coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fbfa81fdfacab484a5cefccdd64e9ebd88cf16c
the-custodian/docs/ops-hub-interhub-evidence-lane-status.md

5.9 KiB
Raw Blame History

Ops Hub Inter-Hub Evidence Lane Status

Date: 2026-06-27 Workplan: CUST-WP-0051-T03 Related tasks: CUST-WP-0047-T05, CUST-WP-0049-T06, IHUB-WP-0022-T03/T04/T07

Summary

The evidence lane is partially live but not ready to close.

Production Inter-Hub already exposes the public ops-hub bootstrap surface and has an ops-hub row plus the ops-hub seed vocabulary. The remaining blockers are:

  1. authenticated bootstrap/runtime-key execution is still operator-gated;
  2. protected widget and hub-registry reads cannot be verified without the ops-hub runtime key;
  3. the older IHUB-WP-0022 activity-core mapping contract does not match the currently live ops-hub seed vocabulary.

No secret values were requested, read, printed, or stored during this probe.

Public Probe Evidence

Base URL: https://hub.coulomb.social

Probe Result
GET /api/v2/hubs HTTP 200; contains ops-hub
GET /api/v2/openapi.json HTTP 200; includes /hubs, /hub-capability-manifests, /api-consumers, /policy-scopes
GET /api/v2/widgets HTTP 401, protected as expected
GET /api/v2/hub-registry HTTP 401, protected as expected
GET /api/v2/widget-types HTTP 200; 14 ops widget types visible
GET /api/v2/event-types HTTP 200; 15 ops event types visible
GET /api/v2/annotation-categories HTTP 200; 10 ops annotation categories visible
GET /api/v2/policy-scopes HTTP 200; 7 ops policy scopes visible
GET /api/v2/hub-capability-manifests?hubId=<ops-hub-id> HTTP 401, protected as expected

Observed public ops-hub id: 4f6e4cf7-6a96-4ff2-8a37-08c9f9e405d2.

The existing ops-hub/scripts/interhub-gate-probe.py exits nonzero because it still expects unauthenticated /api/v2/hubs to return 401. The live contract returns 200 for public hub discovery and 401 for protected surfaces such as /api/v2/widgets and /api/v2/hub-registry.

Live Ops Vocabulary

The live public registry matches ops-hub/seeds/ops-hub-manifest.draft.json:

  • widget types: ops-environment, ops-host, ops-cluster, ops-service, ops-service-catalog, ops-endpoint, ops-release, ops-backup-set, ops-secret-set, ops-runbook, ops-incident, ops-readiness-gate, ops-migration-wave, ops-risk;
  • event types: ops-inventory-registered, ops-inventory-updated, ops-service-discovered, ops-health-checked, ops-release-observed, ops-endpoint-verified, ops-backup-verified, ops-restore-tested, ops-runbook-executed, ops-drift-detected, ops-risk-raised, ops-risk-accepted, ops-readiness-gate-updated, ops-migration-gate-passed, ops-migration-gate-failed;
  • policy scopes: ops-local, ops-transitional-prod, ops-production, ops-threephoenix, ops-registry, ops-secrets, ops-backup-retention.

Contract Mismatch

inter-hub/docs/contracts/ops-hub-activity-core-mapping.md and ops-hub-activity-core-event-payloads.md still describe the early activity-core proposal:

Contract name Live seed status Recommended action
ops-service-observed Not in live event registry Rename to ops-service-discovered, or add an explicit alias event in the ops-hub manifest.
ops-endpoint-verified Live Keep.
ops-access-path-checked Not in live event registry; no ops-access-path widget type in seed Either add access-path vocabulary/widgets, or defer access-path submissions and keep State Hub fallback.
ops-backup-verified Live Keep, but map to ops-backup-set widget type.
ops-inventory-drift Not in live event registry Rename to ops-drift-detected, or add an explicit alias event.
ops-evidence policy scope Not in live policy scopes Use an existing ops scope or add ops-evidence to the manifest and activate it.
aggregate refs such as ops:service:aggregate Not in ops-hub/seeds/ops-hub-widgets.seed.json Seed aggregate intake widgets or change mapping to the existing entity/readiness widgets.
widget types such as ops-service-card Not in live widget types Use live widget types like ops-service, ops-endpoint, ops-backup-set, and ops-readiness-gate.

2026-06-27 Contract Alignment

The Inter-Hub contract docs were revised in /home/worsch/inter-hub to target the live ops-hub seed vocabulary:

  • ops-service-observed is now a transition alias for ops-service-discovered.
  • ops-inventory-drift is now a transition alias for ops-drift-detected.
  • ops-access-path-checked is explicitly deferred to State Hub fallback until ops-hub adds access-path vocabulary or a readiness/risk mapping decision.
  • The old ops-evidence policy scope is replaced by declared live scopes such as ops-production, ops-registry, and ops-backup-retention.
  • Payload examples now post only live manifest event types.

This removes the known contract-drift blocker before the attended bootstrap. The remaining gate is authenticated widget lookup, any missing backup/risk seed widget, runtime key custody, and protected event submission smoke.

Current Closure State

CUST-WP-0049-T06 remains wait: the helper and runbook are ready, but an approved authenticated execution lane is still required.

CUST-WP-0047-T05 remains wait: the ops-hub row and vocabulary are visible, but seeded widgets and event acceptance cannot be proven without the protected runtime path.

IHUB-WP-0022-T03/T04/T07 remain gated: before an end-to-end smoke, reconcile the activity-core mapping contract to the live ops-hub seed vocabulary or add the missing aliases/aggregate widgets to the manifest.

Next Pick

  1. Use the aligned live-vocabulary contract for the attended CUST-WP-0049-T06 bootstrap.
  2. Confirm protected widget ids and seed any missing backup/risk target widgets required by the mapping.
  3. Store or confirm OPS_HUB_KEY through OpenBao, then run the protected widget/hub-registry/event smoke.
Reference in New Issue View Git Blame Copy Permalink