coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
Files
6f42bf114b4760cac46013a7231586895abe121e
railiance-cluster/workplans/RAILIANCE-WP-0013-activity-core-verifier-evidence-hardening.md
tegwick 6f42bf114b
Some checks are pending
railiance-tests / smoke (push) Waiting to run
Details
Harden activity-core verifier evidence
2026-06-16 08:02:27 +02:00

4.3 KiB
Raw Blame History

id, type, title, domain, repo, status, owner, topic_slug, created, updated, state_hub_workstream_id
id type title domain repo status owner topic_slug created updated state_hub_workstream_id
RAILIANCE-WP-0013 workplan activity-core verifier evidence hardening railiance railiance-cluster finished codex railiance 2026-06-16 2026-06-16 a3abb83a-2d42-40f9-a5f6-1dbc36903436

activity-core verifier evidence hardening

Context

RAILIANCE-WP-0012 moved activity-core live deploy/verify ownership into railiance-cluster and produced State Hub evidence baeeaeac-aa6d-4406-ae64-e54577f21386, with ops_inventory_probe progress 4c82360d-33e7-455b-8ab4-33facd4a3f8e.

A follow-up review found hardening work that matters for routine verifier use: the verifier should prove the State Hub progress event belongs to the specific manual trigger it launched, evidence should include an immutable runtime identity, and local kubectl mode should require an explicit double opt-in.

This is a hardening follow-up only; it does not reopen activity-core ACTIVITY-WP-0007-T06.

Correlate State Hub progress to the manual trigger

id: RAILIANCE-WP-0013-T01
status: done
priority: high
state_hub_task_id: "d013a4a9-77fc-4cf0-babf-528d71acc0a1"

Update tools/cmd/railiance-verify-activity-core so after POST /activity-definitions/<id>/trigger it parses trigger_key, derives the expected activity-core manual run_id, and polls State Hub until it finds ops_inventory_probe where:

  • detail.activity_id == DEFINITION_ID;
  • detail.activity_core_run_id == expected_run_id.

The verifier must not pass on merely any event created after STARTED_AT. Include the expected run id and matched progress id in the evidence note.

2026-06-16: Implemented exact correlation. The verifier now derives the expected UUIDv5 activity_core_run_id from <DEFINITION_ID>:<trigger_key> and requires State Hub ops_inventory_probe detail to match both activity_id and activity_core_run_id.

Record immutable runtime evidence

id: RAILIANCE-WP-0013-T02
status: done
priority: medium
state_hub_task_id: "c5780ec1-9a74-401e-b60e-a0fdf2b7e5d2"

Ensure successful evidence includes either activity_core_revision or an immutable Kubernetes image ID/digest. When the remote repo revision is unavailable, fall back to the live actcore-api pod container imageID.

2026-06-16: Implemented api_image_id capture from the live actcore-api pod container status and added a guard so passed evidence must include either the remote repo revision or the immutable image ID.

Guard explicit local kubectl override

id: RAILIANCE-WP-0013-T03
status: done
priority: medium
state_hub_task_id: "0d60809f-3f1d-4ea9-a96f-af074911acc0"

Keep railiance01/SSH as the default executor. If ACTIVITY_CORE_CLUSTER_HOST=local is selected, require an additional explicit opt-in such as ACTIVITY_CORE_ALLOW_LOCAL_KUBECTL=1 and print the current kubectl context before continuing.

2026-06-16: Implemented the double opt-in. ACTIVITY_CORE_CLUSTER_HOST=local now exits before cluster access unless ACTIVITY_CORE_ALLOW_LOCAL_KUBECTL=1 is also set, and accepted local mode prints the current kubectl context.

Verify and publish hardening evidence

id: RAILIANCE-WP-0013-T04
status: done
priority: medium
state_hub_task_id: "150e4fa3-800c-4997-baaa-da696f5a0fc0"

Run bash -n tools/cmd/railiance-verify-activity-core, run make verify-activity-core against Railiance01, confirm the evidence note matched the manual trigger run id, and post a non-secret State Hub note citing the new evidence.

2026-06-16: Verified with bash -n tools/cmd/railiance-verify-activity-core and a live Railiance01 make verify-activity-core run. The verifier posted State Hub evidence note 60256e9a-9d1b-44db-8999-738cf03bca2e, matched manual run id 90e3b112-d1e3-51af-8fb2-cb61f26add17, matched ops_inventory_probe progress db408146-0310-4ac3-ac77-f73c5a41e070, and included api_image_id sha256:5ff92a8217c450ae06075d00862b6e2a92a83ca09eea18b5a5e96b5d2d728b35.

Done when:

  • the verifier rejects unrelated fresh ops_inventory_probe events;
  • evidence includes a non-null revision or image digest;
  • local kubectl mode requires explicit double opt-in;
  • the Railiance01 verifier run posts a passed evidence note with matched run id;
  • make fix-consistency REPO=railiance-cluster has synced the workplan.
Reference in New Issue View Git Blame Copy Permalink