From b86001fe2b0b7d3db9e3f1940f495fc2f5af0374 Mon Sep 17 00:00:00 2001 From: tegwick Date: Thu, 2 Jul 2026 12:56:43 +0200 Subject: [PATCH] =?UTF-8?q?RAILIANCE-WP-0010:=20T04/T05=20done=20=E2=80=94?= =?UTF-8?q?=20value=20provisioned,=20ES=20lane=20live,=20llm-connect=20ver?= =?UTF-8?q?ified?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Fable 5 --- ...lm-connect-openrouter-provider-key-lane.md | 28 +++++++++++++++++-- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/workplans/RAILIANCE-WP-0010-llm-connect-openrouter-provider-key-lane.md b/workplans/RAILIANCE-WP-0010-llm-connect-openrouter-provider-key-lane.md index b74a8ed..ff9f120 100644 --- a/workplans/RAILIANCE-WP-0010-llm-connect-openrouter-provider-key-lane.md +++ b/workplans/RAILIANCE-WP-0010-llm-connect-openrouter-provider-key-lane.md @@ -194,7 +194,7 @@ Acceptance: ```task id: RAILIANCE-WP-0010-T04 -status: wait +status: done priority: high state_hub_task_id: "651f6ec8-b7d6-45e6-9fef-08646ff737c2" ``` @@ -216,7 +216,7 @@ Acceptance: ```task id: RAILIANCE-WP-0010-T05 -status: wait +status: done priority: high state_hub_task_id: "d538cfc0-bf68-4889-a5b3-ed94c1679856" ``` @@ -240,7 +240,7 @@ Acceptance: ```task id: RAILIANCE-WP-0010-T06 -status: wait +status: progress priority: medium state_hub_task_id: "376de3fe-ef9c-4b57-b238-1ba21ac8bb1c" ``` @@ -304,3 +304,25 @@ activity-core-owner); T01 closes on that approval with the does not exist yet — the operator must enter `OPENROUTER_API_KEY` through OpenBao custody. The activity-core namespace also has no ExternalSecret object for this lane yet. ops-warden checkpoint message: `6b058584`. + + +## Progress 2026-07-02 — value provisioned, lane live end-to-end + +- T04 done: the operator entered `OPENROUTER_API_KEY` directly through OpenBao + custody (KV metadata: version 1, created 2026-07-02T10:18Z). The value never + passed through Git, State Hub, chat, or agent hands. +- T05 done: positive — new `ExternalSecret + activity-core/llm-connect-provider-secrets` (ClusterSecretStore + `openbao-activity-core`, creationPolicy Owner) reached `SecretSynced=True` + at 10:54Z, took ownership of the previously manual Secret, and the + llm-connect deployment rolled out cleanly on the OpenBao-delivered value + (pod ready, 0 restarts, /health probes passing). Negative — default-policy + token denied on the KV path (10:08Z probe, audit-logged). Manifest committed + in llm-connect `dfd2ce7` + (`deploy/k8s/activity-core-llm-connect/externalsecret.yaml`). +- T06 progress: activation update sent to ops-warden; `openrouter-llm-connect` + can now leave draft once the catalog confirmation lands. +- Scope note: this closes the CoulombCore lane the CCR describes. The separate + llm-connect instance on the railiance01 k3s cluster still consumes its + bootstrap-provisioned Secret; migrating it is railiance01-cluster work, not + part of CCR-2026-0003.