From 88f84ab33a4484599f2d0188ea8b1fe79e69da51 Mon Sep 17 00:00:00 2001 From: tegwick Date: Fri, 5 Jun 2026 16:27:59 +0200 Subject: [PATCH] Close backup handoff task --- SCOPE.md | 3 ++- .../RAILIANCE-WP-0006-railiance-forge-extraction.md | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/SCOPE.md b/SCOPE.md index 10f8f80..d675b47 100644 --- a/SCOPE.md +++ b/SCOPE.md @@ -163,7 +163,8 @@ lessons into reusable S5 app release patterns. the app-side workflow behavior still needs explicit S5 readiness docs. - App-level backup and restore responsibilities need clearer handoff contracts with `railiance-platform`, especially for shared CNPG databases consumed by - S5 apps. + S5 apps. Forge artifact restore and secret-custody evidence is defined in + `/home/worsch/railiance-forge/docs/backup-restore-secret-handoff.md`. --- diff --git a/workplans/RAILIANCE-WP-0006-railiance-forge-extraction.md b/workplans/RAILIANCE-WP-0006-railiance-forge-extraction.md index 832b14c..447b164 100644 --- a/workplans/RAILIANCE-WP-0006-railiance-forge-extraction.md +++ b/workplans/RAILIANCE-WP-0006-railiance-forge-extraction.md @@ -273,7 +273,7 @@ now point at that contract from their scope/intent docs. ```task id: RAILIANCE-WP-0006-T07 -status: todo +status: done priority: high state_hub_task_id: "da8bfbab-4bc3-48f0-9837-acf43fec9f0c" ``` @@ -293,6 +293,14 @@ Cover: Done when the forge repo can state exactly what it owns, what S3 implements, and what evidence consumers can rely on. +Completed 2026-06-05: the detailed handoff contract now lives in +`/home/worsch/railiance-forge/docs/backup-restore-secret-handoff.md`. It +defines forge asset inventory, database/package blob restore gates, +railiance-platform handoffs for CNPG, object storage, OpenBao, and runtime +secret delivery, allowed versus forbidden operator references, SOPS/age +bootstrap boundaries, and how S5 apps cite forge artifact restore evidence +without owning registry credentials or package backup procedures. + --- ## T08 - Add forge observability and operating evidence requirements