coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Link CCR approval to State Hub decision

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-28 00:00:02 +02:00
parent 52687d8b3e
commit 3706ff703e
6 changed files with 173 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/credential-change-approval.md
View File

@@ -153,6 +153,7 @@ scripts/credential-change.py confirm-binding CCR-2026-0001 --reviewer <name> --c
scripts/credential-change.py approve CCR-2026-0001 --reviewer <name> --comment "..."
scripts/credential-change.py deny CCR-2026-0001 --reviewer <name> --comment "..."
scripts/credential-change.py needs-changes CCR-2026-0001 --reviewer <name> --comment "..."
make credential-change-sync-decision CREDENTIAL_CHANGE=CCR-2026-0001
make credential-change-apply-plan CREDENTIAL_CHANGE=CCR-2026-0001
```
@@ -177,6 +178,13 @@ State Hub should not hold secret values. It can be the first review UI because
it already supports messages, progress, task status, and cross-repo
coordination.
For CCR review, create a pending State Hub decision that links to the CCR and
contains only non-secret coordinates. Operators can inspect it in the dashboard
at `http://127.0.0.1:3000/decisions` and resolve it with a rationale beginning
with `APPROVE:`, `DENY:`, or `NEEDS_CHANGES:`. Then run
`make credential-change-sync-decision CREDENTIAL_CHANGE=<CCR>` to copy the
resolved decision back into the CCR file-backed state.
## OpenBao Role
OpenBao remains authoritative for: