Add credential lane readiness proposals

This commit is contained in:
tegwick 2026-06-27 23:30:29 +02:00
parent 815b124ab1
commit aee0dcefad
13 changed files with 425 additions and 25 deletions

View file

@ -119,7 +119,7 @@ Acceptance:
**2026-06-27:** Added `schemas/credential-change-request.schema.yaml`, the
`credential-change-requests/` storage directory, and
`credential-change-requests/CCR-2026-0001-whynot-design-npm-token.yaml` as the
`credential-change-requests/CCR-2026-0001-whynot-design-npm-publish.yaml` as the
first non-secret CCR fixture. The whynot CCR is intentionally `proposed` and
marks the bound claim as unconfirmed, so apply is blocked until review.
@ -148,7 +148,9 @@ Acceptance:
plus Make targets `credential-change-validate` and `credential-change-render`.
Validation rejects secret-looking markers and broad/unsafe request shapes; render
produces the chat/State Hub review summary and highlights unconfirmed bound
claims. Unit coverage lives in `tests/test_credential_change.py`.
claims. CCRs now also carry machine-readable front-door readiness fields:
`access_frontdoor.readiness` and `access_frontdoor.resolvable`. Unit coverage
lives in `tests/test_credential_change.py`.
## T04 - Generate OpenBao apply plans from approved CCRs
@ -201,8 +203,10 @@ Acceptance:
**2026-06-27:** Added file-backed `approve`, `deny`, and `needs-changes`
commands that require reviewer and comment text and append non-secret review
comments to the CCR. Remaining T05 work is State Hub decision-event emission and
tighter chat integration.
comments to the CCR. Added `status` plus Make targets
`credential-change-status` and `credential-change-status-json` so ops-warden can
consume `readiness`/`resolvable` without scraping prose. Remaining T05 work is
State Hub decision-event emission and tighter chat integration.
## T06 - Build an interactive runbook for apply and verify
@ -248,6 +252,14 @@ Acceptance:
can be rendered for review. It remains proposed/unapproved with unconfirmed
bound claims, so live apply and ops-warden activation are correctly blocked.
**2026-06-27:** Converted the ops-warden batch follow-up
`fe5b1696-8956-4bd5-9d6f-dbde1901a076` into three proposed CCRs:
`CCR-2026-0001` for `whynot-design-npm-publish`, `CCR-2026-0002` for
`issue-core-ingestion-api-key`, and `CCR-2026-0003` for
`llm-connect-openrouter-api-key`. All three are explicitly `readiness: template`
and `resolvable: false` until owner confirmation, approval, OpenBao apply,
secret provisioning, and verification are complete.
## T08 - Add deactivation, rotation, and compromise flows
```task