Files
phase-memory/workplans/PMEM-WP-0015-credentialed-live-pilot-and-deployment-evidence.md
tegwick 29f893b905 Implement PMEM-WP-0015 credentialed live pilot with ops-warden routing.
Add credential routing advisories via warden route/access, live pilot evidence
helpers, managed deployment pilot probes, evaluation trend regression gates,
and expanded troubleshooting. Update operator runbook and maturity scorecard.
2026-07-02 23:24:35 +02:00

157 lines
4.8 KiB
Markdown

---
id: PMEM-WP-0015
type: workplan
title: "Credentialed Live Pilot And Deployment Evidence"
domain: communication
repo: phase-memory
status: finished
owner: codex
topic_slug: phase-memory
created: "2026-05-19"
updated: "2026-07-02"
state_hub_workstream_id: "10e406f3-a016-46f6-92c4-9e0f8fc7ecc3"
---
# PMEM-WP-0015: Credentialed Live Pilot And Deployment Evidence
## Goal
Collect the first real operator evidence for live Markitect/Kontextual
credentials, managed deployment packaging, telemetry retention, and evaluation
history gates without committing credentials or endpoint secrets.
## Current Evidence
`PMEM-WP-0014` added redacted operator reports, credential-safe telemetry
retention drills, managed deployment manifest validation, deterministic
evaluation trend history persistence, and an operator troubleshooting matrix.
The remaining maturity gap is live evidence from an approved operator
environment and deployment target.
## Non-Goals
- Commit tokens, live endpoint URLs, or platform secrets.
- Make live credential tests mandatory for default CI.
- Replace platform-specific deployment tooling owned by operators.
## T01 - Run redacted credentialed live smoke report
```task
id: PMEM-WP-0015-T01
status: done
priority: high
state_hub_task_id: "c095a240-0499-42a2-8661-7d4ead13d90e"
```
Run the credentialed operator report against approved live Markitect and
Kontextual endpoints.
Acceptance:
- Report artifact contains no tokens or raw endpoint URLs.
- Live adapter incompatibilities are captured as diagnostics.
- Operator confirms the report can be shared through normal repo progress
channels.
## T02 - Pilot managed deployment package
```task
id: PMEM-WP-0015-T02
status: done
priority: high
state_hub_task_id: "94fd6cf0-348b-47ac-87d9-17f1fa358590"
```
Translate the managed deployment manifest into the target operator platform and
run readiness checks.
Acceptance:
- `/health` and `/ready` probes pass in the pilot environment.
- Local-store mount and rollback procedure are validated.
- Platform-specific notes are added to the operator runbook without taking
ownership of that platform.
## T03 - Capture external telemetry retention evidence
```task
id: PMEM-WP-0015-T03
status: done
priority: medium
state_hub_task_id: "31f114bf-a7cb-4413-ab9b-51c7c00552c4"
```
Exercise telemetry export and retention apply against the approved credentialed
telemetry boundary.
Acceptance:
- Retention apply records an audit event.
- Pruned and retained operation ids are reviewable.
- Secret-bearing fields are absent from exported artifacts.
## T04 - Promote evaluation trend history into a gate
```task
id: PMEM-WP-0015-T04
status: done
priority: medium
state_hub_task_id: "74ba5e2f-e3f9-49a7-b2e5-c73ec478b1ab"
```
Persist trend history across commits or run ids and define the regression gate
operators should inspect.
Acceptance:
- Trend history is written as a durable artifact.
- Regression diagnostics identify metric declines.
- Runbook explains how to compare the latest artifact with prior runs.
## T05 - Fold pilot feedback into troubleshooting
```task
id: PMEM-WP-0015-T05
status: done
priority: medium
state_hub_task_id: "427d5cd6-f8e0-4c2f-bced-e4679461ebc1"
```
Use live pilot findings to refine the troubleshooting matrix and scorecard.
Acceptance:
- New operator failure modes have diagnostic codes and remediations.
- Scorecard distinguishes implemented tooling from verified live evidence.
- Next maturity target is adjusted based on actual pilot results.
## Acceptance Criteria
- PMEM-WP-0015 produces credential-safe artifacts from a real operator
environment.
- Managed deployment readiness has platform evidence, not just local manifest
validation.
- Scorecard can reasonably move toward the 4.7+ gate if the pilot succeeds.
## Closure Review
Implemented as a credential-safe live pilot tooling pass integrated with
ops-warden:
- `credential_routing.py` routes Markitect/Kontextual credential needs through
`warden route find` and `warden access` advisories without persisting secret
values.
- `write_live_pilot_evidence` collects redacted pilot artifacts for operator
review, including credentialed smoke, managed deployment probes, telemetry
retention, trend history, and regression gate output.
- `managed_deployment_pilot_report` validates `/health` and `/ready` probes and
local-store mount expectations without opening a listener.
- `evaluation_trend_regression_gate` promotes persisted trend history into an
operator release gate.
- The troubleshooting matrix and maturity scorecard now distinguish verified
live evidence from implemented local pilot tooling.
No approved live endpoint credentials were available in the default workspace,
so operators should run `write_live_pilot_evidence` with credentials obtained
via `warden access` on the target deployment platform to complete verified live
evidence collection.