3527bc1cae
Request groups scope for whynot OIDC role
2026-06-28 13:23:14 +02:00
adf865611c
Mark whynot lane applied pending verification
2026-06-28 12:53:39 +02:00
271aa94642
Record whynot OpenBao lane apply evidence
2026-06-28 12:41:39 +02:00
3ef25cb787
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-28:
- update .custodian-brief.md for railiance-platform
2026-06-28 12:40:16 +02:00
53f3f4ca10
Document OpenBao Browser CLI limits
2026-06-28 09:18:36 +02:00
f630d5135e
Fix OpenBao role payload handoff
2026-06-28 02:33:42 +02:00
e3147b7fd5
Prepare whynot npm token handoff
2026-06-28 01:43:06 +02:00
06f2f4e315
Approve corrected whynot CCR
2026-06-28 01:27:04 +02:00
00fb93544c
Add CCR decision template task
2026-06-28 01:17:41 +02:00
5e0ed95127
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-28:
- update .custodian-brief.md for railiance-platform
2026-06-28 01:16:53 +02:00
6effdb80ca
Link corrected whynot CCR decision
2026-06-28 01:05:43 +02:00
eb24e04b71
Correct whynot credential tenant path
2026-06-28 01:00:12 +02:00
ad47a136f7
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-28:
- update .custodian-brief.md for railiance-platform
2026-06-28 00:45:16 +02:00
82d15cfea2
chore(consistency): renormalize lifecycle state [auto]
...
Updated by fix-consistency on 2026-06-28:
- workplan status: proposed → active
2026-06-28 00:45:12 +02:00
0e3ea30c75
Propose OpenBao automation delegation
2026-06-28 00:44:23 +02:00
f92d07d5a1
Record whynot CCR apply blocker
2026-06-28 00:24:23 +02:00
248bc58b6a
Add credential CCR operator handoff
2026-06-28 00:21:02 +02:00
a27a114491
Approve whynot credential CCR
2026-06-28 00:13:37 +02:00
3706ff703e
Link CCR approval to State Hub decision
2026-06-28 00:00:02 +02:00
52687d8b3e
Confirm whynot credential binding
2026-06-27 23:45:31 +02:00
aee0dcefad
Add credential lane readiness proposals
2026-06-27 23:30:29 +02:00
815b124ab1
Implement credential change request review flow
2026-06-27 22:57:21 +02:00
8c1e64d5e0
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-27:
- update .custodian-brief.md for railiance-platform
2026-06-27 22:55:36 +02:00
85a4278a55
Add credential approval workflow plan
2026-06-27 22:48:24 +02:00
9d42c73833
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-27:
- update .custodian-brief.md for railiance-platform
2026-06-27 22:25:27 +02:00
704ee99218
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-27:
- update .custodian-brief.md for railiance-platform
2026-06-27 21:56:15 +02:00
76c9661db3
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-27:
- update .custodian-brief.md for railiance-platform
2026-06-27 21:35:09 +02:00
673ec46e25
feat: complete credential broker source flow
2026-06-27 00:29:53 +02:00
2268a9375e
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-27:
- update .custodian-brief.md for railiance-platform
2026-06-27 00:28:42 +02:00
752cfd6f00
feat: add credential broker token helper
2026-06-27 00:06:03 +02:00
6e663dfd20
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-26:
- update .custodian-brief.md for railiance-platform
2026-06-26 17:52:42 +02:00
c7393d94ab
feat: add credential grant catalog foundation
2026-06-26 17:49:40 +02:00
693dc71833
Add ESO OpenBao GitOps add-ons
2026-06-25 20:08:36 +02:00
0f0b14001e
chore: finalize ArgoCD workplan and add credential broker plan
2026-06-25 17:49:35 +02:00
c022cb2f83
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-24:
- update .custodian-brief.md for railiance-platform
2026-06-24 18:55:31 +02:00
86eb6ea269
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-24:
- update .custodian-brief.md for railiance-platform
2026-06-24 18:46:33 +02:00
d59704deef
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-24:
- update .custodian-brief.md for railiance-platform
2026-06-24 18:40:26 +02:00
f39180583a
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-24:
- update .custodian-brief.md for railiance-platform
2026-06-24 18:39:35 +02:00
0b384f8485
chore(consistency): sync task status from DB [auto]
...
Updated by fix-consistency on 2026-06-24:
- update .custodian-brief.md for railiance-platform
2026-06-24 15:04:32 +02:00
8e6892f4bf
Normalize agent instructions and workplan frontmatter (STATE-WP-0067)
...
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
2026-06-22 23:16:28 +02:00
6712eed995
Human-review .repo-classification.yaml (CUST-WP-0050 follow-up)
2026-06-22 17:56:17 +02:00
a1dbb26842
Add .repo-classification.yaml (CUST-WP-0050 T11 agent first-pass)
2026-06-22 17:47:42 +02:00
50799938db
fix(openbao-ui): handle OIDC callback without Ember popup flow
...
OpenBao's Ember UI expects OIDC to complete in a popup and postMessage to
window.opener. The standalone KeyCape login uses a full-page redirect, so the
callback now exchanges the authorization code directly, persists the UI token
in localStorage, and redirects into the vault UI. Unauthenticated /ui/ loads
also redirect to the standalone login page to avoid ?with= bounce loops.
2026-06-19 21:18:34 +02:00
520c7ea2c0
fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth
...
Ember's auth route bounces between ?with=netkingdom/ and ?with=token when
OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the
bare auth path with a static login page that calls auth_url directly; OIDC
callbacks still proxy to the OpenBao UI.
2026-06-19 21:13:08 +02:00
ae4d967481
Mark ArgoCD bootstrap T05 done after live cluster apply
...
Record bootstrap evidence on 92.205.130.254 and note issue-core sync is
blocked until the ExternalSecret CRD is installed.
2026-06-19 21:09:36 +02:00
80648a78b7
Stop OpenBao login redirect loop by removing URL rewriting
...
Remove redirect-bootstrap and mount polling that fought Ember's token
fallback. Keep cosmetic overlay and direct KeyCape OIDC on sign-in only.
2026-06-19 21:07:37 +02:00
64d7c18c3f
Add ArgoCD GitOps bootstrap contract for railiance01
...
Define platform-owned AppProjects, root app-of-apps, repository registration
templates, and tenant onboarding docs so issue-core can deploy via ArgoCD.
Ignore encrypted repository secrets locally and cross-link OpenBao delivery
guidance with the new GitOps contract.
2026-06-19 21:05:12 +02:00
cb45f29fb2
Fix OpenBao login falling back to token auth
...
Add synchronous redirect-bootstrap, direct KeyCape OIDC on sign-in, and mount
watching so the UI no longer lands on ?with=token when netkingdom is hidden
from unauthenticated mount listing. Document listing_visibility tune helper.
2026-06-19 21:04:31 +02:00
a6a87ae282
Fix OpenBao login overlay runaway DOM loop and slow loads
...
Replace the MutationObserver feedback loop with bounded, idempotent apply
retries so Firefox no longer hangs on the auth page. Route static UI assets
and API calls around HTML sub_filter injection to keep bundles compressed.
2026-06-19 20:58:44 +02:00
6ddf4e56b4
Add KeyCape login overlay gateway for OpenBao browser UI
...
Streamline bao.coulomb.social login as "Sign in with KeyCape" via a versioned
nginx gateway that injects overlay assets and proxies to OpenBao. Disable chart
ingress in favor of the overlay ingress, wire make openbao-deploy, and add
openbao-verify-login-overlay with upstream drift detection.
2026-06-19 20:28:16 +02:00
