Files
railiance-platform/.custodian-brief.md
tegwick 481e64c3f4 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-29:
  - update .custodian-brief.md for railiance-platform
2026-06-29 17:19:29 +02:00

81 lines
3.6 KiB
Markdown

<!-- custodian-brief: generated by fix-consistency — do not edit manually -->
# Custodian Brief — railiance-platform
**Domain:** financials
**Last synced:** 2026-06-29 15:19 UTC
**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
## Active Workstreams
### Issue-Core Runtime Ingestion Credential Lane
Progress: 0/7 done | workstream_id: `b059c81d-96f1-451f-896f-a05cd73744a1`
**Open tasks:**
- ! T03 - Apply or confirm least-privilege OpenBao metadata `e8566cf4`
- ! T04 - Provision values through approved custody `4990fe6a`
- ! T05 - Verify positive and negative access `65e83572`
- ! T06 - Activate ops-warden catalog front door `0d9a02da`
- ! T07 - Record lifecycle operations `c85d1139`
- · T01 - Review CCR scope and field set `64d85288`
- · T02 - Confirm Kubernetes auth and External Secrets binding `7f4a8317`
### llm-connect OpenRouter Provider Key Lane
Progress: 0/7 done | workstream_id: `f364d405-a85d-4b89-b600-1964ab436cad`
**Open tasks:**
- ! T03 - Apply or confirm least-privilege OpenBao metadata `42796ef5`
- ! T04 - Provision the provider key through approved custody `651f6ec8`
- ! T05 - Verify positive and negative access `d538cfc0`
- ! T06 - Activate ops-warden catalog front door `376de3fe`
- ! T07 - Record lifecycle operations `130155a5`
- · T01 - Review CCR scope and selector naming `307b75a6`
- · T02 - Confirm Kubernetes auth and External Secrets binding `829192f5`
### Credential Change Proposal Review Workflow
Progress: 3/9 done | workstream_id: `4d7ce243-f40a-4249-a46a-a24f75d6fe4c`
**Open tasks:**
- ► T04 - Generate OpenBao apply plans from approved CCRs `1b2e7752`
- ► T05 - Add chat/CLI approval commands `e6d4d2d1`
- ► T07 - Pilot with whynot-design and ops-warden `07a7d8bf`
- · T06 - Build an interactive runbook for apply and verify `3c3fc38c`
- · T08 - Add deactivation, rotation, and compromise flows `23d6ef9d`
- · T09 - Add decision templates and guided review actions `c436fd8b`
### OpenBao Approved Automation Delegation
Progress: 0/5 done | workstream_id: `671898ef-2378-4814-b8f6-066148cdad46`
**Open tasks:**
- ! T05 - Close the whynot-design pilot `18f34c95`
- · T01 - Specify delegated applier policy boundaries `d19fdfc5`
- · T02 - Implement a CCR-aware applier dry-run `2613f40d`
- · T03 - Add non-production applier role first `ff927a19`
- · T04 - Add production metadata applier with human approval gate `414abd65`
### Credential Request and Lease Broker
Progress: 3/10 done | workstream_id: `2731fece-6c49-45b8-ab8a-4ea6c04ac603`
**Open tasks:**
- ! T03 - Configure bounded OpenBao token roles and policies `d8498e3b`
*(wait: OpenBao issuer policy apply denied)*
- ! T04 - Build credential helper MVP `0c543cb3`
*(wait: OpenBao issuer policy apply denied)*
- ! T05 - Implement secure delivery modes `66f3cd6d`
*(wait: OpenBao live delivery verification pending)*
- ! T07 - Add flex-auth preflight authorization and State Hub request metadata `1269bb58`
*(wait: Live flex-auth/OpenBao lifecycle evidence pending)*
- ! T08 - Integrate ops-warden smoke and routing catalog `4571d4c9`
*(wait: External ops-warden routing update and live smoke pending)*
- ! T09 - Verification, audit, and red-team checks `78d1db83`
*(wait: Live OpenBao audit evidence pending)*
- ! T10 - Rollout and migration `44ce4082`
*(wait: Live pilot and external routing rollout pending)*
---
## MCP Orientation (when available)
If the state-hub MCP server is reachable, call:
`get_domain_summary("financials")`
This provides richer cross-domain context.
If the MCP call fails, use this file as your orientation source.