coulomb/user-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement identity canon alignment

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-05 16:04:43 +02:00
parent fe446711de
commit c6d211f472
15 changed files with 1008 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
workplans/USER-WP-0007-identity-domain-canon-alignment.md
View File

@@ -4,7 +4,7 @@ type: workplan
title: "Identity Domain Canon Alignment"
domain: netkingdom
repo: user-engine
status: proposed
status: finished
owner: codex
topic_slug: netkingdom
planning_priority: high
@@ -59,7 +59,7 @@ exists for that context?
```task
id: USER-WP-0007-T1
status: todo
status: done
priority: high
state_hub_task_id: "09bf2de5-0dab-4c21-845a-ff7dbde4cbd8"
```
@@ -73,7 +73,7 @@ work.
```task
id: USER-WP-0007-T2
status: todo
status: done
priority: high
state_hub_task_id: "8d10eaf7-12ac-4a7c-bf90-ded6fc59eeb4"
```
@@ -86,7 +86,7 @@ models and service operations to canon concepts and relationships including
```task
id: USER-WP-0007-T3
status: todo
status: done
priority: high
state_hub_task_id: "c3839ae6-5d82-4cfd-819a-79b3bdf6efa6"
```
@@ -98,7 +98,7 @@ without requiring consumers to know IAM provider details.
```task
id: USER-WP-0007-T4
status: todo
status: done
priority: high
state_hub_task_id: "2d29ceec-2d0b-4753-82cc-3fd87a252ba1"
```
@@ -110,7 +110,7 @@ Membership, and Grant or grant-like membership facts.
```task
id: USER-WP-0007-T5
status: todo
status: done
priority: medium
state_hub_task_id: "1ad927a2-eca7-4904-a666-600617cb7519"
```
@@ -122,7 +122,7 @@ audit reference export, policy/control references, and lifecycle task handoff.
```task
id: USER-WP-0007-T6
status: todo
status: done
priority: medium
state_hub_task_id: "cb0dbd53-fb9a-4b84-87d8-e7cc3ce4ab40"
```
@@ -134,7 +134,7 @@ review, approval, exception, remediation, or explicit evidence gaps.
```task
id: USER-WP-0007-T7
status: todo
status: done
priority: medium
state_hub_task_id: "973bf3c5-e407-4441-a2e6-c9c8d5e55135"
```
@@ -146,7 +146,7 @@ tracked work rather than silent scope drift.
```task
id: USER-WP-0007-T8
status: todo
status: done
priority: low
state_hub_task_id: "e6285175-7b71-4a57-9183-dab8274f19a6"
```
@@ -186,3 +186,28 @@ organization responsibilities.
- small-SaaS canon conformance tests
- evidence-gap and lifecycle task examples
- naming decision record
## Implementation Notes
Implemented on 2026-06-05:
- Added `CanonEntityReference` and `CanonRelationshipReference` domain shapes.
- Added `UserEngineService.identity_context(...)` as the first canon-facing
identity-domain read model.
- Added adapter contracts for evidence export, policy/control references, and
lifecycle task handoff.
- Added `docs/canon-interface-card.yaml`, `docs/canon-mapping.md`,
`docs/evidence-gap-examples.md`, and
`docs/identity-domain-naming-decision.md`.
- Updated scope, contracts, NetKingdom integration docs, README, and scenarios.
- Added executable identity-canon alignment tests for distinct user/account/
subject/principal context, service-account projection, small-SaaS tenant
isolation, and claims-enrichment context.
Verification:
```text
make test
Ran 35 tests in 0.175s
OK
```