Skip to content

docs: update PROJECT-STATUS.md#5

Merged
temrjan merged 1 commit into
mainfrom
docs/update-status
May 27, 2026
Merged

docs: update PROJECT-STATUS.md#5
temrjan merged 1 commit into
mainfrom
docs/update-status

Conversation

@temrjan

@temrjan temrjan commented May 27, 2026

Copy link
Copy Markdown
Member

Phase 0 crypto crate completed.

@temrjan temrjan merged commit 5a2435e into main May 27, 2026
@temrjan temrjan deleted the docs/update-status branch May 27, 2026 13:28
temrjan added a commit that referenced this pull request Jun 10, 2026
…view round 1) (#14)

## Summary
Review round 1 findings #8#10 + backlog notes:

- `depends_on`: `service_started` → `service_healthy` across the chain
- gateway healthcheck hits `GET /health` via `/dev/tcp` and requires
`downstream.core == serving`
- mcp healthcheck follows `RUSTOK_MCP_PORT` instead of a hardcoded port
- api key env unified on `RUSTOK_MCP_API_KEY` (gateway reads it natively
in rustok-org/core PR, `MCP_API_KEY` stays as legacy fallback)
- PROJECT-STATUS: backlog entries for deferred review items (#5 gateway
positive tests, #7 cache rejected)

## Type of Change
- [x] fix

## Checklist
- [x] Self-review completed
- [x] Reviewer approved (round 1)
- [x] Documentation updated
temrjan added a commit that referenced this pull request Jun 24, 2026
…on (O2) (#30)

## What & why
Doc-first deliverable of the credential arc (parallel to the UniswapX
vertical; **no code** — O1 implementation stays gated to ~M1). Locks the
**target residence** of Rustok's 6 credentials on proven, standard
patterns, and reconciles the `EXPOSURE-SEAM.md` "Three F5 locks" with
current reality (the **O2** task).

## Changes
**NEW `docs/CREDENTIAL-LADDER.md`** (axis A — where each secret lives):
- Ladder R0→R4 (standing-shared → scoped+expiring → short-lived-minted →
secretless-federation → asymmetric-local+presence), each rung backed by
a proven GitHub/SSH/FIDO2 primitive.
- Per-key table with **Current + Target + 3-valued status**: **#1** → R4
mTLS-at-Caddy-edge **VERIFIED** (server holds the CA only; operator
holds cert+key locally); **#2** → R2 short-lived token (UNVERIFIED +
task); **#3/#4** OFF-LADDER (the safe itself → self-custody epic);
**#5/#6** → R3/R1 (UNVERIFIED + task).
- Locks the consequence that #1 mTLS requires an **operator-local
client** (an arbitrary hosted connector can't present the client cert) +
a dual-run cutover forward-note.
- Frames **O1 as a two-axis trigger-bundle** (mTLS #1 + approval
code-gate + server-side SSE cap limit), **not** a ladder rung.

**EDIT `docs/EXPOSURE-SEAM.md` "Three F5 locks"** (axis B — the O2
reconciliation):
- **lock #1** retracted (sole-owner is wrong-by-design — one shared
gateway Bearer gates all routes).
- **lock #2** statused design-locked-not-yet-live (`request_swap` absent
in `mcp/src`; `sign_message` still a tool with `EXECUTE_TX` → Slice 2c).
- **lock #3** statused done-on-gateway (`core` #71) / MCP enum-drop
pending 2c.
- Closes F6: the orchestrator holds #2 (a service cred); "not on our
server" applies only to #1.

## Honesty gate (merge-DoD)
No rung is VERIFIED without an inline source; everything else is
UNVERIFIED + a named task, or OFF-LADDER. `file:line` claims re-verified
against current code. The two docs cross-link.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant