CUST-WP-0051: 2026-07-02 review refresh — new credential and deploy lanes

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 10:39:49 +02:00
parent a5fb9d72f1
commit 560f676fb6

View File

@@ -10,7 +10,7 @@ topic_slug: custodian
planning_priority: high
planning_order: 51
created: "2026-06-27"
updated: "2026-06-30"
updated: "2026-07-02"
state_hub_workstream_id: "21cabc98-3f80-4d00-b3b7-06e2ac2af88f"
---
@@ -66,6 +66,33 @@ State Hub hygiene issue:
not all block execution, but they make the operator view noisier and should be
cleared or annotated after the source workplans are reconciled.
## Review Refresh 2026-07-02
Re-reviewed against the live State Hub active-workplan list. Changes since the
2026-06-30 refinements:
- New platform credential lanes registered in `/home/worsch/railiance-platform`
that formalize the T02 custody board into executable workplans:
`RAILIANCE-WP-0005` (credential request and lease broker; T07 wait, T09/T10
progress), `RAILIANCE-WP-0008` (OpenBao approved automation delegation; T03
progress), `RAILIANCE-WP-0009` (issue-core runtime ingestion key lane,
`CCR-2026-0002`; T01/T02 done, T03T07 wait on CCR approval/apply), and
`RAILIANCE-WP-0010` (llm-connect OpenRouter provider key lane,
`CCR-2026-0003`; T01 progress, T03T07 wait).
- New cluster deploy lanes in `/home/worsch/railiance-cluster`:
`RAIL-BS-WP-0008` packaged the ACTIVITY-WP-0016 robustness deploy as
`make deploy-activity-core-triage-robustness` with coupled schema/executor
gating, runtime-Instruction contract checks (top-7 bound, NDJSON framing,
`max_tokens` ≥ 1800), post-deploy triage trigger, and State Hub evidence
polling; `RAIL-BS-WP-0009` packaged the ACTIVITY-WP-0012-T05 no-restart
admin-sync smoke as `make admin-sync-smoke`. Both await live execution on
railiance01 — this is now the single next action for T04.
- The T05 issue-core REST flip remains gated on `RAILIANCE-WP-0009` T03T05
(apply/provision/verify); T01 evidence shows the
`issue-core/issue-core-runtime` ExternalSecret is already `Ready=True` and
synced, so the remaining gap is CCR approval plus non-secret verification,
not missing plumbing.
## Dependency Shape
The critical path is: