Mark whynot lane applied pending verification

This commit is contained in:
2026-06-28 12:53:39 +02:00
parent 271aa94642
commit adf865611c
5 changed files with 29 additions and 17 deletions

View File

@@ -30,7 +30,7 @@ Ops-warden batch follow-up:
| KV mount | `platform` |
| OpenBao CLI path | `platform/workloads/coulomb/whynot-design/npm-publish` |
| Secret field | `NPM_AUTH_TOKEN` |
| Front-door readiness | `template`, `resolvable=false` until CCR verification |
| Front-door readiness | `applied-pending-verify`, `resolvable=false` until caller verification |
| Read policy | `workload-kv-read-whynot-design-npm-publish` |
| Policy file | `openbao/policies/workload-kv-read-whynot-design-npm-publish.hcl` |
| OIDC auth mount | `netkingdom` |
@@ -205,6 +205,6 @@ flex-auth ref: secret.read:whynot-design, if tenant policy requires it
runbook: docs/workload-kv-access-lanes.md
```
Until live provisioning and verification are complete, ops-warden should keep
the catalog entry in `template`/`draft` or equivalent non-active state with
Until positive and negative caller verification are complete, ops-warden should
keep the catalog entry in `applied-pending-verify`/non-active state with
`resolvable=false`.