Updated by fix-consistency on 2026-06-29: - update .custodian-brief.md for railiance-platform
81 lines
3.6 KiB
Markdown
81 lines
3.6 KiB
Markdown
<!-- custodian-brief: generated by fix-consistency — do not edit manually -->
|
|
# Custodian Brief — railiance-platform
|
|
|
|
**Domain:** financials
|
|
**Last synced:** 2026-06-29 15:19 UTC
|
|
**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
|
|
|
|
## Active Workstreams
|
|
|
|
### Issue-Core Runtime Ingestion Credential Lane
|
|
Progress: 0/7 done | workstream_id: `b059c81d-96f1-451f-896f-a05cd73744a1`
|
|
|
|
**Open tasks:**
|
|
- ! T03 - Apply or confirm least-privilege OpenBao metadata `e8566cf4`
|
|
- ! T04 - Provision values through approved custody `4990fe6a`
|
|
- ! T05 - Verify positive and negative access `65e83572`
|
|
- ! T06 - Activate ops-warden catalog front door `0d9a02da`
|
|
- ! T07 - Record lifecycle operations `c85d1139`
|
|
- · T01 - Review CCR scope and field set `64d85288`
|
|
- · T02 - Confirm Kubernetes auth and External Secrets binding `7f4a8317`
|
|
|
|
### llm-connect OpenRouter Provider Key Lane
|
|
Progress: 0/7 done | workstream_id: `f364d405-a85d-4b89-b600-1964ab436cad`
|
|
|
|
**Open tasks:**
|
|
- ! T03 - Apply or confirm least-privilege OpenBao metadata `42796ef5`
|
|
- ! T04 - Provision the provider key through approved custody `651f6ec8`
|
|
- ! T05 - Verify positive and negative access `d538cfc0`
|
|
- ! T06 - Activate ops-warden catalog front door `376de3fe`
|
|
- ! T07 - Record lifecycle operations `130155a5`
|
|
- · T01 - Review CCR scope and selector naming `307b75a6`
|
|
- · T02 - Confirm Kubernetes auth and External Secrets binding `829192f5`
|
|
|
|
### Credential Change Proposal Review Workflow
|
|
Progress: 3/9 done | workstream_id: `4d7ce243-f40a-4249-a46a-a24f75d6fe4c`
|
|
|
|
**Open tasks:**
|
|
- ► T04 - Generate OpenBao apply plans from approved CCRs `1b2e7752`
|
|
- ► T05 - Add chat/CLI approval commands `e6d4d2d1`
|
|
- ► T07 - Pilot with whynot-design and ops-warden `07a7d8bf`
|
|
- · T06 - Build an interactive runbook for apply and verify `3c3fc38c`
|
|
- · T08 - Add deactivation, rotation, and compromise flows `23d6ef9d`
|
|
- · T09 - Add decision templates and guided review actions `c436fd8b`
|
|
|
|
### OpenBao Approved Automation Delegation
|
|
Progress: 0/5 done | workstream_id: `671898ef-2378-4814-b8f6-066148cdad46`
|
|
|
|
**Open tasks:**
|
|
- ! T05 - Close the whynot-design pilot `18f34c95`
|
|
- · T01 - Specify delegated applier policy boundaries `d19fdfc5`
|
|
- · T02 - Implement a CCR-aware applier dry-run `2613f40d`
|
|
- · T03 - Add non-production applier role first `ff927a19`
|
|
- · T04 - Add production metadata applier with human approval gate `414abd65`
|
|
|
|
### Credential Request and Lease Broker
|
|
Progress: 3/10 done | workstream_id: `2731fece-6c49-45b8-ab8a-4ea6c04ac603`
|
|
|
|
**Open tasks:**
|
|
- ! T03 - Configure bounded OpenBao token roles and policies `d8498e3b`
|
|
*(wait: OpenBao issuer policy apply denied)*
|
|
- ! T04 - Build credential helper MVP `0c543cb3`
|
|
*(wait: OpenBao issuer policy apply denied)*
|
|
- ! T05 - Implement secure delivery modes `66f3cd6d`
|
|
*(wait: OpenBao live delivery verification pending)*
|
|
- ! T07 - Add flex-auth preflight authorization and State Hub request metadata `1269bb58`
|
|
*(wait: Live flex-auth/OpenBao lifecycle evidence pending)*
|
|
- ! T08 - Integrate ops-warden smoke and routing catalog `4571d4c9`
|
|
*(wait: External ops-warden routing update and live smoke pending)*
|
|
- ! T09 - Verification, audit, and red-team checks `78d1db83`
|
|
*(wait: Live OpenBao audit evidence pending)*
|
|
- ! T10 - Rollout and migration `44ce4082`
|
|
*(wait: Live pilot and external routing rollout pending)*
|
|
|
|
---
|
|
## MCP Orientation (when available)
|
|
|
|
If the state-hub MCP server is reachable, call:
|
|
`get_domain_summary("financials")`
|
|
This provides richer cross-domain context.
|
|
If the MCP call fails, use this file as your orientation source.
|