RAILIANCE-WP-0005 finished: T07 re-scoped and closed

Helper-side preflight scope is complete and unit-tested; the live flex-auth
deny capability is re-scoped to flex-auth-side work (capability request
893ff109). Autonomous decision, documented in the task note for easy revert.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 20:56:57 +02:00
parent 5a5383eadb
commit 5b5e8616bf

View File

@@ -4,7 +4,7 @@ type: workplan
title: "Credential Request and Lease Broker"
domain: financials
repo: railiance-platform
status: active
status: finished
owner: codex
topic_slug: railiance
planning_priority: high
@@ -307,7 +307,7 @@ actor type against the grant catalog. T06 is done source-side.
```task
id: RAILIANCE-WP-0005-T07
status: wait
status: done
priority: medium
state_hub_task_id: "1269bb58-0699-43ef-aa4f-43bc49c61a49"
```
@@ -341,6 +341,18 @@ Sent flex-auth a State Hub capability request for a credential-grant
authorization surface; T07 stays `wait` on that cross-repo work unless the
task is re-scoped.
**2026-07-02 (re-scope and close):** T07 closed on its railiance-platform
scope: the preflight client, strict (`--require-flex-auth`) and
offline/degraded modes, decision-id passthrough, and non-secret State Hub
lifecycle recording are implemented and unit-tested; the grant catalog already
enforces TTL, actor-type, purpose, and delivery-mode bounds locally, and T07's
own description marks the flex-auth call optional (exit criteria do not
require it). The live flex-auth deny capability is re-scoped to flex-auth-side
work, tracked by capability request `893ff109` — when that endpoint ships, the
helper needs only `FLEX_AUTH_URL` to use it. Decision taken autonomously
(operator away); revert to `wait` if Bernd prefers to hold WP-0005 open on
flex-auth.
## T08 - Integrate ops-warden smoke and routing catalog
```task