drill against real operator-provided
Markitect/Kontextual endpoints.
Acceptance:
- Default suite still skips without credentials.
- Operator run records a redacted report with no tokens.
- Any live incompatibility is captured as explicit diagnostics.
## T02 - Add managed deployment packaging
```task
id: PMEM-WP-0014-T02
status: done
priority: high
state_hub_task_id: "37b03680-fcc4-46c2-9ce2-f6bf1f2ef35b"
```
Add deployment packaging around the stdlib service entrypoint.
Acceptance:
- Health and readiness probes are documented.
- Packaging can be validated without live credentials.
- Rollback and local-store mount expectations are explicit.
## T03 - Persist evaluation trend history
```task
id: PMEM-WP-0014-T03
status: done
priority: medium
state_hub_task_id: "a3260267-bc8f-4f17-abdd-2296ad2c6ed5"
```
Persist evaluation trend artifacts across runs for regression review.
Acceptance:
- Trend history format is deterministic.
- Deltas can be compared across commits or run ids.
- Regression diagnostics remain actionable.
## T04 - Add credentialed telemetry retention drill
```task
id: PMEM-WP-0014-T04
status: done
priority: medium
state_hub_task_id: "b68478ce-90c2-4e21-b621-569cb6925f74"
```
Exercise audit export and retention apply against a credentialed telemetry
adapter or operator-approved fixture.
Acceptance:
- Tokens are never written to artifacts.
- Retention apply records an audit event.
- Pruned and retained operation ids are reviewable.
## T05 - Expand operator troubleshooting matrix
```task
id: PMEM-WP-0014-T05
status: done
priority: medium
state_hub_task_id: "b0974113-debd-4823-929a-761510132c09"
```
Collect expected operator failures and remediations.
Acceptance:
- Matrix covers credentials, readiness, migrations, audit retention, and
adapter manifest failures.
- Each row includes diagnostic code, likely cause, and operator action.
## Acceptance Criteria
- Evidence moves the project toward the 4.7+ scorecard gate.
- Credentialed runs are reproducible but optional.
- Managed deployment packaging is ready for operator review.
## Closure Review
Implemented as a credential-safe operational hardening pass:
- Credentialed drill configs now persist only endpoint/credential fingerprints,
and `credentialed_operator_report` / `write_credentialed_operator_report`
create redacted run artifacts.
- `credentialed_telemetry_retention_drill` exercises retention planning/apply
through the live-shaped telemetry sink or an operator-approved fixture.
- `managed_deployment_manifest` and
`validate_managed_deployment_manifest` define entrypoint, probe, rollback,
replica, and local-store mount expectations without requiring credentials.
- Evaluation trend artifacts can now be persisted into deterministic history
files without duplicate run ids.
- The operator runbook and troubleshooting matrix cover credential,
readiness, migration, retention, and adapter-manifest failures.
No real endpoint credentials or managed platform were available in the default
workspace, so PMEM-WP-0015 should collect the first live credential and managed
deployment pilot evidence.
Reference in New Issue View Git Blame Copy Permalink