Files
railiance-platform/.custodian-brief.md
tegwick ad47a136f7 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-28:
  - update .custodian-brief.md for railiance-platform
2026-06-28 00:45:16 +02:00

69 lines
3.0 KiB
Markdown

<!-- custodian-brief: generated by fix-consistency — do not edit manually -->
# Custodian Brief — railiance-platform
**Domain:** financials
**Last synced:** 2026-06-27 22:45 UTC
**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
## Active Workstreams
### Credential Change Proposal Review Workflow
Progress: 3/8 done | workstream_id: `4d7ce243-f40a-4249-a46a-a24f75d6fe4c`
**Open tasks:**
- ► T04 - Generate OpenBao apply plans from approved CCRs `1b2e7752`
- ► T05 - Add chat/CLI approval commands `e6d4d2d1`
- ► T07 - Pilot with whynot-design and ops-warden `07a7d8bf`
- · T06 - Build an interactive runbook for apply and verify `3c3fc38c`
- · T08 - Add deactivation, rotation, and compromise flows `23d6ef9d`
### OpenBao Approved Automation Delegation
Progress: 0/5 done | workstream_id: `671898ef-2378-4814-b8f6-066148cdad46`
**Open tasks:**
- ! T05 - Close the whynot-design pilot `18f34c95`
- · T01 - Specify delegated applier policy boundaries `d19fdfc5`
- · T02 - Implement a CCR-aware applier dry-run `2613f40d`
- · T03 - Add non-production applier role first `ff927a19`
- · T04 - Add production metadata applier with human approval gate `414abd65`
### Credential Request and Lease Broker
Progress: 3/10 done | workstream_id: `2731fece-6c49-45b8-ab8a-4ea6c04ac603`
**Open tasks:**
- ! T03 - Configure bounded OpenBao token roles and policies `d8498e3b`
*(wait: OpenBao issuer policy apply denied)*
- ! T04 - Build credential helper MVP `0c543cb3`
*(wait: OpenBao issuer policy apply denied)*
- ! T05 - Implement secure delivery modes `66f3cd6d`
*(wait: OpenBao live delivery verification pending)*
- ! T07 - Add flex-auth preflight authorization and State Hub request metadata `1269bb58`
*(wait: Live flex-auth/OpenBao lifecycle evidence pending)*
- ! T08 - Integrate ops-warden smoke and routing catalog `4571d4c9`
*(wait: External ops-warden routing update and live smoke pending)*
- ! T09 - Verification, audit, and red-team checks `78d1db83`
*(wait: Live OpenBao audit evidence pending)*
- ! T10 - Rollout and migration `44ce4082`
*(wait: Live pilot and external routing rollout pending)*
### Workload KV Access Lanes for ops-warden Fetch
Progress: 3/7 done | workstream_id: `96c8a93d-7a5a-4fa9-8f7b-865119551da3`
**Open tasks:**
- ! T03 - Define and apply auth bindings `a217371a`
*(wait: Whynot bound claim/service account not confirmed)*
- ! T04 - Provision the KV path without exposing the token `c43724a3`
*(wait: NPM_AUTH_TOKEN requires approved operator custody)*
- ! T05 - Verify caller-scoped fetch behavior `dc1f470b`
*(wait: Live policy role and secret not yet provisioned)*
- ! T06 - Coordinate ops-warden catalog activation `8e84ec19`
*(wait: Awaiting ops-warden draft catalog wiring and live verification)*
---
## MCP Orientation (when available)
If the state-hub MCP server is reachable, call:
`get_domain_summary("financials")`
This provides richer cross-domain context.
If the MCP call fails, use this file as your orientation source.