coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
Files
6f42bf114b4760cac46013a7231586895abe121e
railiance-cluster/workplans/RAILIANCE-WP-0013-activity-core-verifier-evidence-hardening.md
tegwick 6f42bf114b
Some checks are pending
railiance-tests / smoke (push) Waiting to run
Details
Harden activity-core verifier evidence
2026-06-16 08:02:27 +02:00

121 lines
4.3 KiB
Markdown
Raw Blame History

---
id: RAILIANCE-WP-0013
type: workplan
title: "activity-core verifier evidence hardening"
domain: railiance
repo: railiance-cluster
status: finished
owner: codex
topic_slug: railiance
created: "2026-06-16"
updated: "2026-06-16"
state_hub_workstream_id: "a3abb83a-2d42-40f9-a5f6-1dbc36903436"
---
# activity-core verifier evidence hardening
## Context
`RAILIANCE-WP-0012` moved activity-core live deploy/verify ownership into
`railiance-cluster` and produced State Hub evidence
`baeeaeac-aa6d-4406-ae64-e54577f21386`, with `ops_inventory_probe` progress
`4c82360d-33e7-455b-8ab4-33facd4a3f8e`.
A follow-up review found hardening work that matters for routine verifier use:
the verifier should prove the State Hub progress event belongs to the specific
manual trigger it launched, evidence should include an immutable runtime
identity, and local `kubectl` mode should require an explicit double opt-in.
This is a hardening follow-up only; it does not reopen activity-core
`ACTIVITY-WP-0007-T06`.
## Correlate State Hub progress to the manual trigger
```task
id: RAILIANCE-WP-0013-T01
status: done
priority: high
state_hub_task_id: "d013a4a9-77fc-4cf0-babf-528d71acc0a1"
```
Update `tools/cmd/railiance-verify-activity-core` so after
`POST /activity-definitions/<id>/trigger` it parses `trigger_key`, derives the
expected activity-core manual `run_id`, and polls State Hub until it finds
`ops_inventory_probe` where:
- `detail.activity_id == DEFINITION_ID`;
- `detail.activity_core_run_id == expected_run_id`.
The verifier must not pass on merely any event created after `STARTED_AT`.
Include the expected run id and matched progress id in the evidence note.
2026-06-16: Implemented exact correlation. The verifier now derives the
expected UUIDv5 `activity_core_run_id` from `<DEFINITION_ID>:<trigger_key>` and
requires State Hub `ops_inventory_probe` detail to match both `activity_id` and
`activity_core_run_id`.
## Record immutable runtime evidence
```task
id: RAILIANCE-WP-0013-T02
status: done
priority: medium
state_hub_task_id: "c5780ec1-9a74-401e-b60e-a0fdf2b7e5d2"
```
Ensure successful evidence includes either `activity_core_revision` or an
immutable Kubernetes image ID/digest. When the remote repo revision is
unavailable, fall back to the live `actcore-api` pod container `imageID`.
2026-06-16: Implemented `api_image_id` capture from the live `actcore-api` pod
container status and added a guard so passed evidence must include either the
remote repo revision or the immutable image ID.
## Guard explicit local kubectl override
```task
id: RAILIANCE-WP-0013-T03
status: done
priority: medium
state_hub_task_id: "0d60809f-3f1d-4ea9-a96f-af074911acc0"
```
Keep `railiance01`/SSH as the default executor. If
`ACTIVITY_CORE_CLUSTER_HOST=local` is selected, require an additional explicit
opt-in such as `ACTIVITY_CORE_ALLOW_LOCAL_KUBECTL=1` and print the current
`kubectl` context before continuing.
2026-06-16: Implemented the double opt-in. `ACTIVITY_CORE_CLUSTER_HOST=local`
now exits before cluster access unless `ACTIVITY_CORE_ALLOW_LOCAL_KUBECTL=1` is
also set, and accepted local mode prints the current `kubectl` context.
## Verify and publish hardening evidence
```task
id: RAILIANCE-WP-0013-T04
status: done
priority: medium
state_hub_task_id: "150e4fa3-800c-4997-baaa-da696f5a0fc0"
```
Run `bash -n tools/cmd/railiance-verify-activity-core`, run
`make verify-activity-core` against Railiance01, confirm the evidence note
matched the manual trigger run id, and post a non-secret State Hub note citing
the new evidence.
2026-06-16: Verified with `bash -n tools/cmd/railiance-verify-activity-core`
and a live Railiance01 `make verify-activity-core` run. The verifier posted
State Hub evidence note `60256e9a-9d1b-44db-8999-738cf03bca2e`, matched manual
run id `90e3b112-d1e3-51af-8fb2-cb61f26add17`, matched
`ops_inventory_probe` progress `db408146-0310-4ac3-ac77-f73c5a41e070`, and
included `api_image_id`
`sha256:5ff92a8217c450ae06075d00862b6e2a92a83ca09eea18b5a5e96b5d2d728b35`.
Done when:
- the verifier rejects unrelated fresh `ops_inventory_probe` events;
- evidence includes a non-null revision or image digest;
- local `kubectl` mode requires explicit double opt-in;
- the Railiance01 verifier run posts a passed evidence note with matched run id;
- `make fix-consistency REPO=railiance-cluster` has synced the workplan.
Reference in New Issue View Git Blame Copy Permalink