Updated by fix-consistency on 2026-06-29: - update .custodian-brief.md for railiance-platform
3.6 KiB
3.6 KiB
Custodian Brief — railiance-platform
Domain: financials
Last synced: 2026-06-29 15:19 UTC
State Hub: http://127.0.0.1:8000 (adjust if running on a remote machine)
Active Workstreams
Issue-Core Runtime Ingestion Credential Lane
Progress: 0/7 done | workstream_id: b059c81d-96f1-451f-896f-a05cd73744a1
Open tasks:
- ! T03 - Apply or confirm least-privilege OpenBao metadata
e8566cf4 - ! T04 - Provision values through approved custody
4990fe6a - ! T05 - Verify positive and negative access
65e83572 - ! T06 - Activate ops-warden catalog front door
0d9a02da - ! T07 - Record lifecycle operations
c85d1139 - · T01 - Review CCR scope and field set
64d85288 - · T02 - Confirm Kubernetes auth and External Secrets binding
7f4a8317
llm-connect OpenRouter Provider Key Lane
Progress: 0/7 done | workstream_id: f364d405-a85d-4b89-b600-1964ab436cad
Open tasks:
- ! T03 - Apply or confirm least-privilege OpenBao metadata
42796ef5 - ! T04 - Provision the provider key through approved custody
651f6ec8 - ! T05 - Verify positive and negative access
d538cfc0 - ! T06 - Activate ops-warden catalog front door
376de3fe - ! T07 - Record lifecycle operations
130155a5 - · T01 - Review CCR scope and selector naming
307b75a6 - · T02 - Confirm Kubernetes auth and External Secrets binding
829192f5
Credential Change Proposal Review Workflow
Progress: 3/9 done | workstream_id: 4d7ce243-f40a-4249-a46a-a24f75d6fe4c
Open tasks:
- ► T04 - Generate OpenBao apply plans from approved CCRs
1b2e7752 - ► T05 - Add chat/CLI approval commands
e6d4d2d1 - ► T07 - Pilot with whynot-design and ops-warden
07a7d8bf - · T06 - Build an interactive runbook for apply and verify
3c3fc38c - · T08 - Add deactivation, rotation, and compromise flows
23d6ef9d - · T09 - Add decision templates and guided review actions
c436fd8b
OpenBao Approved Automation Delegation
Progress: 0/5 done | workstream_id: 671898ef-2378-4814-b8f6-066148cdad46
Open tasks:
- ! T05 - Close the whynot-design pilot
18f34c95 - · T01 - Specify delegated applier policy boundaries
d19fdfc5 - · T02 - Implement a CCR-aware applier dry-run
2613f40d - · T03 - Add non-production applier role first
ff927a19 - · T04 - Add production metadata applier with human approval gate
414abd65
Credential Request and Lease Broker
Progress: 3/10 done | workstream_id: 2731fece-6c49-45b8-ab8a-4ea6c04ac603
Open tasks:
- ! T03 - Configure bounded OpenBao token roles and policies
d8498e3b(wait: OpenBao issuer policy apply denied) - ! T04 - Build credential helper MVP
0c543cb3(wait: OpenBao issuer policy apply denied) - ! T05 - Implement secure delivery modes
66f3cd6d(wait: OpenBao live delivery verification pending) - ! T07 - Add flex-auth preflight authorization and State Hub request metadata
1269bb58(wait: Live flex-auth/OpenBao lifecycle evidence pending) - ! T08 - Integrate ops-warden smoke and routing catalog
4571d4c9(wait: External ops-warden routing update and live smoke pending) - ! T09 - Verification, audit, and red-team checks
78d1db83(wait: Live OpenBao audit evidence pending) - ! T10 - Rollout and migration
44ce4082(wait: Live pilot and external routing rollout pending)
MCP Orientation (when available)
If the state-hub MCP server is reachable, call:
get_domain_summary("financials")
This provides richer cross-domain context.
If the MCP call fails, use this file as your orientation source.